Final Project : Machine Learning
Gorelik Ilia
School of Computer Science, TAU
CAPTCHAs are employed as a security measure to different human users from bots. Here I present most of the types of CAPTCHAs - Text-based CAPTCHAs, Sound-based CAPTCHAs,
Image-based CAPTCHAs and Video-based CATCHAs. In this work I put focus in the known vulnerabilities of those CAPTCHAs.
Over the past few years, an increasing number of public web services have attempted to prevent exploitation by bots and automated scripts, by requiring a user to solve a Turing-test challenge (commonly known as a CAPTCHA – Completely Automatic Public Turing test to tell
Computers and Human Apart) before using the service. These efforts may be crucial to the success of these sites in various ways. For example, Gmail improves its service by blocking access to automated spammers, eBay improves its marketplace by blocking bots from flooding the site with scams, and Facebook limits creation of fraudulent profiles used to spam honest users or cheat at games
Any CAPTCHA has two main demands: (a) be easy for human to solve and (b) be very hard for a computer script to solve. Those to demands appear to contradict with each other. In the reality where the OCR, image recognition and Machine Learning techniques are well studied it is very hard to design a good CAPTCHA that will still be solvable by humans.
Since CAPTCHA was presented by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John
Langford in in 2003 [6] lots of different mechanisms were presented to the public. Most of them were broken after just few years (in the good case) like the GIMPY CAPTCHA [1], Microsoft
CAPTCHA [2], ASIRA and even the most common those days – reCaptcha.
The existing CAPTCHAs can be generally classified into three categories: Text-based
CAPTCHAs, Image-based CAPTCHAs and Sound-based CAPTCHAs [12] The CAPTCHA research is still taking its first steps and look more like art rather then science. This is the main reason that most of them are been quickly broken. Despite the fact that this is a young topic, many people are taking part in developing good CAPTCHAs for the sake of security, while others are breaking them for the sake of improving the Machine Learning and OSR study (n the words of Ahn, Blum and Langford [3]: Any program that passes the tests generated by a
CAPTCHA can be used to solve a hard unsolved AI problem .
One of the drawbacks of the summary is the disclosure responsibility taken by the academy.
Most of the attacks found on CAPTCHAs are been presented to the companies using them before handling them to the public. This is done to give those companies the opportunity to fix there

schemes before any malicious party can take advantage of them. This means that all the published information that can be found on the web is months old.
The most widely used CAPTCHA schemes use combinations of distorted characters and obfuscation techniques that humans can recognize but that may be difficult for automated scripts.
While some works [7] suggests that CAPTCHA security depends on preventing segmentation
(because the OSR and Machine Learning algorithms supply us with good character recognition)
Elie Bursztein, Matthieu Martin, and John C. Mitchell [20] claims that relying on segmentation alone does not provide reliable defense against automated attacks.
The Text-Based CAPTCHAs are designed to show distorted text on some background with techniques against segmentation. In the Microsoft MSN CAPTCHA the designers tried to protect only against segmentation. This was done by adding arcs (some of background color, some intersecting of letters color and some just around). The CAPTCHA was broken by Jeff Yan and
Ahmad Salah El Ahmad [2]. The attack is based on the fact that the challenge contains a constant number of letters (8), the width of the letters is constant and the letters are not intersecting.
Some of the CAPTCHAs like GIMPY and EZ-GIMPY use words form a dictionary. This approach allows the CAPTCHA designer to use longer challenges since people are good in reconstruction of words (even when they don’t understand some of the letters). Unfortunately this feature can be an attack vector as well. The EZ-GIMPY CAPTCHA was broken by G. Mori and J. Mailk [1] by eliminating suggestions that are not dictionary words. In [20] we see an example another example to this vulnerability when Slashdot CAPTCHA was broken with higher then 24% success rate.
GIMPY CAPTCHA
A work done by Elie Bursztein, Matthieu Martin, and John C. Mitchell [20] summarize all the known knowledge till 2011 in the topic of Text-based CAPTCHAs (I strongly recommend reading the whole paper!)
In their work the present a 5 step model for attacking a CAPTCHA: pre-processing, segmentation, post-segmentation, recognition, and post-processing. Using this model they were able to break 13 of the 15 common schemes they had tested (the scheme were chosen from http://www.alexa.com/topsites). Those schemes included the eBay and Baidu witch use collapsed characters. The reCaptcha and Google CAPTCHA were not broken during this research.
 pre-processing - can remove background patterns or eliminate other additions to the image that could interfere with similar to what was done in breaking MSN CAPTCHA

