1. COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen Stoeckle Mar 18, 2009

2. Introduction The first virus was written in 1971. The computer boom also caused a boom in viruses and malware. Computer bots: programs that perform automated tasks. Malicious functions: Propagate spam email Mass registration on websites Brute force attacks on passwords

3. Overview of CAPTCHA Completely Automated Public Turing Test to Tell Computers and Humans Apart Coined by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford Function: Generate tests to distinguish humans from malicious programs. Most prevalently used type of CAPTCHA: Text- based scheme.

4. Overview of CAPTCHA, continued A good CAPTCHA must be: Legible by humans Unrecognizable to pattern recognization algorithms. CAPTCHAs are NOT foolproof.

5. Proposed Survey Survey the history and current technologies of CAPTCHA breaker Analyze academic papers and other publications that related to CAPTCHA breakers There are three main approaches in breaking CAPTCHA, including [3]: exploiting bugs of several CAPTCHA implementations defeating CAPTCHA by improving character recognition algorithm using a human CAPTCHA solver Analyze and study representative techniques for each approach. Survey the details of these techniques including: How does the technique work? What are the targeted CATPCHA implementations? What are the breakthrough technologies? Does the technique work and how effective is it? Has it been used to attack established websites? How did the CATPCHA developers mitigate the attack?

6. Proposed Implementation Our second goal for the final project is to implement one of the surveyed techniques. The software will be demonstrated at the Final Project demonstration. A summary of the implementation will be included in the papers which describe: What we implemented? Collected data and results Lesson and learn from the experiences Ideas to improve the implementation and future works

7. Project Timeline Mar 18, 2009 Submit the final project proposal paper and presentation Mar 27, 2009 Research the War against CATPCHA landscape Pick the techniques to analyze & Select a technique to implement Apr 3, 2009 Complete the outline for the survey & the survey overview Detail design for the technique implementation Apr 10, 2009 Complete the write up for two out of three approaches Develop CAPTCHA test site & start on the implementation Apr 17, 2009 Complete the write up for all three approaches Complete Implement and test the selected CAPTCHA technique Apr 22, 2009 Write up the implementation experience Have a paper review and proofread Perform test on the software and collect statistics data Apr 24, 2009 Develop the presentation and demonstration

8. References Thomas M. Chen, Statistical Methods in Computer Security, The Evolution of Viruses and Worms, http://vx.netlux.org/lib/atc01.html http://vx.netlux.org/lib/atc01.html Jeff Yan, Ahmad Salah El Ahmad, A Low-Cost Attack on a Microsoft CAPTCHA, http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.p df http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.p df Wikipedia, CAPTCHA, http://en.wikipedia.org/wiki/Captcha http://en.wikipedia.org/wiki/Captcha