With the evolution of AI, bots can break through CAPTCHA authentication faster and more accurately than humans

When using services on the Internet, you may be required to take a test called '

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)' to prove that you are not a robot. An experiment by a research team at the University of California that investigated CAPTCHA found that bots are superior to humans in decoding speed and correct answer rate for CAPTCHA tests.

[2307.12108] An Empirical Study & Evaluation of Modern CAPTCHAs

So much for CAPTCHA – bots can do them quicker than humans • The Register


CAPTCHA: Bots are better at beating 'are you a robot?' tests than humans are | New Scientist

CAPTCHA is a system that identifies whether a user is a human or a bot by reading and inputting distorted characters and selecting multiple images according to the presented theme. Website administrators can implement CAPTCHAs to protect their online systems and forms from bots that crawl their sites or try to add spam URLs to search engines. On the other hand, CAPTCHAs are also a hassle for website visitors. Therefore, a research team at the University of California, Irvine conducted an experiment to let human subjects and bots break through CAPTCHA and compare the time required to break through and the success rate.

The research team extracted 120 websites that introduced CAPTCHA and asked 1000 subjects to challenge CAPTCHA at 10 sites randomly selected from 120 websites. I was.

At the same time, the research team compared various bots created so far with the goal of breaking the CAPTCHA test with humans.

As a result of the survey, the type of CAPTCHA that reads and understands distorted text was solved with a high accuracy of 99.8% by the bot and at a tremendous speed of less than 1 second, while humans were able to solve it with an accuracy of 50 to 84% for about 9 to 15 seconds. It was reported that it took In addition, it was reported that the bot's correct answer rate dropped to 85% for the image selection type CAPTCHA, but slightly exceeded the human correct answer rate of 81%.

Below is a table summarizing the human breakthrough time for each type of CAPTCHA authentication. You can see that

reCAPTCHA developed by Google is broken in less than 10 seconds, while Arkose MatchKey and hCaptcha take tens of seconds to break through.

Below is a table comparing the response speed and correct answer rate of humans and bots. Most tests, such as reCAPTCHA and Geetest, are more accurate and faster for bots to answer.

The research team also investigated CAPTCHA response speed by user type and environment. As a result, it was found that the CAPTCHA answering speed varies depending on factors such as the age of the user, the device that uses the Internet, the purpose of use, and the educational background. Below is a graph showing the CAPTCHA response time by purpose of using the Internet. It has been shown that people who play online games often have faster CAPTCHA response times than people who use the internet for work, surfing and education.

Below is a graph showing the CAPTCHA response time by educational background. It is reported that users with 'PhD (doctoral degree)' have a short response time in many cases.

``There is no longer an easy way to distinguish between humans and bots using challenges such as distorted text and image selection,'' said Andrew Searles of the research team, ``Introducing intelligent algorithms instead of CAPTCHAs. We need to distinguish between bot access and human access by means of

Shujun Lee, a professor of cybersecurity at the University of Kent, points out that CAPTCHA is outdated due to the explosive growth of advanced AI. `` CAPTCHA is no longer difficult to achieve security goals, '' he said. He added, 'There is a need for new approaches, such as a more dynamic approach using behavioral analysis.'

'We are more focused than ever on recognizing and blocking malicious activity, whether it's from bots or humans,' said Jess Leroy, senior director of product management at Google Cloud. It is possible to protect the user's content even if the bot that has grown up by is accessing.Furthermore, we have introduced ' reCAPTCHA v3 ' since 2018, and users can check 'I am not a robot'. I don't even need to put it on anymore,' he reports.

in Software,   Web Service, Posted by log1r_ut