 segmentation – there are many anti-segmentation techniques, each of them should be handled differently:
Complex background: can be beaten using an “anti-pattern” technique: for all the possible font colors remove everything from the CAPTCHA that is not close to this color and test if you get a reasonable number of clusters (letters) with the right amount of pixels
Distortion: unfortunately those techniques hurt the human users more then the attackers scripts due to the option of choosing a good pre-processing algorithm
Noise: adding random noise to the image. For example, this technique is used in
Captcha.net. Note that the noise must have the same color as the. To de-noise
CAPTCHAs many techniques have been proposed over the years, including using the standard image filter erode [23]. However it turns out that using a MRF
(Markov Random Field) aka Gibbs algorithm [24] is far more effective. A Gibbs de-noising algorithm is an iterative algorithm that works by computing the energy of each pixel based on its surroundings and removing pixels that have energy below a certain threshold.
Lines: – adding random lines that intersect with the text. Note that the lines must be the same color and width as the text, otherwise they can be easily removed like done in [2].
Collapsing – there are different types of collapsing, all of them dramatically increases the CAPTCHA security. The eBay CAPTCHA was attacked based on the segmenting each “big segment” according to its width (guessing that the wider the segment the more letters it contains). Even if it seems at first sight that randomizing either the size of the letters or the length would be sufficient to prevent this kind of attack, this is not the case. Take Baidu for example. Even if Baidu performs heavy tilting and uses lines to prevent the attacker from guessing where to cut, knowing that the CAPTCHA has a length of 4 and using a projection based segmentation to get rid of the trailing lines allows Decaptcha to have a 5% precision on Baidu
CAPTCHAs. It works better on CNN where they got 16% accuracy.
 post-segmentation - can “clean up” the segmentation output
 recognition – Both SVM (very accurate) and K-NN algorithms (suggest a good trade off between accuracy and computation time) are suggested. This phase is the most studied phase because of the OSR problem.
There are ways to slow down the attacker. Two of the most efficient ways are letter rotation and using many Fonts.
 post-processing - validate the recognition output (For example, spell checking is performed on the classifier’s output for Slashdot)
At 2010 a team presented at Defcon18 an attack over reCaptcha with a success rate of
30%[21]. Unfortunately I couldn’t find the paper this team published, all the links to this paper are dead.

The Text-based CAPTCHAs are the most intuitive and common CAPTCHAs and at least they will stay like this in the incoming years. It is hard to design a strong CAPTCHA. Most of them are already broken while the common reCaptcha seems to hold, the question is for how long.
Before designing any text-based CAPTCHA it is crucial to read all the known attacks, but even this will give you only protection against known attacks while new ones are discovered every year.
One of the problems with Text Based CATCHAs and Image-based CATCHAs is accessibility.
There are some groups of people (People who are blind, color blind or have other issues with vision, Individuals with dyslexia, People of advanced age, people with intellectual or developmental disabilities) who can’t solve those CAPTCHAs and since lot of web services demand the user to solve the puzzle in order to use the service.
The solution is to provide services with Audio CAPTCHAs [9]. Typical audio CAPTCHAs consist of one or several speakers saying letters or digits at randomly spaced intervals. A user must correctly identify the digits or characters spoken in the audio file to pass the CAPTCHA.
To make this test difficult for current computer systems, specifically automatic speech recognition (ASR) programs, background noise is injected into the audio files.
For example we will look at 3 Audio CAPTCHAs: reCAPTCHA, Digg and Google.
Google : Google audio CAPTCHAs consist of one speaker saying random digits 0-9, the phrase
“once again,” followed by the exact same recorded sequence of digits originally presented. The background noise consists of human voices speaking backwards at varying volumes
Digg: also consist of one speaker, in this case saying a random combination of letters and digits.
The background noise consists of static or what sounds like trickling water and is not continuous throughout the entire file
The older version of reCAPTCHA’s
: audio CAPTCHAs we tested consist of several speakers who speak random digits. The background noise consists of human voices speaking backwards at varying volumes. The solution is always eight digits long.
Note: In my experience the Sound-based schemes can be very hard for a human. My success rate was lower the 50% while for some of the challenges I have had no clue what to response at all.
In this work the idea presented was to handle and Audio challenge similarly to the Text-based
CAPTCHA. The problem was separated into two steps: Segmentation and Recognition.
I am fully based on the work of Jennifer Tam, Jiri Simsa, Sean Hyde and Luis Von Ahn [10].
The Segmentation phase in this case differs because the segmentation is done for to the entire audio file while segments without the challenge are mark as a noise segments. From their experience dividing the audio strip into fixed-size segments work great (another reason to do this is that the ML algorithms strongly prepare information vector of the same length). The size of the segment was chosen manually before the learning phase. The segmentation is done by

