![]() In this paper, we investigate the robustness of the latest version of reCAPTCHA v2 against advanced object detection based solvers. In response to emerging threats, Google has made significant updates to its image reCAPTCHA v2 challenges that can render the prior approaches ineffective to a great extent. Previous work showed that reCAPTCHA v2's image challenges could be solved by automated programs armed with Deep Neural Network (DNN) image classifiers and vision APIs provided by off-the-shelf image recognition services. Analysis shows that the UNI-CAPTCHA engine shows better stability, speed, and detection than traditional bot detection and CAPTCHA applications. In UNI-Captcha, the threshold value of suspicious user behavior is adjusted according to the in-app security risk level. The threshold user value (εt) for high protection is determined in the evaluation, and results below εt, its value is evaluated as bot behavior and prevented. It also determines the risk rating of user labels from 1 to 5. The trained hybrid bi-LSTM + Softmax based UNI-CAPTCHA engine intuitively performs user-bot labeling of requests from the web application simultaneously. A risk rating was made using the k-Means++ algorithm based on characteristics of user behavior in the dataset. The application was tested with 16 different vulnerability tool bots and real users, creating a unique dataset containing 13 different behaviors. A web application with a landing page, login page, and register page has been developed for UNI-CAPTCHA to learn user and bot behavior. In this study, a robust behavior-based CAPTCHA (UNI-CAPTCHA) was developed that detects user-bot without interaction with user. In addition, increasing the difficulty level of CAPTCHA schemes have bringing usage difficulties. Although captcha applications make bot-user distinction, it can be solved with software-based systems. CAPTCHA is preferred to prevent bots in web applications to minimize possible risks. Although existing systems perform rules and content-based filtering, they can be bypassed with payloads and advanced bots in different scenarios. ![]() ![]() ![]() The security of web applications is protected by firewalls, intrusion detection systems or deep learning-based approaches.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |