Cryptology ePrint Archive: Report 2016/336

No Bot Expects the DeepCAPTCHA! Introducing Immutable Adversarial Examples with Applications to CAPTCHA

Margarita Osadchy and Julio Hernandez-Castro and Stuart Gibson and Orr Dunkelman and Daniel P ́erez-Cabo

Abstract: Recent advances in Deep Learning (DL) allow for solving complex AI problems that used to be very hard. While this progress has advanced many fields, it is considered to be bad news for CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), the security of which is based on the hardness of learning problems.

In this paper we introduce DeepCAPTCHA, a new and secure CAPTCHA scheme based on adversarial examples, an inherit limitation of the current Deep Learning networks. These adversarial examples are constructed inputs, computed by adding a small and specific perturbation called adversarial noise to correctly classified items, causing the targeted DL network to misclassify them. We show that plain adversarial noise is insufficient to achieve secure CAPTCHA schemes, which leads us to introduce immutable adversarial noise - an adversarial noise resistant to removal attempts.

We implement a proof of concept system and its analysis shows that the scheme offers high security and good usability compared to the best existing CAPTCHAs.

Category / Keywords: applications / deep learning, CAPTCHAs

Date: received 27 Mar 2016

Contact author: orrd at cs haifa ac il

Available format(s): PDF | BibTeX Citation

Note: Submitted to Usenix Security 2016

Version: 20160330:075525 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]