A Low-Cost Approach to Crack Python CAPTCHAs Using AI-Based Chosen-Plaintext Attack

• Published in: Applied sciences Vol. 9; no. 10; p. 2010
• Main Authors: Yu, Ning, Darling, Kyle
• Format: Journal Article
• Language: English
• Published: Basel MDPI AG 01.05.2019
• Subjects: Algorithms; Artificial intelligence; authentication; CAPTCHA security; Classification; Computers; convolutional neural network; Deep learning; Libraries; Localization; Machine learning; Neural networks; open-source Python library; Proprietary; TensorFlow
• ISSN: 2076-3417; 2076-3417
• DOI: 10.3390/app9102010

CAPTCHA authentication has been challenged by recent technology advances in AI. However, many of the AI advances challenging CAPTCHA are either restricted by a limited amount of labeled CAPTCHA data or are constructed in an expensive or complicated way. In contrast, this paper illustrates a low-cost approach that takes advantage of the nature of open source libraries for an AI-based chosen-plaintext attack. The chosen-plaintext attack described here relies on a deep learning model created and trained on a simple personal computer in a low-cost way. It shows an efficient cracking rate over two open-source Python CAPTCHA Libraries, Claptcha and Captcha. This chosen-plaintext attack method has raised a potential security alert in the era of AI, particularly to small-business owners who use the open-source CAPTCHA libraries. The main contributions of this project include: (1) it is the first low-cost method based on chosen-plaintext attack by using the nature of open-source Python CAPTCHA libraries; (2) it is a novel way to combine TensorFlow object detection and our proposed peak segmentation algorithm with convolutional neural network to improve the recognition accuracy.