广东工业大学学报 ›› 2024, Vol. 41 ›› Issue (03): 81-90.doi: 10.12052/gdutxb.230051

• 计算机科学与技术 • 上一篇    下一篇

用于文本验证码生成的随机扰动优化网络

曾嘉琪, 吴焯婷, 吴泽楷, 杨振国, 刘文印   

  1. 广东工业大学 计算机学院, 广东 广州 510006
  • 收稿日期:2023-04-10 出版日期:2024-05-25 发布日期:2024-06-14
  • 通信作者: 杨振国(1988-),男,副教授,博士,主要研究方向为多模态机器学习、深度学习等,E-mail:yzg@gdut.edu.cn;刘文印(1966-),男,教授,博士,博士生导师,主要研究方向为计算机视觉、网络身份安全等,E-mail:liuwy@gdut.edu.cn
  • 作者简介:曾嘉琪(1998-),女,硕士研究生,主要研究方向为图像生成和信息安全,E-mail:397494879@qq.com
  • 基金资助:
    国家自然科学基金资助项目(91748107, 61902077);广东省引进创新科研团队计划项目(2014ZT05G157);广东省基础与应用基础研究基金资助项目(2020A1515010616);广东省科技创新战略专项资金资助项目(pdjh2020a0173);广州市科技计划项目(202102020524)

Perturbation Optimization Network with Randomization for Text-based CAPTCHAs Generation

Zeng Jia-qi, Wu Zhuo-ting, Wu Ze-kai, Yang Zhen-guo, Liu Wen-yin   

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China
  • Received:2023-04-10 Online:2024-05-25 Published:2024-06-14

摘要: 文本验证码具有友好和易于理解的特点,被广泛应用于众多互联网应用的安全防御机制中。传统的文本验证码通过将字符扭曲变形或者增加背景噪声来提高安全性,但随着深度学习技术的发展,其安全性难以为继且过度变形的字符会对人类用户识别带来新的难题。为了解决上述问题,本文提出了一种带有随机化策略的扰动优化框架 (Perturbation Optimization Network with Randomization for Text-based CAPTCHAs Generation, PORG),用于生成对人类友好但机器难以破解的文本验证码图像。该框架基于先进的扰动方法设计出扰动生成网络 (Perturbation Generation Network, PGN),构建丰富的图像扰动因子并应用随机化策略生成多样化的验证码图像。现有方法所生成的扰动因子容易破坏验证码图像传递的视觉信息,对人类用户的识别造成负面影响,违背了验证码设计的初衷,因此本文提出了一种扰动优化网络 (Perturbation Optimization Network, PON) 对生成的扰动因子进行优化,通过在图像特征层面上扩展距离并在全局层面上缩小差距,使得所生成的验证码在保持人类友好性的同时有效地对抗攻击者模型。本研究在8个真实世界数据集上进行的大量实验,证明了所提出框架模型的优越性,例如在CNKI数据集上,攻击模型的准确率从90.03%降至0.12%。

关键词: 文本类验证码, 验证码生成, 扰动优化, 信息安全, 图像加密

Abstract: Text-based CAPTCHAs are friendly and easy to understand, which have been widely used in the security defense mechanism of many Internet applications. Traditional text-based CAPTCHAs improve security by distorting characters or adding background noise. With the development of deep learning, its security is threatened and over-deformed characters will bring new problems to human. To address this, this paper designs a perturbation optimization framework with randomization strategy for text-based CAPTCHAs generation (denoted as PORG), which is friendly for human but difficult for machines. Specifically, the proposed PORG devises a perturbation generation network (PGN) based on current advanced and stable perturbation methods to construct multiple perturbation factors and applies a randomization strategy to generate diverse perturbed images. In particular, the perturbation factors generated by existing methods destroy the visual information conveyed by the CAPTCHA images. To this end, a perturbation optimization network (PON) is designed to control the introduced perturbation factors by extending the distance at feature-level and narrowing the gap at global-level, which makes the generated CAPTCHAs remain human-friendly while effectively treating the attacker model. Extensive experiments conducted on eight real-world datasets show the outperformance of the proposed PORG (e.g., attack accuracy is dropped from 90.03% to 0.12% on the CNKI dataset).

