epl682 papers
play

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding - PowerPoint PPT Presentation

Nov 11, 2022 •470 likes •867 views

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus

  1. EPL682 - PAPERS ---------- Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus February 2019

  2. BACKGROUND 2

  3. What are CAPTCHAs? • C ompletely A utomated P ublic T uring test to tell C omputers and H umans A part (CAPTCHA). • Proposed in 2003 by Von et al. • Also referred as Reverse Turing Tests. • CAPTCHAs tell if a user is human or not. • Different versions of CAPTCHA exists. • Block automated bot systems attacks. • Must resist automated solving. • Must be painless for humans. 3

  4. CAPTCHA Versions 4

  5. Text-based CAPTCHAs • Most widely used CAPTCHA scheme. • CAPTCHA designing, reflects a trade-off between protection and usability. 5

  6. Paper: “Re: CAPTCHAs-Understanding CAPTCHA- Solving Services in an Economic Context.” 6

  7. What is all about? (Summary) • Brief explanation about CAPTCHAs. • CAPTCHA solving ecosystem has emerged with 2 major categories: 1. Automated CAPTCHA solvers (software). 2. Real-time human labor. • Evaluation of CAPTCHAs in economic terms. • CAPTCHA’s underlying cost structure benefits defender. • Plenty of CAPTCHA solving services with very low prices. $1/1000 • CAPTCHAs should be viewed as an economic impediment to an attacker (not only as a technological one). Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 7

  8. What is all about? (Cont.) • The overall shape of market is poorly understood. • Big evolution of automated solving tools… • …but, eclipsed by the emergence of human-based solving market. • Economic examination of human-based solving market. Human-based solvers Automated (software) solvers Hybrid solvers Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 8

  9. Related work • The authors claim that they are the first to identify the growth of human- labor-based CAPTCHA solving services. • The closest work related is the study of Bursztein et al. [1], BUT is focused on CAPTCHA difficulty rather than the underlying business models. • No other related work (at that time). [1] E. Bursztein, S. Bethard, J. C. Mitchell, D. Jurafsky, and C. Fabry. How good are humans at solving CAPTCHAs? a large scale evaluation. In IEEE S&P ’10, 2010. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 9

  10. Authors Tried to Answer Key Questions Like Which CAPTCHAs are mostly targeted? Pricing of services? Rough solving capacity? Services’ adaptability to changes in CAPTCHA schemes? Workforce demographics? Quality of service? Overall, this research provides a reasoning about the net value of CAPTCHAs under existing threats. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 10

  11. CAPTCHA Economics, but why??? • CAPTCHA’s technical perspective, doesn’t capture the business realities of CAPTCHA-solving ecosystem. • The profitability of any scam is a function of 3 factors: 1. The cost of CAPTCHA solving. 2. The effectiveness of any secondary defenses. 3. The efficiency of the attacker’s business model. • CAPTCHAs add friction to the attacker’s business model. • CAPTCHAs minimize the cost and legitimate user impact of heavier- weight secondary defenses (e.g. sms, etc.). Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 11

  12. Economics of CAPTCHA-solving Market • The market for CAPTCHA-solving services has been expanded… • …but, the wages of workers have been declining due to these reasons: 1. CAPTCHA solving is an unskilled job. 2. It can be easily sourced via internet to the lowest cost labor. 3. An increased competition on the retail side exist. • Mr. E said that 50% of revenue is profit, roughly 10% is for servers and bandwidth, and the remainder is split between solving labor. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 12

  13. CAPTCHA-Solving Market Workflow Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 13

  14. CAPTCHA-Solving Services Analysis • Evaluated services which were well-advertised at the time. • Evaluated 8 CAPTCHA-solving services for 5 months collecting CAPTCHAs by most popular web sites. • Evaluating several aspects such as: 1. Customer interface. 2. Solution accuracy. 3. Response time. 4. Availability. 5. Capacity. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 14

