Proposal

Breaking CAPTCHA

CS-134 Project Proposal

Robin Chhetri and Radhika Bhasin

INTRODUCTION

A CAPTCHA, or the Completely Automated Public Turing test to tell Computers and Humans Apart, is defined as a program that can create and grade tests that most humans can pass, but computers cannot[2] . CAPTCHAs are widely used by websites to distinguish between bots and human users. Captchas present a user with a simple test such as matching characters or digits with what they type or hear from the website. The image or sound is usually distorted to make it difficult for a machine to perform the test. When successful, Captchas can prevent a wide variety of abuses, such as invalid account creation and spam comments on blogs and forums. Captchas are intended to be easy for humans but not so easy for machines.

MOTIVATION

By studying the necessary skills required to break CAPTCHAs, we can better understand how to build stronger CAPTCHAs in the future. Our goal is to use machine learning techniques to interpret or read text from CAPTCHA images. From the time Louis von Ahn et al. [3] proposed CAPTCHAs, there has been a cat and mouse game between those who want to break CAPTCHAs and those who want to create better CAPTCHAs. Recent CAPTCHAs include non-dictionary words, complex words, images, and sounds. There are many research groups [4] working in either defeating or strengthening CAPTCHAs. We will first implement the method proposed by Mori et al. [8] After that, we will modify his method by using probabilistic models. We will be investigating Relevance Vector Machines (RVM), which is a Bayesian Learning method, as the classifier to interpret Captchas. We will also search for other methods including SVM and HMM to improve on their output.

METHOD

We will build a training set of images of characters, and use canny edge detection to get edges of the characters. This creates a outline of the CAPTHCA image.Each of the characters in the alphabet will be represented by shape context descriptors.We will determine the candidate location based on the method proposed by Mori et al. [8] using voting methods and we will be using RVM as the classification method. At last, the final word is determined by combining the guesses for each of the character in test image.

DATA SETS

We will be using Captchas data set from below resources:

Data set from CMU Prof. Carlos Guestrin [5]
Data set generated by JCaptcha [6]: The CAPTCHAs are generated using JCaptcha, an open-source CAPTCHA generation framework written in Java.

PROJECT PLAN

Use shape feature descriptor to get training data (shape descriptors of 26 alphabets)
Implement the method proposed by Mori et al. [8]
Write Milestone Report/Presentation
Implement the RVM classifier
Learn the classifier
Test the classifier on test data
Analyze results and performance
Write Final report/Poster

RELATED WORK

Moy et al [9] developed distortion estimation techniques to break EZ-Gimpy with a success rate of 99% and 4-letter Gimpy-r with a success rate of 78%.
Yan et al. [10] used vertical segmentation and snake segmentation to break a number of visual CAPTCHAs taken from the web (including those used in Yahoo and Google/Gmail).However, their success rates were low, ranging from merely 4.89% to 66.2%.
Yan et al. [11] again proposed a low-cost character segmentation based approach to break Microsoft CAPTCHAs.

References:

[1] Title image, http://www.e-ignite.co.uk/blog/wp-content/uploads/2008/03/captcha_banner.jpg

[2]Von Ahn, L., Blum M., and Langford J.. Telling Humans and Computers Apart (Automatically). CMU Tech Report CMUCS, 2002

[3] Von Ahn, L. and Blum, M. and Hopper, N. and Langford. J., CAPTCHA: Using Hard AI Problems for Security. Advances in Cryptology, 2003

[4] http://www.captcha.net/

[5] http://www.cs.cmu.edu/~guestrin/Class/10701/projects.html#image

[6] http://jcaptcha.sourceforge.net/

[7] Chellapilla, K. and Simard, P., Using Machine Learning to Break Visual Human Interaction Proofs (HIPs), Advances in Neural Information Processing Systems, 2004

[8] Mori, G. and Malik, J., Recognizing Objects in Adversarial Clutter: Breaking a visual CAPTCHA, In Proceedings: IEEE Computer Society Conference on Computer Vision and Pattern Recognition,2003

[9] Moy, G. and Jones, N. and Harkless, C. and Potter, R., Distortion estimation techniques in solving visual CAPTCHAs,Computer Vision and Pattern Recognition, 2004

[10] Yan, J. and El Ahmad, A.S., Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms, In Proceedings: Computer Security Applications Conference, pages 279-291, 2007

[11] Yan, J. and El Ahmad, A.S., A Low-cost Attack on a Microsoft CAPTCHA, In Proceedings: ACM Conference on Computer and Communications Security,pages 543-554, 2008