choosing windows with the highest energy picks (it seems that this phase can be significantly improved, but it was enough to break all the three CAPTCHAs so no work was done in this direction).
The features extraction was done from each of the segments using different techniques. In this work they present three techniques:
 mel-frequency cepstral coefficients (MFCC) (Similar to a fast Fourier transform but
MFCC uses mel-frequency bands which are better for approximating the range of frequencies humans hear),
 perceptual linear prediction (PLP)[11] (was designed to extract speaker-independent features from speech, important for recognize letters and digits independently of who spoke them),
 and relative spectral transform-PLP (RAS TA-PLP) (a variance of the PLP).

The Classification was done by using one of the popular Machine Learning mechanisms:

Ada boost. Using decision stumps as weak classifiers for AdaBoost. The algorithm was tested against each option of the letters possible as a decision problem. A segment can then be classified as a particular letter, digit, or noise according to the run that gave the closest number to 1.

SVM.
First, all feature values are scaled to the range of -1 to 1. The scale parameters are stored so that test samples can be scaled accordingly. Then, a single multiclass classifier is created for each set of features using all the segments for a particular type of CAPTCHA. They used cross-validation and grid search to discover the optimal slack penalty (C=32) and kernel parameter (γ=0.011).

K-NN with Euclidian distance metric. They used cross-validation to discover the optimal parameter, in this case k=1.
Results:
In all the three CAPTCHAs the PLP-CEPS using SVN gave the best results if the demand no errors (45% for reCaptcha, 67% for google CAPTCHA, 71% for digg). We have to note that some of those CAPTCHAs allow as making errors (assuming that a normal human will do some errors). In this case the success rates are jumping over 90% (reCaptcha stays “low” at 56%).
As a matter of fact, all those CAPTCHAs were fully broken.
The sound-based CAPTCHAs are suffering both usability and security problem. I couldn’t find any information about attacks on the current version of the reCaptcha voice-captcha but I think it is just a matter of time, while the usability issue is already problematic.
As long as sites provide a sound-based CAPTCHA I think that this is the weakest point in all the security model. We will have to wait and see the void-based CAPTCHA evolve like the
Text-Based did over the years.
Haichang Gao, Honggang Liu, Dan Yao and Xiyang Liu presented a totally different idea of
Audio CAPTCHAs[7]. They wanted to exploits the gaps between human voice and synthetic voice, In there scheme the user is required to read out a given sentence, which is selected randomly from a specified book. They have presented an algorithm for separating humans (with success rate of 97%) from computers (success rate of 4%) in there paper.
This is a great example that the CAPTCHA world is still unexplored and a lot of new ideas are waiting to be found.

On of the main demand from a CAPTCHA is to be easy for a human to solve. Text-based
CAPTCHAs seems to suffer from an unfortunate property: Making them hard for computers also makes. An image-based CAPTCHA requires analysis of the often complex contents of an image, a task witch human perform well (from little age) while machines generally do not). One off the biggest pitfalls in developing of an Image-based CAPTCHA is the database. Lots of schemes were broken by reconstruction of the entire database.
Over the time many different models were suggested:

Chew and Tygar [15] were among the first to describe using labeled photographs to generate a CAPTCHA. They generated a database of labeled images by feeding a list of easily-illustrated words to Google Image Search. Unfortunately, this technique does not yield well-classified results due to Google’s method of inferring photo contents based on surrounding descriptive text. To use Chew and Tygar’s example, the word pumpkin may refer to either a large vegetable or someone’s pet cat Pumpkin. Because of these errors, they manually cull bad images from their collection. This is devastating to the security of the scheme. Vulnerability : A database small enough to be manually constructed by researchers is also small enough to be manually re-constructed by an attacker.

A novel solution to this problem is described by von Ahn et al.: They were able to entice humans to manually describe images by framing the task as a game. Their “ESP
Game” awards points to teams of non-communicating players who can both pick the same label for a random image, encouraging them to use the most obvious label. Their
PIX CAPTCHA [16] displays four images from the ESP Game database that have the same label, then challenges the user to guess the label from a menu of 70 possibilities.
This method has at least 2 weak points: o Vulnerability : The challenge can be solve with brute force with probability
1/70. o Usability Issue: Looking for an answer in a drop box with 70 options is frustrating and not usable.

