Research On Captcha Generation Method Based On Adversarial Samples

As the first line of defense for the protection of network resource,CAPTCHA plays an important role in network security,which is used to distinguish whether the user is a computer or a human.However,with the continuous development of various cracking tools,the current CAPTCHA system has been difficult to guarantee its effectiveness.Especially the two most widely used CAPTCHAs,text CAPTCHA and image CAPTCHA,have significantly reduced security in the face of recognition of deep neural network models.The adversarial sample refers to the sample after adding noise that is difficult for humans to perceive in the original sample,which can deceive the deep neural network to give wrong results.This thesis studies the generation of CAPTCHAs based on adversarial samples to improve the effectiveness of CAPTCHAs in the new network environment.The existing methods for generating adversarial CAPTCHAs mainly have the following problems: 1)The generation of adversarial samples is mostly based on a specific model,which results in the adversarial samples may not deceive other unknown models.2)The current methods do not address the text and image CAPTCHA respective features to design the corresponding generation methods.Therefore,this thesis focuses on improving the safety of adversarial CAPTCHA through the multi-model ensemble.The main work includes the following three aspects:(1)Analysis of the adversarial CAPTCHA generation methods.For text CAPTCHA and image CAPTCHA,the technical requirements for the generation of CAPTCHAs are analyzed from various aspects,such as the image form,recognition model training,transferability of adversarial samples,and the effect of multi-model ensemble on recognition rate,etc.Identify that the adversarial CAPTCHA uses the white-box generation method,and the adversarial sample in the image selection CAPTCHA uses the black-box generation method.(2)Research on the generation method of adversarial text CAPTCHA.Aiming at the problem of insufficient security and usability of text CAPTCHA,a model ensemble white-box generation method based on region update(MEWG-RU)is proposed to generate adversarial text CAPTCHA.MEWG-RU integrates multiple models and constructs a new objective function,update the pixel value of the text region during the generation process to improve the security of adversarial text CAPTCHA.In addition,perturbation term is added to the objective function to improve the usability of adversarial text CAPTCHA.The experimental results show that the MEWG-RU method can effectively improve the security of text CAPTCHA without affecting the naked-eye recognition results.(3)Research on the generation method of adversarial image selection CAPTCHA.Aiming at the problem that the recognition rate of the adversarial image CAPTCHA generated in the white-box method is still high under some recognition models,a model ensemble black-box generation method based on genetic algorithm(MEBG-GA)is proposed.MEBG-GA can effectively reduce the recognition rate of different cracking models when more perturbations are added.The MEBG-GA method integrates multiple different models in the genetic algorithm,calculates the individual fitness function according to the probability output of the model to the sample,and introduces the coefficient ? to control the models' prediction of the sample in the output condition.The experimental results show that the adversarial image selection CAPTCHA generated by combining the adversarial samples generated by MEBG-GA has good security.In summary,this thesis combines the adversarial sample and the CAPTCHA to generate the adversarial CAPTCHA.The experimental results show that the adversarial CAPTCHA can effectively improve the security of the CAPTCHA in the face of convolutional neural network cracking without reducing the usability of existing CAPTCHA mechanisms,which has good practical value.