An Automated CAPTCHA for Website Protection Based on User Behavioral Model

Abstract-CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) currently is the standard security technology and has been used widely in applications on commercial websites. It is an automated method with human maintenance and intervention and it is used for protecting the websites from automated attackers. There exist different types of CAPTCHA, ranging from difficult/easy to complex/simple ones. The problem with current CAPTCHAs is most of them use one single layout and simple user interface to distinguish the human from the attacker. This mechanism will help the attacker to easily bypass by using an appropriate bot program. In this paper, the main objective is to make a survey regarding the available security technique and evaluate the existing ones according to a set of characteristics for defending against attackers. Upon the evaluation result, a new user behavioral model has been proposed based on the user activity. In the proposed method the user behavior is scored according to the characteristics needed by their web applications. Finally, the model is implemented by building a web application and validated using an experimental setup and achieved a score of 70.26 for the usability of the model and the proposed method compared with other CAPTCHA tests and with the experimental evaluations, the proposed method is easier to solve and more user-friendly.