Key words: text-based CAPTCHAs, CAPTCHAs generation, perturbation optimization, information security, image encryption

中图分类号: 

  • TP391.2
[1] AHN L V, BLUM M, HOPPER N J, et al. CAPTCHA: using hard AI problems for security[C]// 2003 International Conference on the Theory and Application of Cryptographic Techniques (Eurocrypt) . Heidelberg: Springer, 2003: 294-311.
[2] JIA X, XIAO J, WU C. TICS: text–image-based semantic CAPTCHA synthesis via multi-condition adversarial learning [J]. The Visual Computer, 2022, 38(3): 963-975.
[3] SHI C, JI S, LIU Q, et al. Text CAPTCHA is dead? a large scale deployment and empirical study[C]// LIGATTI J, OU X, KATZ J, et al. 2020 ACM Conference on Computer and Communications Security (CCS) . USA: ACM, 2020: 1391-1406.
[4] HOSSEN I, HEI X. aaeCAPTCHA: the design and implementation of audio adversarial CAPTCHA[C]// 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P) . Genoa: IEEE, 2022: 430-447.
[5] GAO S, MOHAMED M, SAXENA N, et al. Gaming the game: Defeating a game CAPTCHA with efficient and robust hybrid attacks[C]// 2014 IEEE International Conference on Multimedia and Expo (ICME) . Chengdu: IEEE Computer Society, 2014: 1-6.
[6] SHAO R, SHI Z, YI J, et al. Robust text CAPTCHAs using adversarial examples[C]// 2022 IEEE International Conference on Big Data (Big Data) . Osaka: IEEE, 2022: 1495-1504.
[7] BURSZTEIN E, MARTIN M, MITCHELL J. Text-based CAPTCHA strengths and weaknesses[C]// 2011 the 18th ACM Conference on Computer and Communications Security (CCS) . Chicago: ACM, 2011: 125-138.
[8] 沈言玉, 张三峰, 曹玖新. 一种基于对抗样本的验证码安全性增强方法[J]. 网络空间安全, 2020, 11(8): 81-85.
SHEN Y Y, ZHANG S F, CAO J X. A security enhancement method of CAPTCHA based on adversarial samples [J]. Cyberspace Security, 2020, 11(8): 81-85.
[9] GOODFELLOW I J, SHLENS J, SZEGEDY C. Explaining and harnessing adversarial examples[EB/OL]. arXiv: 1412.6572(2015-03-20) [2023-01-02]. https://arxiv.org/abs/1412.6572v1.
[10] SHI C, XU X, JI S, et al. Adversarial CAPTCHAs [J]. IEEE Transactions on Cybernetics, 2022, 52(7): 6095-6108.
[11] KWON H, YOON H, PARK K W. Robust CAPTCHA image generation enhanced with adversarial example methods [J]. IEICE Transactions on Information and Systems, 2020, 103-D(4): 879-882.
[12] KURAKIN A, GOODFELLOW I J, BENGIO S. Adversarial examples in the physical world[EB/OL]. arXiv: 1607.02533(2017-02-11) [2023-01-02]. https://arxiv.org/abs/1607.02533v3.
[13] PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]// 2016 IEEE European Symposium on Security and Privacy (EuroS&P) . Saarbrucken: IEEE, 2016: 372-387.
[14] ZHENG W, WANG W, REN W, et al. A user behavior-based random distribution scheme for adversarial example generated CAPTCHA[C]// 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) . New York: IEEE, 2021: 1215-1221.
[15] HUANG Z, XU W, YU K. Bidirectional LSTM-CRF models for sequence tagging[EB/OL]. (2015-08-09) [2023-01-02]. https://arxiv.org/pdf/1508.01991.
[16] KAREN S, ANDREW Z. Very deep convolutional networks for large-scale image recognition[EB/OL]. (2015-04-10) [2023-01-02]. https://arxiv.org/pdf/1409.1556.
[17] GRAVES A, FERNÁNDEZ S, GOMEZ F, et al. Connectionist temporal classification: labelling unsegmented sequence data with recurrent neural networks[C]// 2006 23rd International Conference on Machine Learning (ICML) . Pittsburgh: ACM, 2006: 369-376.
[18] GATYS L A, ECKER A S, BETHGE M. Image style transfer using convolutional neural networks[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Las Vegas: IEEE Computer Society, 2016: 2414-2423.
[19] HE K, ZHANG X, REN S, et al. Deep residual learning for image recognition[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Las Vegas: IEEE Computer Society, 2016: 770-778.
[20] AKHTAR N, MIAN A. Threat of adversarial attacks on deep learning in computer vision: a survey [J]. IEEE Access, 2018, 6: 14410-14430.
[21] MIYATO T, DAI A M, GOODFELLOW I. Adversarial training methods for semi-supervised text classification[EB/OL]. arXiv: 1605.07725(2021-11-16) [2023-01-02]. https://arxiv.org/abs/1605.07725.
[22] DONG Y, LIAO F, PANG T, et al. Boosting adversarial attacks with momentum[C]// 2018 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Salt Lake City: IEEE Computer Society, 2018: 9185-9193.
[1] 谢惠琼, 凌捷. 插件技术在漏洞分类扫描中的应用[J]. 广东工业大学学报, 2011, 28(1): 8-11.
[2] 路璐; 易珺; 林小平; . 数字签名技术在校园网身份认证模型中的应用[J]. 广东工业大学学报, 2005, 22(3): 95-99.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!