Manual data annotation is a time consuming activity. A novel strategy for automatic training of the CAPTCHA breaking system with no manual dataset creation is presented in this paper. We demonstrate the feasibility of the attack against a text-based CAPTCHA scheme utilizing similar network infrastructure used for Denial of Service attacks. The main goal of our research is to present a possible vulnerability in CAPTCHA systems when combining the brute-force attack with transfer learning. The classification step utilizes a simple convolutional neural network with 15 layers. Training stage uses automatically prepared dataset created without any human intervention and transfer learning for fine-tuning the deep neural network classifier. The designed system for breaking text-based CAPTCHAs achieved 80% classification accuracy after 6 fine-tuning steps for a 5 digit text-based CAPTCHA system. The results presented in this paper suggest, that even the simple attack with a large number of attacking computers can be an effective alternative to current CAPTCHA breaking systems.

手动数据注释是一项耗时的活动。本文提出了一种无需手动创建数据集即可自动训练CAPTCHA破坏系统的新策略。我们展示了使用类似的网络基础设施进行拒绝服务攻击的基于文本的CAPTCHA方案进行攻击的可行性。我们研究的主要目的是在将蛮力攻击与迁移学习相结合时，提出一个在验证码系统中可能存在的漏洞。分类步骤利用具有15层的简单卷积神经网络。训练阶段使用自动准备的数据集，无需任何人工干预即可创建和转移学习，以对深度神经网络分类器进行微调。经过设计的5位数基于文本的验证码系统经过6个微调步骤后，用于打破基于文本的验证码的系统达到了80％的分类精度。本文提出的结果表明，即使使用大量攻击计算机进行的简单攻击也可以替代当前的验证码破坏系统。