IET Information Security (Mar 2021)

Detecting human attacks on text‐based CAPTCHAs using the keystroke dynamic approach

  • Suliman A. Alsuhibany,
  • Latifah A. Alreshoodi

DOI
https://doi.org/10.1049/ise2.12018
Journal volume & issue
Vol. 15, no. 2
pp. 191 – 204

Abstract

Read online

Abstract A Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is a simple test that is used on websites to differentiate between human users and automated attacks that indulge in spamming and other fraudulent activities. A text‐based CAPTCHA is the most popular security technique used by many websites on the Internet, such as Microsoft, Google and eBay, to secure their sites from automated attacks. By design, however, a CAPTCHA is unable to differentiate between a legitimate human user and a human‐based attacker. This may make websites vulnerable to human‐based attacks while using CAPTCHAs. Hence this article proposes a novel defence system using the keystroke dynamic approach. To evaluate our system, a laboratory experiment was conducted and the results showed that the proposed system is able to detect human‐based attacks on text‐based CAPTCHAs effectively with a 100% detection rate.

Keywords