Web services based attacks against image CAPTCHAs

David Lorenzi, Jaideep Vaidya, Shamik Sural, Vijayalakshmi Atluri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

CAPTCHAs provide protection from automated robot attacks against online forms and services. Image recognition CAPTCHAs, which require users to perform an image recognition task, have been proposed as a more robust alternative to character recognition CAPTCHAs. However, in recent years, a number of web services that deal with content based image retrieval and analysis have been developed and released for public consumption. These web services can be used in completely unexpected ways to attack image CAPTCHAs. Specifically, in this paper, we consider three specific kinds of web services: 1) Reverse Image Search (RIS), 2) Image Similarity Search (ISS), and 3) Automatic Linguistic Annotation (ALA). We show how the functionality of these image based web services, used in conjunction with regular expressions, keyword ontologies and some statistical analysis/inference, can pose a dangerous attack that easily bypasses the hard AI problem used in challenges for typical image CAPTCHAs. We also discuss effective defensive measures that can be utilized to make CAPTCHAs more resistant to the attack vectors these web services provide.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 9th International Conference, ICISS 2013, Proceedings
Pages214-229
Number of pages16
DOIs
StatePublished - 2013
Event9th International Conference on Information Systems Security, ICISS 2013 - Kolkata, India
Duration: Dec 16 2013Dec 20 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8303 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other9th International Conference on Information Systems Security, ICISS 2013
CountryIndia
CityKolkata
Period12/16/1312/20/13

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Keywords

  • CAPTCHA
  • Web Security
  • Web Services

Fingerprint Dive into the research topics of 'Web services based attacks against image CAPTCHAs'. Together they form a unique fingerprint.

Cite this