A fascinating use of a large-scale human-generated database is the site
HotCaptcha.com. HotCaptcha displays nine photographs of people and asks users to select the three which are “hot.” Its database comes from HotOrNot.com, a popular web site that invites users to post photos of themselves and rate others’ photos as “hot” or
“not.” HotCaptcha is clever in its use of a pre-existing motivation for humans to classify photos at a large scale. Usability Issue: However, humans may have difficulty solving it because the answers are subjective and culturally relative; beauty has no ground truth. It is also offensive to many people, making it difficult for serious web sites to deploy.

A hybrid solution involving both image recognition and Text-Based challenge was used few years ago by rapidshare. In this scheme contained distorted letters and a distorted picture of a dog or a cat on each of the letters. The user had to type all the letters with a cat on them. Usability Issue: the challenge was extremely hard for a human been.
People preferred using other web services because they couldn’t pass this CAPTCHA
(b.t.w – there was a bot with higher success rate then most of the humans) KittenAuth
[12] authenticates users by asking them to identify photos of kittens. However, this is a coincidental and superficial similarity.


Vulnerability : KittenAuth is trivial to defeat because it is has a database of less than
100 manually selected kitten photos. An attacker can (indeed, already has [13]) expose the database by manually solving the KittenAuth challenge a few dozen times

R. Gossweiler, M. Kamvar, S. Baluja suggested [17] giving as a challenge a round picture rotated around. The user had to be rotated Rotation. The idea behind this article was that people are very good at image processing while this task is hard for a machine.
Usability Issue: unfortunately this scheme was confusing. This is a great example that a CAPTCHA must be easy and intuitive.

ASSIRA[14] – “Animal Species Image Recognition for Restricting Access” developed by Microsoft and Petfinder.com. The scheme was broken by Philippe Golle [18] with a success rate of 10.3%.

The ASIRRA scheme asks users to categorize photographs depicting either cats or dogs.
Asirra’s strength comes from an innovative partnership with Petfinder.com. Petfinder provides the scheme with a private database with more then 3,000,000 pictures of cats and dogs. In exchange, Asirra provides a small “Adopt me” link beneath each photo.
Usability: can be solved by humans 99.6% (after adding the Partial Credit Algorithm) of the time in under 30 seconds.
Security (as described in the original paper):
- The brute force attack is infeasible (success rate of 1/4096) due to the CAPTCHA
Token Buckets algorithm presented in the article
- Reconstruction of the DB is not economically profitable. Because the DB is huge
(unlike the KittenAuth’s one) it is not worth hiring cheap labor to classify all three million images.
- The Machine Vision Attacks should be infeasible. By the time the paper was released
The 2006 PASCAL Visual Object Classes Challenge [19] showed that the state of the art allows distinguishing between a cat and a dog of at most 60% (not enough to break
Asirra’s security model). Since the images in the Assira DB have a wide variety of backgrounds, angles, poses, lightning and etc, any simple Machine Vision algorithm should fail.
In the Asirra paper were presented two new concepts that should improve any CAPTCHA:

The Partial Credit Algorithm – the idea is that two “almost right” answers are strong evidence that a user is human. This algorithm keeps track of the last attempts of a user and considers him human even if he was almost right two times in a row. This algorithm increases the probability of a bot passing the challenge but not enough to hurt the security of the scheme.

CAPTCHA Token Buckets – this method dramatically reduce the success rate after 100 bad attempts. This is not affecting a real user but extremely hurts any bot with a success rate 33%.
Attack on Asirra:
The strength of the Asirra CAPTCHA strongly depended on the belief “classification accuracy of better than 60% will be difficult without a significant advance in the state of the art”. After a short time Philippe Golle introduced [18] a significant advance in this art.

