计算机工程与应用 ›› 2023, Vol. 59 ›› Issue (21): 278-286.DOI: 10.3778/j.issn.1002-8331.2206-0359

• 网络、通信与安全 • 上一篇    下一篇

文本对抗验证码的研究

李剑明,闫巧   

  1. 深圳大学 计算机与软件学院,广东 深圳 518052
  • 出版日期:2023-11-01 发布日期:2023-11-01

Research on Text-Based Adversarial CAPTCHA

LI Jianming, YAN Qiao   

  1. College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, Guangdong 518052, China
  • Online:2023-11-01 Published:2023-11-01

摘要: 图像识别等深度学习技术的发展使得传统的文本验证码安全性下降,利用对抗样本这一深度神经网络存在的缺陷来增强文本验证码的安全性具有重要研究意义。通过将多种对抗样本生成算法应用到文本验证码上,生成文本对抗验证码,并从耗时、扰动大小、黑白盒识别率等多个方面衡量生成的对抗验证码的实际效果。基于验证码生成频率较高的应用场景特点,筛选出将通用对抗扰动应用到文本验证码上的方案;在应用快速通用对抗扰动(Fast-UAP)算法时,为了克服Fast-UAP的不稳定性,提出了I-FUAP(initialized-FUAP)算法,通过利用通用对抗扰动来进行初始化,实验表明,在不显著影响扰动成功率和对抗样本攻击效果的前提下,改进后的算法相比于原来的Fast-UAP能更快地生成通用对抗扰动,生成耗时减少约30.22%。

关键词: 深度学习, 验证码, 对抗攻击, 通用对抗扰动

Abstract: The development of deep learning techniques such as image recognition has made traditional text CAPTCHAs less secure. It is of great significance to enhance the security of text-based CAPTCHAs by using adversarial examples, the defects of deep neural networks. This paper generates text adversarial CAPTCHAs by applying multiple adversarial example generation algorithms to text CAPTCHA and measures the actual effectivenessin terms of multiple aspects such as time consumption, disturbance size, black and white box recognition rate. Based on the characteristics of the application scenario with high frequency of CAPTCHA generation, a scheme of applying universal adversarial perturbation to text CAPTCHAs is screened. In applying the fast universal adversarial perturbation(fast-UAP) algorithm, the I-FUAP(initialized-FUAP) algorithms is proposed to overcome the instability of Fast-UAP by using universal adversarial perturbation for initialization. Experiments show that the improved algorithm can generate UAP faster than the original Fast-UAP. The generation time is reduced by about 30.22% without significantly affecting the perturbation success rate and the effectiveness of the adversarial example attack.

Key words: deep learning, completely automated public turing test to tell computers and humans apart(CAPTCHA), adversarial attack, universal adversarial perturbation