<p>Handwritten CAPTCHAs are widely regarded as more secure than printed-text CAPTCHAs due to the natural variability in individual writing styles. However, most existing studies are limited to real-world datasets, small sample sizes, a narrow range of attack models, and lack systematic large-scale evaluation. This study presents a comprehensive large-scale security assessment of handwritten pseudoword CAPTCHAs using a dataset of 40,000 images generated across 16 distinct design schemes. These schemes were evaluated against Google Lens, ChatGPT-4, and Tesseract OCR systems, both on raw images and after preprocessing, with recognition accuracy used as the primary performance metric. Experimental results show that all OCR systems achieve very low recognition accuracy (below 20%) on unprocessed images, indicating strong resistance to direct OCR-based attacks. However, the application of a custom denoising framework led to a substantial increase in recognition accuracy for modern AI-based OCR systems across all schemes. Statistical analysis using paired comparisons at a 95% confidence level confirmed that this improvement was highly significant (<i>p</i> &lt; 0.001). Furthermore, after preprocessing, no statistically significant difference was observed between the Google Lens and ChatGPT-4 OCR systems. In addition, machine learning classifiers such as Random Forest, SVM, and KNN were used to analyse recognition at the character level. These findings show that the evaluated handwritten pseudoword CAPTCHAs are effective against direct OCR attacks, but they are still vulnerable to preprocessing-based attacks, especially with modern AI-based recognition systems. This highlights the need for more robust CAPTCHA designs that balance usability and security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security analysis of handwritten pseudoword CAPTCHAs against OCR attacks

  • Dimple,
  • Mohinder Kumar,
  • Munish Kumar

摘要

Handwritten CAPTCHAs are widely regarded as more secure than printed-text CAPTCHAs due to the natural variability in individual writing styles. However, most existing studies are limited to real-world datasets, small sample sizes, a narrow range of attack models, and lack systematic large-scale evaluation. This study presents a comprehensive large-scale security assessment of handwritten pseudoword CAPTCHAs using a dataset of 40,000 images generated across 16 distinct design schemes. These schemes were evaluated against Google Lens, ChatGPT-4, and Tesseract OCR systems, both on raw images and after preprocessing, with recognition accuracy used as the primary performance metric. Experimental results show that all OCR systems achieve very low recognition accuracy (below 20%) on unprocessed images, indicating strong resistance to direct OCR-based attacks. However, the application of a custom denoising framework led to a substantial increase in recognition accuracy for modern AI-based OCR systems across all schemes. Statistical analysis using paired comparisons at a 95% confidence level confirmed that this improvement was highly significant (p < 0.001). Furthermore, after preprocessing, no statistically significant difference was observed between the Google Lens and ChatGPT-4 OCR systems. In addition, machine learning classifiers such as Random Forest, SVM, and KNN were used to analyse recognition at the character level. These findings show that the evaluated handwritten pseudoword CAPTCHAs are effective against direct OCR attacks, but they are still vulnerable to preprocessing-based attacks, especially with modern AI-based recognition systems. This highlights the need for more robust CAPTCHA designs that balance usability and security.