Question-Based CAPTCHA

Mohammad Shirali-ShahrezaComputer Science Department Sharif University of Technology

Tehran, IRAN shirali@cs.sharif.edu

Sajad Shirali-Shahreza Computer Engineering Department

Sharif University of Technology Tehran, IRAN

shirali@ce.sharif.edu

Abstract Today there are many Internet sites which require only the entry by human users but

unfortunately some computer softwares called bots are designed by some hackers to enter these sites and use their resources through false registration. As a result some systems named CAPTCHA have been introduced to tell apart human users and computer software.

This paper introduces a new CAPTCHA method. In this method a simple mathematical problem is generated according to a predefined pattern but instead of some object’s name, we put their images. Then the whole problem is saved and shown to the user in form of an image to be answered by him. But since answering this problem requires four abilities of understanding text of question, detection of question images, understanding the problem, and solving the problem, only a human user can answer this question and present computer programs are unable to solve it. This project has been implemented by PHP language. 1. Introduction

Today a great deal of our daily activities is done through the Internet. In most of them it is necessary to register in order to use the facilities available on the Internet. Registration is required in order to specify identification of the receiving person. But hackers do a false and automatic registration on the Internet sites wasting resources of these sites. To prevent working of these programs, CAPTCHA system which is abbreviation of "Completely Automated Public Turing test to tell Computers and Human Apart" is proposed. These systems are derived from topics of Artificial Intelligence and have a process similar to Turing Test but they are in a reverse direction to it. In CAPTCHA some tests are designed to which human user can answer easily but present computer programs cannot [1].

CAPTCHA methods can be generally divided into two groups: OCR-based (based on Optical Character-Recognition Systems) and Non-OCR-Based (not based on Optical Character-Recognition Systems).

In OCR-based systems image of a word is shown to user after distortion and with various visual effects and he/she is asked to type it. Considering existence of various visual effects, computer will encounter problems in recognition of these words and only a human user can recognize and detect the concerned words. Examples of these methods are: Persian/Arabic Baffle Text [2] and Gimpy [3].

In contrast there are some other Non-OCR-Based methods which are more comfortable for users than OCR-based methods. Examples of these methods are Collage CAPTCHA [4], Text-to-Speech [5] and Implicit CAPTCHA [6]. In next section some of the above-mentioned methods will be described.

The suggested method in this paper is a combination of OCR-based and Non-OCR-based methods. In our suggested method a simple mathematical problem is shown to user in form of an image and he/she is asked to answer it. Furthermore some object’s name of the problem have been replaced with their images. As a result computer requires four abilities of understanding text of question, detection of question images, understanding the

International Conference on Computational Intelligence and Multimedia Applications 2007

0-7695-3050-8/07 $25.00 © 2007 IEEEDOI 10.1109/ICCIMA.2007.10

54

International Conference on Computational Intelligence and Multimedia Applications 2007

0-7695-3050-8/07 $25.00 © 2007 IEEEDOI 10.1109/ICCIMA.2007.10

54

problem, and solving the problem. Since it is very improbable for a computer program to succeed in doing all of these operations, only a human user can answer this problem. In section three we will talk about this method and its experimental results in full detail.

In fourth section some of the advantages of this method will be mentioned. In final section we will make the final conclusion. 2. Related works

It was first in 1997 when Andrei Broder et al devised a method to tell computer programs and human apart. In the same year, Altavista web site used it. In this method, a distorted English word was shown to the users and they were asked to type it. Distortion was so that OCR programs could not recognize the word [7]. Today this method is called CAPTCHA [3].

2.1. OCR-Based method

First we survey some OCR-Based CAPTCHA methods.

2.1.1. Gimpy method [3]: The Gimpy method was prepared at Carnegie Mellon University to distinguish human users from computer programs. In this method, a word was chosen from a dictionary and, after applying such changes as adding black or white lines, making linear changes, etc, it was shown as an image and the user was asked to type it properly. As this method uses its word from a dictionary with 850 words, it can easily be broken in [8].

Yahoo! used a simp1e version of this method, known as EZ-Gimpy, for recognizing human users from computer programs in preventing consecutive definition of user accounts by destructive computer programs.

2.1.2. Pessimal Print Method [9]: This method is based on one of the weak points of systems adopted for recognition of contemporary letters, which is the inability of current OCR software in reading low-quality prints. Hence, it has been tried to prevent the operations of destructive computer software by artificially lowering the quality of the printed letters.

