A Novel Human Visual Psychophysics Based Approach to Distinguish Between Human Users and Computer Robots
Saadatbeheshti, S. (2017). A Novel Human Visual Psychophysics Based Approach to Distinguish Between Human Users and Computer Robots. (Unpublished Doctoral thesis, City, University of London)
Abstract
Demand for the use of online services such as free emails, social networks, and online polling is increasing at an exponential rate. Due to this, online service providers and retailers feel pressured to satisfy the multitude of end-user expectations. Meanwhile, automated computer robots (known as ‘bots’) are targeting online retailers and service providers by acting as human users and providing false information to abuse their service provisioning. CAPTCHA is a set of challenge/response protocols, which was introduced to protect online retailers and service providers from misuse and automated computer attacks. Text-based CAPTCHAs are the most popular form and are used by most online service providers to differentiate between human users and bots. However, the vast majority of text-based CAPTCHAs have been broken using Optical Character Recognition (OCR) techniques and thus, reinforces the need for developing a secure and robust CAPTCHA model. Security and usability are the two fundamental issues that pose a trade-off in the design of a CAPTCHA. If a CAPTCHA model were too difficult for human users to solve, it would affect its usability, but making it easy would risk its security.
In this work, a novel CAPTCHA model called VICAP (Visual Integration CAPTCHA) is proposed which uses trans-saccadic memory to superimpose a set of fleeting images into a uniform image. Thus, this will be creating a meaningful picture of the object using the sophisticated human visual system. Since the proposed model is based on this unique ability of humans, it is logical to conclude that none of the current computer recognition programmes has the ability to recognise and decipher such a method. The proposed CAPTCHA model has been tested and evaluated in terms of usability and performance in laboratory conditions, and the preliminary results are encouraging. As a result of this PhD research, the proposed CAPTCHA model was tested in two scenarios. The first scenario considers the traditional setup of a computer attack, where a single frame of the CAPTCHA is captured and passed on to the OCR software for recognition. The second case, implemented through our CAPTCHA-Test Application (CTA), uses prior knowledge of the CAPTCHA design. Specifically, a number of frames are individually captured and superimposed (or integrated) to generate output images as a single image using the CTA and then fed into the OCR programme. The second scenario is biased because it also requires prior knowledge of the time interval (ISI) to be used in the integration process. When the time interval is set to a value higher than the optimal ISI, there is insufficient information to complete the CAPTCHA string. When the time interval for integration is set to a value lower than the optimal one, the CAPTCHA image is saturated due to the uniform nature of the noise process used for the background.
In order to measure the level of usability of our proposed VICAP model, a user evaluation website was designed to allow users to participate in the proposed VICAP model. This evaluation website also enabled participants to compare our proposed VICAP model with one of the current popular Google CAPTCHA models called ReCAPTCHA. Thus, to ensure the usability of the proposed CAPTCHA model, we set the threshold for the ORO (Original to Random Output Data) parameter at 40%. This ensured that our CAPTCHA strings would be recognised by human observers at a rate of 100%. In turn, when examining the robustness of our VICAP model to computer programme attacks, we can observe that for the traditional case of OCR recognition, based on a single-frame scenario, the Computer Recognition Success Rate (CRSR) was about 0%, while in the case of a multi-frame scenario, the CRSR can increase to up to 50%. In the unlikely scenario of an advanced OCR software attack, comprising of frame integration over an optimal time interval (as described above), the robustness of the VICAP model for the multi-frame sequence reduces to 50%. However, we must stress that this latter scenario is unfairly biased because it is not supported by the capabilities of present state-of-the-art OCR software.
Publication Type: | Thesis (Doctoral) |
---|---|
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
Departments: | Doctoral Theses School of Science & Technology > School of Science & Technology Doctoral Theses School of Science & Technology > Engineering |
Download (4MB) | Preview
Export
Downloads
Downloads per month over past year