Seeing Through the Mask: Rethinking Adversarial Examples for CAPTCHAs
This addresses security concerns for CAPTCHA systems by demonstrating a method to fool many state-of-the-art models, though it is incremental as it builds on existing adversarial techniques.
The paper tackled the problem of CAPTCHAs being vulnerable to adversarial attacks by image recognition models, and showed that adding masks to images while keeping them solvable by humans reduces accuracy by over 50% for all models and up to 80% for robust models like vision transformers.
Modern CAPTCHAs rely heavily on vision tasks that are supposedly hard for computers but easy for humans. However, advances in image recognition models pose a significant threat to such CAPTCHAs. These models can easily be fooled by generating some well-hidden "random" noise and adding it to the image, or hiding objects in the image. However, these methods are model-specific and thus can not aid CAPTCHAs in fooling all models. We show in this work that by allowing for more significant changes to the images while preserving the semantic information and keeping it solvable by humans, we can fool many state-of-the-art models. Specifically, we demonstrate that by adding masks of various intensities the Accuracy @ 1 (Acc@1) drops by more than 50%-points for all models, and supposedly robust models such as vision transformers see an Acc@1 drop of 80%-points. These masks can therefore effectively fool modern image classifiers, thus showing that machines have not caught up with humans -- yet.