But, this method is not very resistant against the attacks. It is possible that with the reversal of the conducted modifications, the changed words will turn into their initial mode and be recognized by the OCR systems.

2.1.3. Persian/Arabic Baffletext CAPTCHA [2]: Most of OCR-based CAPTCHA are designed for English language. Therefore non-English users have difficulties in using them. In this paper, a CAPTCHA is designed for Persian and Arabic languages.

2.2. Non-OCR-Based method

As mentioned before, there are also other CAPTCHA methods which are Non-OCR-based. At the follow some of these methods are reviewed.

2.2.1. Implicit CAPTCHA [9]: In the Implicit CAPTCHA, users only have to make a simple click. For example, in this method, the picture of a mountain is shown to the user and the user is asked to click on the pinnacle of the mountain. Or, a number of words are shown in a picture and the user is asked to click on a particular word. It seems that this method is simpler for the users although it is a costly method.

2.2.2. Text-to-Speech method [5]: In this method, instead of showing an image, a sound is played which has been obtained by converting text to speech by certain programs. The user

5555

must recognize and type the word. Considering the many complexities of speech, it is very difficult for computer programs to recognize the played words.

2.2.3. Drawing CAPTCHA [10]: This method is for devices using light pen like PDA (Personal Digital Assistant). In this method, numerous dots are drawn on a screen with noisy background and the user is asked to connect certain dots to each other.

In view of the problems that computers face in recognizing the dots from the noise, only a human user can easily identify the special dots and connect them to each other.

Unlike the other CAPTCHA methods, the users of any language in any age group can use this program and we can run it on devices with more limited resources than the computer.

3. Our suggested method

In this paper a new CAPTCHA method has been presented based on putting forth of a simple mathematical problem which also has images. In this section our suggested method has been described and implementation of an example of it has been described among algorithm explanations.

In this method at first on the basis of a series of pre-designed patterns a question is prepared. In these patterns some of the elements of the problem are variable and changeable and they are chosen from some items randomly. For example a pattern of the problem can be as follows:

There are a1 numbers of b1, a2 numbers of b2 and a3 numbers of b3 on a table. How many c1s are there on the table in total?

In this pattern ai is the number of objects which is ai ≥ 0. bi is the name of the object, for example apple, ball, pencil, cat, etc. Each object belongs to a specific group which is shown with ci. For example cat, dog, and mouse are among pets which are shown for example with c2, or pencil, paper, and book are among stationery. As a result if a problem is made with this pattern it may be as follows:

"There are 5 cats, 3 apples, and 4 dogs on a table. How many pets are there on the table in total?"

The answer is 7 (3 cats+4 dogs=7 pets). Or it may be a problem like the following one: "There are 2 pencils, 3 books, and 1 mouse on a table. How many fruits are there on the

table in total?" Here the answer is 0 because there is no fruit on the table. As you see, the user has only to enter a number. We can increase the diversity and variety

of the questions by designing different and various patterns and even make them more difficult and more sophisticated, too.

On the other hand entire question is not in a text format. In place of some words we put an image of those words, for example in the following example we place an image of that animal. Or in place of names of fruits we can put images of the fruits. This means that we can put an image of the objects in place of names of objects. The following question can be a good example of the mentioned pattern (Figure 1).

There are 5 , 3 and 6 on a table. How many fruits are there on the table in total? Figure 1. A sample question

Here the answer is 11 (5 apples + 6 bananas = 11 fruits). Even we can use images instead of the fixed words of the pattern. For example in above-

mentioned pattern we can use image of table instead of the word "table". We don't have to use

5656

the image or the name of the word everywhere. Rather we can use both image of the object and its name alternatively. For example we can use the word "table" itself for the first sentence in the above-mentioned pattern but in the second sentence we can use the image of "table" (Figure 2).

There are 5 , 3 and 6 on a table. How many fruits are there on the in total? Figure 2. Another sample question

As a whole, we can use various combinations to design problems in order to diversify the problems. At last the designed question will be saved as an image and shown to the user to answer.

