广东工业大学学报 ›› 2024, Vol. 41 ›› Issue (03): 81-90.doi: 10.12052/gdutxb.230051
曾嘉琪, 吴焯婷, 吴泽楷, 杨振国, 刘文印
Zeng Jia-qi, Wu Zhuo-ting, Wu Ze-kai, Yang Zhen-guo, Liu Wen-yin
摘要: 文本验证码具有友好和易于理解的特点,被广泛应用于众多互联网应用的安全防御机制中。传统的文本验证码通过将字符扭曲变形或者增加背景噪声来提高安全性,但随着深度学习技术的发展,其安全性难以为继且过度变形的字符会对人类用户识别带来新的难题。为了解决上述问题,本文提出了一种带有随机化策略的扰动优化框架 (Perturbation Optimization Network with Randomization for Text-based CAPTCHAs Generation, PORG),用于生成对人类友好但机器难以破解的文本验证码图像。该框架基于先进的扰动方法设计出扰动生成网络 (Perturbation Generation Network, PGN),构建丰富的图像扰动因子并应用随机化策略生成多样化的验证码图像。现有方法所生成的扰动因子容易破坏验证码图像传递的视觉信息,对人类用户的识别造成负面影响,违背了验证码设计的初衷,因此本文提出了一种扰动优化网络 (Perturbation Optimization Network, PON) 对生成的扰动因子进行优化,通过在图像特征层面上扩展距离并在全局层面上缩小差距,使得所生成的验证码在保持人类友好性的同时有效地对抗攻击者模型。本研究在8个真实世界数据集上进行的大量实验,证明了所提出框架模型的优越性,例如在CNKI数据集上,攻击模型的准确率从90.03%降至0.12%。
中图分类号:
[1] AHN L V, BLUM M, HOPPER N J, et al. CAPTCHA: using hard AI problems for security[C]// 2003 International Conference on the Theory and Application of Cryptographic Techniques (Eurocrypt) . Heidelberg: Springer, 2003: 294-311. [2] JIA X, XIAO J, WU C. TICS: text–image-based semantic CAPTCHA synthesis via multi-condition adversarial learning [J]. The Visual Computer, 2022, 38(3): 963-975. [3] SHI C, JI S, LIU Q, et al. Text CAPTCHA is dead? a large scale deployment and empirical study[C]// LIGATTI J, OU X, KATZ J, et al. 2020 ACM Conference on Computer and Communications Security (CCS) . USA: ACM, 2020: 1391-1406. [4] HOSSEN I, HEI X. aaeCAPTCHA: the design and implementation of audio adversarial CAPTCHA[C]// 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P) . Genoa: IEEE, 2022: 430-447. [5] GAO S, MOHAMED M, SAXENA N, et al. Gaming the game: Defeating a game CAPTCHA with efficient and robust hybrid attacks[C]// 2014 IEEE International Conference on Multimedia and Expo (ICME) . Chengdu: IEEE Computer Society, 2014: 1-6. [6] SHAO R, SHI Z, YI J, et al. Robust text CAPTCHAs using adversarial examples[C]// 2022 IEEE International Conference on Big Data (Big Data) . Osaka: IEEE, 2022: 1495-1504. [7] BURSZTEIN E, MARTIN M, MITCHELL J. Text-based CAPTCHA strengths and weaknesses[C]// 2011 the 18th ACM Conference on Computer and Communications Security (CCS) . Chicago: ACM, 2011: 125-138. [8] 沈言玉, 张三峰, 曹玖新. 一种基于对抗样本的验证码安全性增强方法[J]. 网络空间安全, 2020, 11(8): 81-85. SHEN Y Y, ZHANG S F, CAO J X. A security enhancement method of CAPTCHA based on adversarial samples [J]. Cyberspace Security, 2020, 11(8): 81-85. [9] GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples[EB/OL]. arXiv: 1412.6572(2015-03-20) [2023-01-02]. https://arxiv.org/abs/1412.6572v1. [10] SHI C, XU X, JI S, et al. Adversarial CAPTCHAs [J]. IEEE Transactions on Cybernetics, 2022, 52(7): 6095-6108. [11] KWON H, YOON H, PARK K W. Robust CAPTCHA image generation enhanced with adversarial example methods [J]. IEICE Transactions on Information and Systems, 2020, 103-D(4): 879-882. [12] KURAKIN A, GOODFELLOW I J, BENGIO S. Adversarial examples in the physical world[EB/OL]. arXiv: 1607.02533(2017-02-11) [2023-01-02]. https://arxiv.org/abs/1607.02533v3. [13] PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]// 2016 IEEE European Symposium on Security and Privacy (EuroS&P) . Saarbrucken: IEEE, 2016: 372-387. [14] ZHENG W, WANG W, REN W, et al. A user behavior-based random distribution scheme for adversarial example generated CAPTCHA[C]// 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) . New York: IEEE, 2021: 1215-1221. [15] HUANG Z, XU W, YU K. Bidirectional LSTM-CRF models for sequence tagging[EB/OL]. (2015-08-09) [2023-01-02]. https://arxiv.org/pdf/1508.01991. [16] KAREN S, ANDREW Z. Very deep convolutional networks for large-scale image recognition[EB/OL]. (2015-04-10) [2023-01-02]. https://arxiv.org/pdf/1409.1556. [17] GRAVES A, FERNÁNDEZ S, GOMEZ F, et al. Connectionist temporal classification: labelling unsegmented sequence data with recurrent neural networks[C]// 2006 23rd International Conference on Machine Learning (ICML) . Pittsburgh: ACM, 2006: 369-376. [18] GATYS L A, ECKER A S, BETHGE M. Image style transfer using convolutional neural networks[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Las Vegas: IEEE Computer Society, 2016: 2414-2423. [19] HE K, ZHANG X, REN S, et al. Deep residual learning for image recognition[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Las Vegas: IEEE Computer Society, 2016: 770-778. [20] AKHTAR N, MIAN A. Threat of adversarial attacks on deep learning in computer vision: a survey [J]. IEEE Access, 2018, 6: 14410-14430. [21] MIYATO T, DAI A M, GOODFELLOW I. Adversarial training methods for semi-supervised text classification[EB/OL]. arXiv: 1605.07725(2021-11-16) [2023-01-02]. https://arxiv.org/abs/1605.07725. [22] DONG Y, LIAO F, PANG T, et al. Boosting adversarial attacks with momentum[C]// 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Salt Lake City: IEEE Computer Society, 2018: 9185-9193. |
[1] | 谢惠琼, 凌捷. 插件技术在漏洞分类扫描中的应用[J]. 广东工业大学学报, 2011, 28(1): 8-11. |
[2] | 路璐; 易珺; 林小平; . 数字签名技术在校园网身份认证模型中的应用[J]. 广东工业大学学报, 2005, 22(3): 95-99. |
|