80 likes | 179 Views
COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLD’S MOST ACCURATE CAPTCHA BREAKER. By Huy Truong & Kathleen Stoeckle Mar 18, 2009. Introduction. The first virus was written in 1971. The computer boom also caused a boom in viruses and malware.
E N D
COMPUTER MALWARE FINAL PROJECT PROPOSALTHE WAR AGAINST CAPTCHAWITH IMPLEMENTATION OF THE WORLD’S MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen StoeckleMar 18, 2009
Introduction • The first virus was written in 1971. • The computer boom also caused a boom in viruses and malware. • Computer bots: programs that perform automated tasks. • Malicious functions: • Propagate spam email • Mass registration on websites • Brute force attacks on passwords
Overview of CAPTCHA • Completely Automated Public Turing Test to Tell Computers and Humans Apart • Coined by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford • Function: Generate tests to distinguish humans from malicious programs. • Most prevalently used type of CAPTCHA: Text-based scheme.
Overview of CAPTCHA, continued • A good CAPTCHA must be: • Legible by humans • Unrecognizable to pattern recognization algorithms. • CAPTCHAs are NOT foolproof.
Proposed Survey • Survey the history and current technologies of CAPTCHA breaker • Analyze academic papers and other publications that related to CAPTCHA breakers • There are three main approaches in breaking CAPTCHA, including [3]: • exploiting bugs of several CAPTCHA implementations • defeating CAPTCHA by improving character recognition algorithm • using a human CAPTCHA solver • Analyze and study representative techniques for each approach. • Survey the details of these techniques including: • How does the technique work? • What are the targeted CATPCHA implementations? • What are the breakthrough technologies? • Does the technique work and how effective is it? • Has it been used to attack established websites? • How did the CATPCHA developers mitigate the attack?
Proposed Implementation • Our second goal for the final project is to implement one of the surveyed techniques. • The software will be demonstrated at the Final Project demonstration. • A summary of the implementation will be included in the papers which describe: • What we implemented? • Collected data and results • Lesson and learn from the experiences • Ideas to improve the implementation and future works
Project Timeline • Mar 18, 2009 • Submit the final project proposal paper and presentation • Mar 27, 2009 • Research the War against CATPCHA landscape • Pick the techniques to analyze & Select a technique to implement • Apr 3, 2009 • Complete the outline for the survey & the survey overview • Detail design for the technique implementation • Apr 10, 2009 • Complete the write up for two out of three approaches • Develop CAPTCHA test site & start on the implementation • Apr 17, 2009 • Complete the write up for all three approaches • Complete Implement and test the selected CAPTCHA technique • Apr 22, 2009 • Write up the implementation experience • Have a paper review and proofread • Perform test on the software and collect statistics data • Apr 24, 2009 • Develop the presentation and demonstration
References • Thomas M. Chen, Statistical Methods in Computer Security, The Evolution of Viruses and Worms, http://vx.netlux.org/lib/atc01.html • Jeff Yan, Ahmad Salah El Ahmad, A Low-Cost Attack on a Microsoft CAPTCHA, http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.pdf • Wikipedia, CAPTCHA, http://en.wikipedia.org/wiki/Captcha