The Security Enhancement Method Of Image CAPTCHA Based On Adversarial Samples Technology

CAPTCHA serves to distinguish people from machines,and the image CAPTCHA had a good effect in the early days of the Internet era.In recent years,the rapid development of software technology,especially technical breakthroughs in deep learning and hardware breakthroughs has introduced AI technology into a whole new era.Deep learning-based image recognition and processing have posed a serious challenge to the core function of CAPTCHA.Compared with the traditional OCR-based text recognition to crack CAPTCHA,the cracking system based on deep learning technology has a higher accuracy rate and better effect.As a result,various novel CAPTCHA systems have emerged,but the operation logic of these emerging CAPTCHAs is not simple enough and the process is complicated,and although the progress in blocking machines is huge,it is not user-friendly,so that users’ passing rate on them is not high.Therefore,it is of great practical importance to improve the security of image CAPTCHAs.The adversarial sample technique is important in improving the robustness and security of the model.Its main performance is to make the model make a wrong classification,which is consistent with our need to improve the security of image CAPTCHA.Therefore,we propose an image CAPTCHA security enhancement method based on the adversarial sample technique to deceive the model by adding noise perturbation to the CAPTCHA,which disables the deep learning model to recognize the CAPTCHA content.The main tasks of this paper are:(1)A GAN image adversarial sample generation method is proposed to improve the efficiency of constructing adversarial samples and the success rate of attacks.This method constructs a dual-generator GAN network.Under a targeted attack,the input is the original category of the data set and the category under the targeted attack;under a targetless attack,only the original category of the data needs to be input.The output of the system is the adversarial sample that meets the input requirements,which can effectively expand the scale of the adversarial sample set,and can perform semi-white box attacks and black box attacks on the target model.(2)In the black box attack scenario,a black box attack method based on model distillation is proposed.By learning and distillation of the target model,a local copy of the target model is obtained,and then the distilled model is attacked using the same traditional way as the white-box attack.Since the key weight vectors of the distilled model can overlap with the original model at some levels,it can significantly improve the success rate of the attack under the black-box attack approach compared to the adversarial samples constructed by the traditional query-based approach.(3)We apply the adversarial sample technique to image CAPTCHA to improve the security of image CAPTCHA in response to deep learning system cracking.By building an image CAPTCHA cracking system based on a deep learning model and adding perturbation to the CAPTCHA through the adversarial sample technique,the recognition success rate of the system can be significantly reduced,and it is proved through experiments that the CAPTCHA security enhancement method based on the adversarial sample technique can significantly improve the reliability of the CAPTCHA.(4)Build a CAPTCHA web interface platform based on adversarial sample technology.The image CAPTCHA security enhancement method proposed in this paper is deployed to develop an image CAPTCHA system that can provide higher security through a WEB interface and visualize the display.