  15. Quality of Service Assessment Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 15

  16. Quality of Service Assessment (cont.) • Median error rate and response time (in seconds) for all services. Services are ranked top-to-bottom in order of increasing error rate. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 16

  17. Services Analysis Results • Antigate and ImageToText provided the fastest service. • Accuracy and response time varied with the type of CAPTCHA. • The value of a particular solver depends on 3 factors, namely: 1. Accuracy. 2. Response time. 3. Price. • DeCaptcher and CaptchaBot had the largest solving capacity, as they could solve 14–15 CAPTCHAs per second. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 17

  18. Worker Wages • They focused on two services namely Kolotibablo and PixProfit. • Kolotibablo pays workers at a variable rate (from $0.50/1,000 up to over $0.75/1,000 CAPTCHAs) depending on how many CAPTCHAs they have solved. • PixProfit offers a somewhat higher rate of $1/1,000. • A minimum amount of money should be collected before payout. • Most services provide payment via an online e-currency system. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 18

  19. Geographic Demographics • All services include a sizeable workforce fluent in Chinese, likely mainland China. • Antigate has appreciable accuracies for Russian and Hindi, presumably drawing on workforces in Russia and India. • Similarly, for CaptchaBypass and Russian. • BeatCaptcha and Tamil, Portuguese, and Spanish. • DeCaptcher and Tamil. • ImageToText has appreciable accuracy across a remarkable range of languages. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 19

  20. Adaptability of CAPTCHA Services • Again focused on Kolotibablo and PixProfit services. • Test them on the Asirra CAPTCHA. • ImageToText displayed a remarkable adaptability, solving the Asirra CAPTCHA on average 39.9% of the time. Figure 5: ImageToText error rate for the custom Asirra CAPTCHA over time. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 20

  21. Most Popular Targeted CAPTCHAs Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 21

  22. Conclusions • CAPTCHAs’ low-impact quality makes them attractive to site operators, • …but, at the same time, easy to be outsourced to global unskilled labor market. • CAPTCHA-solving business is well-developed, highly-competitive, and with large capacity industry. • Wholesale and retail prices for CAPTCHA-solving will continue to decline. • CAPTCHAs don’t prevent large-scale automated site access, • …but, they effectively limit automated site access. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 22

  23. Conclusions (Cont.) • As the cost of CAPTCHA solving decreases, a site operator must employ secondary defenses more aggressively. • CAPTCHAs should be regarded as an economic impediment (not only a technological one). • CAPTCHAs are low-impact mechanisms that add friction to the attacker’s business model. • CAPTCHAs minimize the cost and legitimate user impact of heavier- weight secondary defenses. Motoyama, Marti, et al. "Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context." USENIX Security Symposium . Vol. 10. 2010. 23

  24. Paper: “I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs.” 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide

TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide

TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide secure communication on the internet - Consists of two phases: - TLS Handshake protocol: agree on the cipher suite that will be used to encrypt

320 views • 31 slides
Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos

Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos

Cryptocurrencies Course: EPL682 Advanced Security Topics Instructor: Elias Athanasopoulos SoK: Research perspective and challenges for Bitcoin and cryptocurrency Joseph Bonneau , Andrew Miller , Jeremy Clark, Arvind Narayanan

794 views • 43 slides
EPL682 82 Advance ced d Security ty Topics Paper Reviews Name: Ioannis Yiangou

EPL682 82 Advance ced d Security ty Topics Paper Reviews Name: Ioannis Yiangou

EPL682 82 Advance ced d Security ty Topics Paper Reviews Name: Ioannis Yiangou Instructor: Dr. Elias Athanasopoulos Date: 27 February 2020 Term: rm: Irrelevant online content sent to numerous users Forms: rms: Emails, Social

809 views • 58 slides
NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut

NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut

SOCIAL NETWORKS Maria Agroti EPL682 1 1: All Your r Conta tacts ts Are Belong ng to Us: Aut utomated ted Identi tity The heft t At Attac acks on Social al Networ orks by: Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin

