Gotta CAPTCHA ’Em All: A Survey of 20 Years of the Human-or-computer Dilemma,ACM Computing Surveys

当前位置： X-MOL 学术 › ACM Comput. Surv. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Gotta CAPTCHA ’Em All: A Survey of 20 Years of the Human-or-computer Dilemma
ACM Computing Surveys ( IF 23.8 ) Pub Date : 2021-10-08 , DOI: 10.1145/3477142
Meriem Guerar ₁ , Luca Verderame ₁ , Mauro Migliardi ₂ , Francesco Palmieri ₃ , Alessio Merlo ₁

Affiliation

A recent study has found that malicious bots generated nearly a quarter of overall website traffic in 2019 [102]. These malicious bots perform activities such as price and content scraping, account creation and takeover, credit card fraud, denial of service, and so on. Thus, they represent a serious threat to all businesses in general, but are especially troublesome for e-commerce, travel, and financial services. One of the most common defense mechanisms against bots abusing online services is the introduction of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), so it is extremely important to understand which CAPTCHA schemes have been designed and their actual effectiveness against the ever-evolving bots. To this end, this work provides an overview of the current state-of-the-art in the field of CAPTCHA schemes and defines a new classification that includes all the emerging schemes. In addition, for each identified CAPTCHA category, the most successful attack methods are summarized by also describing how CAPTCHA schemes evolved to resist bot attacks, and discussing the limitations of different CAPTCHA schemes from the security, usability, and compatibility point of view. Finally, an assessment of the open issues, challenges, and opportunities for further study is provided, paving the road toward the design of the next-generation secure and user-friendly CAPTCHA schemes.

中文翻译：

所有人都要验证码：20 年人机两难困境的调查

最近的一项研究发现，恶意机器人在 2019 年产生了近四分之一的网站总流量 [102]。这些恶意机器人执行诸如价格和内容抓取、帐户创建和接管、信用卡欺诈、拒绝服务等活动。因此，它们总体上对所有企业构成了严重威胁，但对电子商务、旅游和金融服务而言尤其麻烦。针对机器人滥用在线服务的最常见防御机制之一是引入全自动公共图灵测试以区分计算机和人类 (CAPTCHA)，因此了解设计了哪些 CAPTCHA 方案及其对网络的实际有效性非常重要。不断发展的机器人。为此，这项工作概述了 CAPTCHA 方案领域的当前最新技术，并定义了一个包含所有新兴方案的新分类。此外，对于每个识别的 CAPTCHA 类别，通过描述 CAPTCHA 方案如何演变以抵抗机器人攻击，并从安全性、可用性和兼容性的角度讨论不同 CAPTCHA 方案的局限性，总结了最成功的攻击方法。最后，对未解决的问题、挑战和进一步研究的机会进行了评估，为设计下一代安全和用户友好的 CAPTCHA 方案铺平了道路。总结了最成功的攻击方法，还描述了验证码方案如何演变为抵抗机器人攻击，并从安全性、可用性和兼容性的角度讨论了不同验证码方案的局限性。最后，对未解决的问题、挑战和进一步研究的机会进行了评估，为设计下一代安全和用户友好的 CAPTCHA 方案铺平了道路。总结了最成功的攻击方法，还描述了验证码方案如何演变为抵抗机器人攻击，并从安全性、可用性和兼容性的角度讨论了不同验证码方案的局限性。最后，对未解决的问题、挑战和进一步研究的机会进行了评估，为设计下一代安全和用户友好的 CAPTCHA 方案铺平了道路。

更新日期：2021-10-08

点击分享查看原文

点击收藏

阅读更多本刊最新论文本刊介绍/投稿指南11