Exploiting the Human-Machine Gap in Image Recognition for Designing CAPTCHAs

Ritendra Datta, Jia Li, James Z. Wang
The Pennsylvania State University, University Park, PA 16802

Security researchers have, for long, devised mechanisms to prevent adversaries from conducting automated network attacks, such as denial-of-service, which lead to signi cant wastage of resources. On the other hand, several attempts have been made to automatically recognize generic images, make them semantically searchable by content, annotate them, and associate them with linguistic indexes. In the course of these attempts, the limitations of state-of-the-art algorithms in mimicking human vision have become exposed. In this paper, we explore the exploitation of this limitation for potentially preventing denial-of-service type attacks. While undistorted natural images have been shown to be algorithmically recognizable and searchable by content to moderate levels, controlled distortions of speci c type and strength can potentially make machine recognition harder without affecting human recognition. This difference in recognizability makes it a promising candidate for automated Turing tests called CAPTCHAs which can differentiate humans from machines. We empirically study the application of controlled distortions of varying nature and strength, and their effect on human and machine recognizability. While human recognizability is measured on the basis of an extensive user study, machine recognizability is based on three memory-based content-based image retrieval (CBIR) and matching algorithms. We give a detailed description of our experimental image CAPTCHA system, IMAGINATION, that uses systematic distortions at its core. A signi cant research topic within signal analysis, CBIR is actually conceived here as a tool for an adversary, so as to help us design more foolproof image CAPTCHAs.

Full Paper in Color
(PDF, 4MB)

On-line Info

Citation: Ritendra Datta, Jia Li and James Z. Wang, ``Exploiting the Human-Machine Gap in Image Recognition for Designing CAPTCHAs,'' IEEE Transactions on Information Forensics and Security, vol. 4, no. 3, pp. 504-518, 2009.

Copyright 2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works, must be obtained from the IEEE.

Last Modified: Thu Feb 5 11:11:03 EST 2009
© 2009