702 views • 47 slides
Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019

Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019

Crypto Mining CHRISTOS HADJISTYLLIS EPL682 - ADVANCED SECURITY TOPICS, SPRING 2018/2019 UNIVERSITY OF CYPRUS Introduction Cryptocurrency: virtual currency usually not controlled by any government or physical entity Examples: Bitcoin,

623 views • 36 slides
4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

All papers can be found by Google Scholar. For those papers accepted by S&P 2019, you can download them from this website: https://www.ieee- security.org/TC/SP2019/program-papers.html The below papers are published in the top security

290 views • 5 slides
PROCEDURES FOR PRESENTATION OF PAPERS TO THE HOUSE Papers is the collective term used for various

PROCEDURES FOR PRESENTATION OF PAPERS TO THE HOUSE Papers is the collective term used for various

PROCEDURES FOR PRESENTATION OF PAPERS TO THE HOUSE Papers is the collective term used for various documents presented to the House by Ministers or the Speaker, pursuant to Standing Order 372. Papers fall into two separate groups : 1. Parliamentary

350 views • 5 slides
Other Writing Assignments Literature Reviews - Theoretical Papers -Case Studies - Issue Papers

Other Writing Assignments Literature Reviews - Theoretical Papers -Case Studies - Issue Papers

Literature Reviews Theory-oriented Papers Case Studies Issue Papers Appendix Other Writing Assignments Literature Reviews - Theoretical Papers -Case Studies - Issue Papers Lecture 5 Lucia Milone LUISS Guido Carli, Rome March 31st, 2014

311 views • 28 slides
How to read papers What is a scien1fic paper? Scien1sts

How to read papers What is a scien1fic paper? Scien1sts

How to read papers What is a scien1fic paper? Scien1sts communicate their research findings by wri1ng papers. Papers (in CS) are usually published

263 views • 10 slides
INSTRUCTIONS FOR PRESENTATION OF SCIENTIFIC PAPERS DURING SZUSICON GENERAL INSTRUCTIONS The

INSTRUCTIONS FOR PRESENTATION OF SCIENTIFIC PAPERS DURING SZUSICON GENERAL INSTRUCTIONS The

INSTRUCTIONS FOR PRESENTATION OF SCIENTIFIC PAPERS DURING SZUSICON GENERAL INSTRUCTIONS The papers submitted for SZUSICON will be reviewed by a panel of referees. Based on the marks, the papers will be selected for presentation in the respective

273 views • 3 slides
How to write research papers? Ping HU, Kuniaki Saito A papers impact on your career Our image

How to write research papers? Ping HU, Kuniaki Saito A papers impact on your career Our image

How to write research papers? Ping HU, Kuniaki Saito A papers impact on your career Our image of the research community Scholars, plenty of time on their hands, pouring over your manuscript. The reality: more like a large, crowded

778 views • 29 slides
Skimming papers; reviewing papers Jonathan Shapiro School of Computer Science University of

Skimming papers; reviewing papers Jonathan Shapiro School of Computer Science University of

Skimming papers; reviewing papers Jonathan Shapiro School of Computer Science University of Manchester February 10, 2019 Announcements Announcements Slowly making progress fixing the Blackboard course page. It exists, but neither

881 views • 58 slides
Hesiod Poject Papers Papers are available on the website www.hesiod.eu Heritage and Social

Hesiod Poject Papers Papers are available on the website www.hesiod.eu Heritage and Social

Hesiod Poject Papers Papers are available on the website www.hesiod.eu Heritage and Social Innovation Observatory (HESIOD) presentation J. Fernndez Fernndez University of Oxford & UCL Institute of Archaeology Introduction Social

261 views • 3 slides
PRESENTATION OF PAPERS TO THE HOUSE This circular sets out the procedures for the presentation of

PRESENTATION OF PAPERS TO THE HOUSE This circular sets out the procedures for the presentation of