The Classifier:
The attack is using an SVM for classification. SVM classifiers were selected for their ability to extract linear combination of features, their predictive power, and their computational scalability.
Different Color and Texture features were tested. At the end all the information was combined linearly thanks to the SVM technique. The tuning parameter of 0.001 was chosen for color features and 0.1 for texture features.
The features:
Color features:
First we extract small sub-images (5-by-5 pixels) from training images of cats and dogs.
We call these sub-images texture tiles. Then we construct a sub group T of those tiles that contain only tiles with at least a distance of 40 between them to be good unique representations of the original vector.
The feature vector associated with an image is the vector of distances between the image and each of the `t` texture tiles in T.
The distance between an image A and a texture tiles `t` is defined as a minimum over the maximum of the Euclidean distance in RGB space between ‘t’ and each sub tile of A
(when a separated to tile of size 5x5). Distances are normalized to the range [0,1].
Texture features:
The image is divided into N vertical and N horizontal strips of equal width. A HSV (hue, saturation, value) color model is used, since it is closer to human perception of color, and thus easier to interpret, than the RGB (red, green, blue) model. The hue channel of the color spectrum is divided into Ch bands of equal width, the saturation channel into Cs bands of equal width and the value channel into Cv bands of equal width. Altogether, this gives us a partition of the color space into (Ch,Cs,Cv) color regions. The feature vector associated with an image indicates, for every cell in the image and every color region, whether there is at least one pixel in the cell which belongs to the color region. In such manner we obtain a boolean feature vector F(N; Ch; Cs; Cv).
Since we are using SVM we can perform the classification on a join of few different classifiers. In the article the used a union of 3 classes F1 = F(1;10;10;10), F2 =
F(3;10;8;8) and F3 = F(5;10;6;6).
The surprising part was that the Boolean color features are more accurate than those trained on color histograms. In the article there some explanation to this phenomena but more work can be done to understand this.
The final result:
The Color features SVM produced a total accuracy of 77.1% while the textures 80.4%.
After combining them together the success rate of identifying a single image increased to
82.7%, enough to break the Assira CATCHA to 10.3%.
The Partial Credit Algorithm, presented in [12] increased the success rate even more to
38% after 3 attempts (suggesting that this technique is no good if there exists a almost fiseable attack), while the Token bucket scheme was to generous giving the attacker 3 attempts after each success. This was enough to break the whole scheme….
Conclusion:
In the case of Asirra CAPTCHA we see a great example when beating a CAPTCHA is driving science forward. As said in the original Asirra article, the CAPTCHA will be secure “without a significant advance in the state of the art”. In order to break the
CAPTCHA such advance had happened!

The next natural logical step after a Visual CAPTCHA based on image recognition is a challenge based on a Video. This type of CAPTCHA has both advantages and disadvantages. It is harder because motion tracking is necessary to isolate the frames that contain the actual
CAPTCHA. It is easier because being able to analyze multiple copies of the same CAPTCHA can boost the accuracy of the segmentation phase.
The first widely deployed video CAPTCHA scheme was NuCaptcha [4]. It was presented at the end of 2010. This scheme was analyzed by Elie Bursztein [5].
There are currently two version of the NuCaptcha. The simple version:
And the standard version:
As visible in the screenshot, the standard version differs from the simple version by a text animation from right to left. The user is then asked to enter the last word in the input box in the standard version. This scheme has multiple levels of security: In its easiest version the letters of the last word are in red, in the hard version the letters are in black and more heavily distorted. According to the site documentation, NuCaptcha uses a reputation algorithm to decide which version you get. Under the hood the NuCaptchas are short video files that contain about
500 frames.
What we would like to do is take a single frame and run any algorithm used for a regular
Text-Based CAPTCHA. The problem is that not all the frames contain the CAPTCHA (in the

standard version of NuCaptcha). To handle this attack it will have to do some cross-frame analysis.
Our algorithm will be as following:
1. The pre-processing phase: removing the background (found in [8]) and binarizing the
CAPTCHA in black and white so it is easier to process.
2. The frame analysis phase: used to find the object in each frame can potentially be the
CAPTCHA using two type of image analysis - a bounding box shape analysis, and an interest points (SIFT algorithm) density evaluation. The bounding box shape analysis is possible because the CAPTCHA has a constant length of 4 letters. This phase gives us for each frame the most “interesting” object.
3. The cross-frame analysis phase: combines the frame analysis results to isolate the set of frames where the actual CAPTCHA is present. The SIFT density from second phase gives as a metric for “how interesting” the object is. We will keep the frames that there “interesting” object has a similar high score.
4. The segmentation phase: separating the CAPTCHA letters. As we will see there are a couple of ways to do this–having multiples distortions of the same CAPTCHA actually give us an opportunity to be more efficient at segmentation than with a standard CAPTCHA.
5. The recognition phase: is used to recognize each letter individually using a machine learning algorithm.
Remark: since we have multiple frames with the CAPTCHA in them we can improve the segmentation phase. The idea is to use a motion tracking (optical flaw) algorithm. This algorithm follows a group of points that move together. Because each of the letters in the captcha has its own rotation rate (from left to right and back) each of the letters will be identified as a different set of points. (for more details see [5])
.
As up to date – the video CAPTCHA is not presenting any additional security.
Trying to prevent the computer from finding moving objects using a ‘confusing/moving background’ is a lost cause. Because the computer vision field has devised very efficient algorithms (optical flow algorithm) that are likely to destroy any attempts in this direction.
On the other hand there is potential. If we could remove every discriminative feature that allows the attacker to tell apart fake objects and letters this scheme can produce benefit over the regular Text Based CAPTCHA.
There is no doubt that a strong and usable scheme is needed by lot of different application. The
CAPTCHA world is young and still evolving. We can see this from the verity of different types