As we specified earlier, it is easy for human users to answer these questions and the only thing they must do is to enter a number and consequently little time is required to answer and the user can answer these questions quickly. But answering these questions are very difficult for a computer program and it is very improbable for a computer program to succeed in it because the computer requires at least four abilities to answer these questions:

1- Computer must recognize phrase shown in the image through OCR-based software. 2- Computer must recognize shapes shown in the image. Of course before that it must

separate texts from the images which would be a difficult process in itself. 3- After recognition of texts and images the computer should be able to understand the

question. 4- At last and even if a computer does all the above-mentioned stages successfully it must

be necessarily capable to answer the shown question. As you see the probability of success of computers is very low in each of the mentioned

stages. As a result we can tell apart the computer programs and human users by this method. To implement this project at first we made some patterns according to the structure which

was previously mentioned. Then a program was designed for making a sample question based on these patterns. At first this software chooses one of the patterns randomly, then it makes a choice from among the existent and available choices for each of the variables and puts it in the pattern of the problem. Concerning the words which have image (and have been specified in the pattern) the concerned images are placed. Images of objects are chosen from an artwork collection. After the question was made along with its images, the entire question is saved in a JPEG format and is shown on the web page for the user. If the user enters the answer (which is a number) correctly the software will show a successful message and allows the user carry out the concerned operations. This project has been implemented by PHP language. A sample of this project is available at: http://www.hip.ir/QuestionCAPTCHA/ (Figure 3).

Figure 3. An screenshot of our project

5757

4. Advantages 1. Unlike OCR-based CAPTCHA methods, this method requires only typing a number

as the answer. So it is easy to use, saves users time and more comfortable for them. 2. In this method it is not necessary to have a keyboard and we have only to enter a

number. Therefore we can use this method on devices which don't have a keyboard or on devices in which it is difficult to use a keyboard, such as mobile phones and Pocket PCs.

3. This method does not need any processing to be done by client and can be executed on small devices and on devices with limited resources. 5. Conclusion

In this paper a new CAPTCHA method has been presented which is a combination of OCR-based and Non-OCR-based methods. In this method a mathematical question based on a pre-designed pattern is shown as a combination of text and image of objects as a single image. The only thing the user has to do is to enter the answer only as a number. Considering the computer's difficulty in recognition of the text of the question, in recognition of question image, understanding of the problem, and solving the problem, only a human user can answer this question.

We can increase the difficulty of this method through changing pattern of questions and as a result the degree of the resistance against the attacks through changing pattern of questions. But doing this will cause the program to be more difficult for human users, too.

We can use this method not only on web pages but also on computer programs as well. If we change patterns of question we can use other problems than mathematical problems.

For example we can design a medical question such as "How many bones are there in a human's jaw?" and we can show the image of bone instead of the word "bone".

We can customize this method for special sites. For example we can use medical questions like the above-mentioned question for medical websites.

6. References

[1] L. von Ahn, M. Blum, and J. Langford, "Telling Humans and Computers Apart Automatically," Communications of the ACM, vol. 47, February 2004, no. 2, pp. 57-60.

[2] M.H. Shirali-Shahreza and M. Shirali-Shahreza, "Persian/Arabic Baffletext CAPTCHA," Journal of Universal Computer Science (J.UCS), vol. 12, no. 12, December 2006, pp. 1783-1796.

[3] M. Blum et al, "The CAPTCHA Project (Completely Automatic Public Turing Test to tell Computers and Humans Apart)," School of Computer Science, Carnegie-Mellon University, http://www.captcha.net.

[4] M. Shirali-Shahreza and S. Shirali-Shahreza, "Collage CAPTCHA," Proceedings of the 20th IEEE International Symposium Signal Processing and Application (ISSPA 2007), Sharjah, UAE, February 2007.

[5] T.Y. Chan, "Using a text-to-speech synthesizer to generate a reverse Turing test," Proceedings of the 15th IEEE International Conference on Tools with Artificial Intelligence, CA, USA, November 2003, pp. 226-232.

[6] H.S. Baird and J.L. Bentley, "Implicit CAPTCHAs," Proceedings SPIE/IS&T Conference on Document Recognition and Retrieval XII (DR&R2005), San Jose, 2005, pp. 191-196.

[7] H.S. Baird and K. Popat, “Human Interactive Proofs and Document Image Analysis,” Proceedings of the 5th IAPR International Workshop on Document Analysis Systems, Springer LNCS 2423, 2002, pp. 507-518.

[8] G. Mori and J. Malik, “Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA,” Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, WI,, USA, 2003, pp. 134-141.

[9] A.L. Coates et al, “Pessimal Print: A Reverse Turing Test,” Proceedings of the 6th International Conference on Document Analysis and Recognition, Seattle, WA, USA, 2001, pp. 1154-1158.

[10] M. Shirali-Shahreza, and S. Shirali-Shahreza, "Drawing CAPTCHA," Proceedings of the 28th International Conference Information Technology Interfaces, Dubrovnik, Croatia, June 19-22, 2006, pp. 475-480.

5858