In UNI-Captcha, the threshold value of suspicious user behavior is adjusted according to the in-app security risk level. The threshold user value (εt) for high protection is determined in the evaluation, and results below εt, its value is evaluated as bot behavior and prevented. It also determines the risk rating of user labels from 1 to 5.
The trained hybrid bi-LSTM + Softmax based UNI-CAPTCHA engine intuitively performs user-bot labeling of requests from the web application simultaneously. A risk rating was made using the k-Means++ algorithm based on characteristics of user behavior in the dataset. The application was tested with 16 different vulnerability tool bots and real users, creating a unique dataset containing 13 different behaviors. A web application with a landing page, login page, and register page has been developed for UNI-CAPTCHA to learn user and bot behavior. In this study, a robust behavior-based CAPTCHA (UNI-CAPTCHA) was developed that detects user-bot without interaction with user. In addition, increasing the difficulty level of CAPTCHA schemes have bringing usage difficulties. Although captcha applications make bot-user distinction, it can be solved with software-based systems.
CAPTCHA is preferred to prevent bots in web applications to minimize possible risks. Although existing systems perform rules and content-based filtering, they can be bypassed with payloads and advanced bots in different scenarios. The security of web applications is protected by firewalls, intrusion detection systems or deep learning-based approaches. This paper also studies the usability: Experiments on both schemes show that such usability feature as memorability of CS-AV is greater by 3.75% than that of CT scheme.
The segmentation and symbols identification of CS-AV and CT scheme do not reveal sensitive information. For the security analysis, we applied segmentation techniques to identify the symbols on CT and proposed CS-AV.
In particular, we show that using together in one alphabet Alphanumeric (A) and Visual (V) symbols (CS-AV) improves its usability and users are more motivated towards making strong passwords. We generalize CaRP schemes introducing Click Symbol-Alphanumeric (CS-A) scheme which as CaRP schemes, ClickText (CT), ClickAnimal (CA), AnimalGrid (AG), and ClickPoint (CP), uses a proper symbol selection on the screen by clicking, but does not specify a particular alphabet. CaRP contains four schemes with different alphabet symbols used for password specification. CaRP are known graphical password schemes using Captcha visual objects for password setting.
0 kommentar(er)
