Nanglae Nilobon, Bhattarakosol Pattarasinee
Department of Mathematics and Computer Science, Faculty of Science, Chulalongkorn University, Bangkok, Thailand.
PLoS One. 2024 Dec 5;19(12):e0311197. doi: 10.1371/journal.pone.0311197. eCollection 2024.
CAPTCHA was introduced decades ago to distinguish between humans and bots. However, solving CAPTCHA has been a challenging issue for intruders. Various techniques, such as 3rd-party attacks, have been invented to break CAPTCHA. This research proposes ProCAPTCHA, a CAPTCHA system individually generated for each user by merging biometrics and user profiles. ProCAPTCHA leverages keystroke dynamics and personal information to create unique CAPTCHAs that are difficult for intruders to solve. ProCAPTCHA's algorithm generates CAPTCHA based on the user's profile data, ensuring randomness and uniqueness for each login. Performance evaluation shows that ProCAPTCHA can identify legitimate users with 100% accuracy, while only 60% of intruders are misclassified as true users. Bots face significant delays, often failing due to system time limits. Nonetheless, the bot's attack must spend a very long time solving which, in real life, could be interrupted by the time limit of the system. Therefore, all bots cannot gain access as required.
验证码在几十年前就被引入,用于区分人类和机器人。然而,解决验证码问题一直是入侵者面临的一个具有挑战性的问题。人们发明了各种技术,如第三方攻击,来破解验证码。本研究提出了ProCAPTCHA,一种通过融合生物特征和用户配置文件为每个用户单独生成的验证码系统。ProCAPTCHA利用击键动力学和个人信息来创建入侵者难以解决的独特验证码。ProCAPTCHA的算法基于用户的配置文件数据生成验证码,确保每次登录的随机性和唯一性。性能评估表明,ProCAPTCHA可以100%准确地识别合法用户,而只有60%的入侵者被误分类为真实用户。机器人面临显著延迟,往往因系统时间限制而失败。尽管如此,机器人的攻击必须花费很长时间来解决,在现实生活中,这可能会被系统的时间限制打断。因此,所有机器人都无法按要求获得访问权限。