PRESENTATION OF PAPERS TO THE HOUSE This circular sets out the procedures for the presentation of papers to the House from 18 August 2015. "Papers" is the collective term used for various documents presented to the House by Ministers or

394 views • 7 slides
Identifying and reading research papers Guanting Chen, Zezhou Sun 01. 02. Overview Identify

Identifying and reading research papers Guanting Chen, Zezhou Sun 01. 02. Overview Identify

Identifying and reading research papers Guanting Chen, Zezhou Sun 01. 02. Overview Identify Papers CONTENT 03. 04. Go Deeper Go Further 1 Overview The facts about paper reading 2 Identify Papers Identify Papers Why do For

488 views • 17 slides
AFRICACRYPT 2011 Call for Papers AFRICACRYPT 2011 Call for Papers Africacrypt 2011 You are

AFRICACRYPT 2011 Call for Papers AFRICACRYPT 2011 Call for Papers Africacrypt 2011 You are

AFRICACRYPT 2011 Call for Papers AFRICACRYPT 2011 Call for Papers Africacrypt 2011 You are cordially invited to the fourth Africacrypt . AFRICACRYPT 2011 Call for Papers Africacrypt 2011 Place Africacrypt 2011 will be held in Dakar, Senegal.

368 views • 17 slides
Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin EXADAPT/ASPLOS INRIA, France March 2012 Background 1993-1997 Semiconductor electronics, physics, neural networks First steps on auto-tuning and

950 views • 38 slides
Traction Getting Traction for (your) Open Source Projects Michael Boelen

Traction Getting Traction for (your) Open Source Projects Michael Boelen

Traction Getting Traction for (your) Open Source Projects Michael Boelen michael.boelen@cisofy.com T-DOSE 2016, 12 November (NLLGG track) Why? (developers) Promote your open source project Users Feedback Invisible benefits 2

674 views • 49 slides
Slurpie A Cooperative Bulk Data Transfer Protocol Rob Sherwood Ryan Braud Bobby Bhattacharjee

Slurpie A Cooperative Bulk Data Transfer Protocol Rob Sherwood Ryan Braud Bobby Bhattacharjee

Slurpie A Cooperative Bulk Data Transfer Protocol Rob Sherwood Ryan Braud Bobby Bhattacharjee University of Maryland Slurpie p.1 Problem Motivation Slurpie p.2 Problem Motivation High bandwidth client and server Slurpie p.2

1.36k views • 97 slides
NOTE Additional information on certain slides will be found in the NOTES section and will

NOTE Additional information on certain slides will be found in the NOTES section and will

4/29/2015 SOIL COLORS AND THEIR INTERPETATION APRIL 2015 David Hammonds Environmental Consultant Florida Department of Health Division of Disease Control and Health Protection To protect, promote and improve the health of all people in

546 views • 33 slides
Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is

Computer Networks Prof. Hema A Murthy Sliding Window Protocol Sliding window protocol: Stop & Wait: inefficient if a is large. Data: - stream of bulk data - data can be pipelined - transmit window of date - donot

1.71k views • 13 slides
Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn

Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn

Beacon detection in PCAP files Supervisor: Sjoerd Peerlkamp[Shell] Leendert van Duijn Universiteit van Amsterdam - System and Network Engineering Leendert.vanduijn@os3.nl July 3, 2014 Leendert van Duijn (UvA-SNE) Beacon detection July 3,

224 views • 20 slides
Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam

Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam

What (is it all about?) Why (is the Orlandi protocol interesting?) How (did we make it practical?) Summary Efficient Implementation of the Orlandi Protocol . Jakobsen 1 , Marc X. Makkes 2 , and Janus Dam Thomas P Nielsen 1 1 The Alexandra

434 views • 30 slides
Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power

Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power

DRUM TRAINING PROGRAM A U.S. Agency for International Development (USAID) Funded Program Energy Meter S/W features Mr. N.K. Bhati Yadav Measurements Pvt.Ltd. Udaipur , India 1 Power Finance Corporation Ltd. (A Govt. of India

816 views • 78 slides

More recommend