Abstract: Text-based CAPTCHAs are friendly and easy to understand, which have been widely used in the security defense mechanism of many Internet applications. Traditional text-based CAPTCHAs improve security by distorting characters or adding background noise. With the development of deep learning, its security is threatened and over-deformed characters will bring new problems to human. To address this, this paper designs a perturbation optimization framework with randomization strategy for text-based CAPTCHAs generation (denoted as PORG), which is friendly for human but difficult for machines. Specifically, the proposed PORG devises a perturbation generation network (PGN) based on current advanced and stable perturbation methods to construct multiple perturbation factors and applies a randomization strategy to generate diverse perturbed images. In particular, the perturbation factors generated by existing methods destroy the visual information conveyed by the CAPTCHA images. To this end, a perturbation optimization network (PON) is designed to control the introduced perturbation factors by extending the distance at feature-level and narrowing the gap at global-level, which makes the generated CAPTCHAs remain human-friendly while effectively treating the attacker model. Extensive experiments conducted on eight real-world datasets show the outperformance of the proposed PORG (e.g., attack accuracy is dropped from 90.03% to 0.12% on the CNKI dataset).