of CAPTCHAs. Unfortunately most of those CATCHAs as designed to be secure only against currently known types of attacks. Most of the CAPTCHAs are been broken shortly (few year top). It will take time until a good scheme will be presented.
On the other hand each new CAPTCHA proposes a new OSR, ASR, Visual Recognition or
Machine Learning challenge. Since the CAPTCHA is a security mechanism this pushes people to break them, by this driving those fields forward.
In any case, either we will get a good CAPTCHA or some other interesting problem will be solved to break all proposed CAPTCHAs.
[1] G. Mori and J. Malik, Recognizing Objects in Adversarial Clutter: Breaking a Visual
CAPTCHA CVPR03
[2] Jeff Yan, Ahmad Salah El Ahmad, A Low-cost Attack on a Microsoft CAPTCHA
[3] L. von Ahn, M. Blum, and J. Langford. Telling humans and computers apart (automatically).
CMU Tech Report CMUCS-02-117, February 2002.
[4] http://www.nucaptcha.com
[5] http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-wepropose-to-fix-it/
[6] L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In Eurocrypt, 2003.
[7] H. Gao, H. Liu, D. Yao and Xiyang Liu, An audio CAPTCHA to distinguish humans from computers
[8] Elie Bursztein, Matthieu Martin and John C. Mitchell, Text-based CAPTCHA Strengths and
Weaknesses (CSS’2011)
[9] G. Sauer, H. Hochheiser, J. Feng and J, Lazar. Towards a Universally Usable CAPTCHA, In
Proceedings of Symposium on Accessible Privacy and Security, (SOUPS’08), Pittsburgh,
PA, USA, 2008
[10] J. Tam, J. Simsa, S. Hyde and L. Von Ahn, Breaking Audio CAPTCHAs
[11] H. Hermansky, “Perceptual Linear Predictive (PLP) Analysis of Speech,” J. Acoust. Soc.
Am.,vol. 87, no. 4, pp. 1738-1752, Apr. 1990.
[12] Oli Warner. Kittenauth. http://www.thepcspy.com/kittenauth.
[13] Digg.com user DoubtfulSalmon. http://tinyurl.com/2stwu3, April 2006.
[14] J. Elson, J. R. Douceur, J. Howell, J. Saul, Asirra: A CAPTCHA that Exploits Interest-
Aligned Manual Image Categorization, CCS2007

[15] Monica Chew and J.D. Tygar. Image recognition CAPTCHAs. In Proceedings of the 7th
International Information Security Conference (ISC 2004), pages 268–279. Springer,
September 2004.
[16] Luis von Ahn and Laura Dabbish. Labeling images with a computer game. In Elizabeth
Dykstra-Erickson and Manfred Tscheligi, editors, Proceedings of the 2004 Conference on
Human Factors in Computing Systems, CHI 2004, Vienna, Austria, April 24 - 29, 2004, pages 319–326. ACM, 2004.
[17] R. Gossweiler, M. Kamvar, S. Baluja, What’s up CAPTCHA? A CAPTCHA Based on
Image Orintation
[18] P. Gollee, Machine Learning Attacks Against the Asirra CAPTCHA
[19] Mark Everingham, Andrew Zisserman, Chris Williams, and Luc Van Gool. The PASCAL visual object classes challenge 2006 (VOC2006) results. Technical report, University of
Oxford, 2006
[20] ACM Computer and Communication security 2011 (CSS’2011)
[21] http://www.youtube.com/watch?v=3GkTx2GLsXE
[22] K. Chellapilla, K. Larson, P.Y. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (hips). In CEAS,
2005.
[23] J. Wilkins. Strong captcha guidelines v1. 2. Retrieved Nov, 10:2010, 2009.
[24] S. Geman and D. Geman. Stochastic relaxation, Gibbs distributions and the Bayesian restoration of images*. Journal of Applied Statistics, 20(5):25–62, 1993.