Preventing massive automated access to web resources

Automated web tools are used to achieve a wide range of different tasks, some of which are legal activities, whilst others are considered attacks to the security and data integrity of online services. Effective solutions to counter the threat represented by such programs are therefore required. In this work, we present MosaHIP, a Mosaic-based Human Interactive Proof (HIP), which is able to prevent massive automated access to web resources. Properties of the proposed solution grant an improved security over usual text-based and image-based HIPs, whereas the user-friendliness of the system alleviates the user from the discomfort of typing any text before accessing to a web content. Experimental evidence of the effectiveness of the proposed technique is given by submitting our system to a series of tests simulating possible bot attacks.

[1]  Fuhui Long,et al.  Fundamentals of Content-Based Image Retrieval , 2003 .

[2]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[3]  Daniel P. Lopresti,et al.  A reverse turing test using speech , 2002, INTERSPEECH.

[4]  Francesco Bergadano,et al.  Lightweight security for Internet polls , 2004, EGCDMAS.

[5]  James Ze Wang,et al.  IMAGINATION: a robust image-based CAPTCHA generation system , 2005, ACM Multimedia.

[6]  John F. Canny,et al.  A Computational Approach to Edge Detection , 1986, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  A. M. Turing,et al.  Computing Machinery and Intelligence , 1950, The Philosophy of Artificial Intelligence.

[8]  Jitendra Malik,et al.  Recognizing objects in adversarial clutter: breaking a visual CAPTCHA , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[9]  Henry S. Baird,et al.  Pessimal print: a reverse Turing test , 2001, Proceedings of Sixth International Conference on Document Analysis and Recognition.

[10]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[11]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[12]  Patrice Y. Simard,et al.  Using Machine Learning to Break Visual Human Interaction Proofs (HIPs) , 2004, NIPS.

[13]  G. Moy,et al.  Distortion estimation techniques in solving visual CAPTCHAs , 2004, CVPR 2004.

[14]  J. Doug Tygar,et al.  Image Recognition CAPTCHAs , 2004, ISC.

[15]  Alessandro Basso,et al.  Avoiding Massive Automated Voting in Internet Polls , 2008, Electron. Notes Theor. Comput. Sci..

[16]  Marco de Vivo,et al.  Internet vulnerabilities related to TCP/IP and T/TCP , 1999, CCRV.

[17]  Henry S. Baird,et al.  Complex Image Recognition and Web Security , 2006 .

[18]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[19]  Mary Czerwinski,et al.  Building Segmentation Based Human-Friendly Human Interaction Proofs (HIPs) , 2005, HIP.

[20]  Robert B. Fisher,et al.  Hypermedia image processing reference , 1996 .

[21]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[22]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[23]  Nicu Sebe,et al.  Content-based multimedia information retrieval: State of the art and challenges , 2006, TOMCCAP.

[24]  Mary Czerwinski,et al.  Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) , 2005, CEAS.

[25]  Henry S. Baird,et al.  BaffleText: a Human Interactive Proof , 2003, IS&T/SPIE Electronic Imaging.

[26]  Chanathip Namprempre,et al.  Mitigating Dictionary Attacks with Text-Graphics Character Captchas , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[27]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[28]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[29]  T. Ho,et al.  Data Complexity in Pattern Recognition , 2006 .