Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach

Moses O. Omoyele*, Joseph A. Ojeniyi**, Olawale S. Adebayo***
* Research Scholar, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.
**-*** Lecturer, Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.
Periodicity:September - November'2018
DOI : https://doi.org/10.26634/jcom.6.3.15699

Abstract

CAPTCHA is a piece of program designed to distinguish human beings from bots. These are computer generated tests which can be solved by humans but will be difficult to be solved by computers. Bots smuggled CAPTCHAs are gradually on the increase in order to deceive unsuspecting users and inadvertently infect systems. From the available literature reviewed so far, there is no model to detect or predict CAPTCHA smuggling attack. The aim of this work is to come up with a model capable of predicting this attack. The approach used was based on deep supervised neural network approach. In order to achieve the aim, framework based on hyperparameter specification was developed. The model was evaluated on the available CAPTCHA smuggling dataset. The accuracy of prediction achieved in this work is 77.89% at consistency of 0.1543. The sensitivity and specificity of the model are 78.11% and 78.2%, respectively.

Keywords

captcha; captcha smuggling; deep learning model

How to Cite this Article?

Omoyele, M., Ojeniyi, J. A., Adebayo, O. S.(2018) Development of a Predictive Model for the Detection of CAPTCHA Smuggling Attacks Using Supervised Deep Learning based Approach, ,i-manager's Journal on Computer Science 6(3),42-49. https://doi.org/10.26634/jcom.6.3.15699

References

[1]. Alsuhibany, S. A. (2016). A benchmark for designing usable and secure text-based captchas. International Journal of Network Security & Its Applications, 8(4), 41-54.
[2]. Bilge, L., Strufe, T., Balzarotti, D., & Kirda, E. (2009, April). All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th International Conference on World Wide Web (pp. 551-560). ACM.
[3]. Chen, J., Luo, X., Guo, Y., Zhang, Y., & Gong, D. (2017). A Survey on Breaking Technique of Text-Based CAPTCHA. Security and Communication Networks, 2017, 1-15.
[4]. Chew, M., & Tygar, J. D. (2004, September). Image recognition CAPTCHAs. In International Conference on Information Security (pp. 268-279). Springer, Berlin, Heidelberg.
[5]. Chilluru, M., Naick, B. R., & Nirupama, P. (2015). Captcha based Password Authentication-A New Security Scheme. International Journal of Computer Science and Information Technologies, 6(4), 3514-3522.
[6]. Chow, R., Golle, P., Jakobsson, M., Wang, L., & Wang, X. (2008, February). Making captchas clickable. In Proceedings of the 9th Workshop on Mobile Computing Systems and Applications (pp. 91-94). ACM.
[7]. Egele, M., Bilge, L., Kirda, E., & Kruegel, C. (2010, March). Captcha smuggling: hijacking web browsing sessions to create captcha farms. In Proceedings of the 2010 ACM Symposium on Applied Computing (pp. 1865- 1870). ACM.
[8]. Gupta, S., & Garg, R. (2015). Taxonomy of tools and techniques for network monitoring and quality assurance in 3G networks. International Journal of Computer Applications, 120 (21), 34-41.
[9]. Hernández-Castro, C. J., R-Moreno, M. D., Barrero, D. F., & Gibson, S. (2017). Using machine learning to identify common flaws in CAPTCHA design: FunCAPTCHA case analysis. Computers & Security, 70, 744-756.
[10]. Nguyen, V. D., Chow, Y. W., & Susilo, W. (2014, May). A CAPTCHA scheme based on the identification of character locations. In International Conference on Information Security Practice and Experience (pp. 60- 74). Springer, Cham.
[11]. Sharma, S., & Seth, N. (2015). Survey of Text CAPTCHA Techniques and Attacks. International Journal of Engineering Trends and Technology (IJETT), 22(6), 240- 245.
[12]. Sivakorn, S., Polakis, I., & Keromytis, A. D. (2016a). I am robot: (deep) learning to break semantic image captchas. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on (pp. 388-403). IEEE.
[13]. Sivakorn, S., Polakis, J., & Keromytis, A. D. (2016b). I'm not a human: Breaking the Google reCAPTCHA. Black Hat. Retrieved from https://www.blackhat.com/docs/ asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human- Breaking-the-Google-reCAPTCHA-wp.pdf
[14]. Uzun, E., Chung, S. P. H., Essa, I., & Lee, W. (2018). rtCaptcha: A real-time CAPTCHA based liveness detection system. In Proceedings NDSS 2018: Network and Distributed System Security Symposium (pp. 1-15).
[15]. Von Ahn, L., Blum, M., & Langford, J. (2004). Telling humans and computers apart automatically. Communications of the ACM, 47(2), 56-60.
[16]. Von Ahn, L., Blum, M., Hopper, N. J., & Langford, J. (2003, May). CAPTCHA: Using hard AI problems for security. In International Conference on the Theory and Applications of Cryptographic Techniques (pp. 294-311). Springer, Berlin, Heidelberg.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.