Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming
نویسندگان
چکیده
CAPTCHAs are a widely deployed mechanism to distinguish a legitimate human user from a computerized program trying to abuse online services. Attackers, however, have devised a clever and an economical way to bypass the security provided by CAPTCHAs by simply relaying CAPTCHA challenges to remote human-solvers. Most existing varieties of CAPTCHAs are completely vulnerable to such relay attacks, routinely executed in the wild. Dynamic Cognitive Game (DCG) CAPTCHAs are an upcoming CAPTCHA category which require the user to play a simple moving object matching game. Due to the dynamic and interactive nature of the underlying games, DCG CAPTCHAs may offer resistance to relay attacks. In this paper, we focus on a streaming-based DCG CAPTCHA relay attack whereby the game frames and responses are simply streamed between the attacker and a human-solver. We present a mechanism for detecting such a streaming-enabled game captcha farming based on realtime game statistics, such as play duration, mouse clicks and incorrect drags, fed to machine learning detection algorithms. To demonstrate the feasibility of our detection mechanism, we report on a three-dimensional study measuring: (1) the performance of legitimate DCG CAPTCHA users, (2) the performance of remote human-solvers in a DCG CAPTCHA streaming attack, and (3) the performance of gameplay behavioral features and machine learning classifiers in distinguishing human-solvers in a streaming attack from legitimate users. Our results show that it is possible to detect the streaming-based relay attack against many instances of DCG CAPTCHAs with a high overall accuracy (low false negatives and false positives). Broadly, DCG CAPTCHAs appear to be one of the first CAPTCHA schemes that enable reliable detection of relay attacks.
منابع مشابه
Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability
Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, little-studied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas – called Dynamic Cognitive Game (DCG) captchas – challenge the user to perform a game-like cognitive task interacting with a series of dynamic image...
متن کاملOn the security and usability of dynamic cognitive game CAPTCHAs
Existing CAPTCHA solutions are a major source of user frustration on the Internet today, frequently forcing companies to lose customers and business. Game CAPTCHAs are a promising approach which may make CAPTCHA solving a fun activity for the user. One category of such CAPTCHAs – called Dynamic Cognitive Game (DCG) CAPTCHA – challenges the user to perform a game-like cognitive (or recognition) ...
متن کاملSEIMCHA: a new semantic image CAPTCHA using geometric transformations
As protection of web applications are getting more and more important every day, CAPTCHAs are facing booming attention both by users and designers. Nowadays, it is well accepted that using visual concepts enhance security and usability of CAPTCHAs. There exist few major different ideas for designing image CAPTCHAs. Some methods apply a set of modifications such as rotations to the original imag...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملTowards the Personalization of CAPTCHA Mechanisms Based on Individual Differences in Cognitive Processing
This paper studies the effect of individual differences on user performance related to text-recognition CAPTCHA challenges. In particular, a text-recognition CAPTCHA mechanism was deployed in a three-month user study to investigate the effect of individuals’ different cognitive processing abilities, targeting on speed of processing, controlled attention and working memory capacity toward effici...
متن کامل