驗證碼解碼器剋星:無需模型知識基於對抗性攻擊的有效解決方案
No Thumbnail Available
Date
2024
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
在現今網路服務越加發達的時代,許多網頁會在登入時透過驗證碼確保使用者是人而不是機器人,有些使用者會為了圖方便,使用自動化程式來進行登入,這可能會被惡意利用進行未經授權的訪問,導致資料外洩等嚴重後果。如果要防止這些情況,驗證碼的防護便是一大課題。為了增強驗證碼的安全性,我們將其與對抗攻擊相結合,預先將模型分群並生成對抗樣本,最後套用在驗證碼上。本文提出了兩種分群演算法。第一個是利用對抗樣本預測結果的相似性。我們為每個模型生成對抗樣本,並讓這些樣本被所有模型識別。列出所有成功誤導的機率後,將具有相似相互影響機率的模型分組。然後將分組的結果用於整合對抗性攻擊。第二種方法是計算每個模型的浮點運算數,並根據其值進行分組。在我們的觀察中,具有類似浮點運算數的模型在圖像分類任務中擁有相似的預測結果。浮點運算數是模型正向傳播的計算量,可用於評估模型的複雜度。第一種方法將模型分為7組,所有模型均達到了超過93%的誤導率。第二種方法也將模型分為7組,達到了90%的誤導率。最後將分群結果所生成的對抗樣本套用到驗證碼上,以達到增加其安全性的目的。
In today's increasingly interconnected online landscape, many websites implement verification codes during login procedures to ensure that users are humans rather than automated bots. Some users opt for the convenience of automated programs to facilitate login processes. This practice can be exploited for unauthorized access, potentially leading to severe consequences such as data breaches. Safeguarding verification codes thus stands as a significant challenge in preventing such occurrences. Toenhance the security of verification codes, this paper proposes combining them with adversarial attacks. Models are pre-grouped and adversarial examples are generated, which are then applied to the verification codes. Two grouping algorithms are presented. The first method involves assessing the similarity of prediction results using adversarial examples. Adversarial examples are generated for each model, and these examples are identified by all models. After listing the probabilities of successful deception, models with similar mutual influence probabilities are grouped. This grouping is then used for integrated adversarial attacks. The second method calculates the floating-point operations for each model and groups them based on their values. In our observations, models with similar floating-point operations tend to have similar prediction results in image classification tasks. Floating-point operations quantify the computational load during a model's forward pass and can be used to assess model complexity. The first method grouped models into 7 groups, all achieving over 93% deception rates. The second method also grouped models into 7 groups, achieving a 90% deception rate. Finally, the adversarial samples generated from the grouping results are applied to the verification codes to enhance their security.
In today's increasingly interconnected online landscape, many websites implement verification codes during login procedures to ensure that users are humans rather than automated bots. Some users opt for the convenience of automated programs to facilitate login processes. This practice can be exploited for unauthorized access, potentially leading to severe consequences such as data breaches. Safeguarding verification codes thus stands as a significant challenge in preventing such occurrences. Toenhance the security of verification codes, this paper proposes combining them with adversarial attacks. Models are pre-grouped and adversarial examples are generated, which are then applied to the verification codes. Two grouping algorithms are presented. The first method involves assessing the similarity of prediction results using adversarial examples. Adversarial examples are generated for each model, and these examples are identified by all models. After listing the probabilities of successful deception, models with similar mutual influence probabilities are grouped. This grouping is then used for integrated adversarial attacks. The second method calculates the floating-point operations for each model and groups them based on their values. In our observations, models with similar floating-point operations tend to have similar prediction results in image classification tasks. Floating-point operations quantify the computational load during a model's forward pass and can be used to assess model complexity. The first method grouped models into 7 groups, all achieving over 93% deception rates. The second method also grouped models into 7 groups, achieving a 90% deception rate. Finally, the adversarial samples generated from the grouping results are applied to the verification codes to enhance their security.
Description
Keywords
對抗攻擊, 驗證碼防護, 多模型整合攻擊, Adversarial attack, CAPTCHA protection, Multi-model ensemble attack