Advisory Committee Chair
Advisory Committee Members
Alan P Sprague
Date of Award
Degree Name by School
Doctor of Philosophy (PhD) College of Arts and Sciences
CAPTCHAs represent a primary defense mechanism against online attacks and resource abuse. However, existing CAPTCHA solutions (e.g., distorted static text-based CAPTCHAs) suffer from significant security problems. Recent research has demonstrated that many current forms of CAPTCHAs can be solved with a high accuracy using automated techniques. This vulnerability associated with traditional CAPTCHAs thus provides a sound motivation to explore CAPTCHA alternatives. In this dissertation, we study a broad class of game-based CAPTCHAs, called the Dynamic Cognitive Game (DCG) CAPTCHAs, which challenge the user to perform a game-like cognitive task interacting with a series of dynamic objects. Specifically, we focus on the security of DCG CAPTCHAs against automated (auto) and semi-automated (hybrid) attacks. Our work follows an offensive-defensive evolutionary security design methodology, with the highlight that controlling the visual correlation between foreground and background contents of DCG CAPTCHAs plays an important role to camouflage the location of foreground objects, thereby determining the security level against auto and hybrid attacks. On the offensive side, we develop novel auto and hybrid attacks based on image processing techniques to solve many varieties of DCG CAPTCHAs with high accuracies. Specifically, we propose novel real-time tracking methods and object recognition methods utilizing visual features existing in a single frame or the accumulation of multiple consecutive frames, to decode a DCG CAPTCHA. On the defensive side, we prevent previous attacks by gradually reducing the visual information, used to represent the CAPTCHA content, in order to increase the visual correlation between foreground and background contents. Specifically, our evolutional DCG CAPTCHA variants span a large array of countermeasures ranging from the low level, such as the natural/artificial scene video backgrounds, to the medium level, such as the dynamic color background, and, finally, the emerging image technique as the ultimate way to represent the CAPTCHA contents in motion, that may only be perceived by human users. We believe this is the first systematic study of the evolution of secure DCG CAPTCHAs. Since such CAPTCHAs have already emerged in the commercial domain, our study has the potential to make an impact on real-world CAPTCHA deployments in the future.
Gao, Song, "An Evolutionary Study Of Dynamic Cognitive Game Captchas: Automated Attacks And Defenses" (2014). All ETDs from UAB. 1699.