Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA) is a type of challenge-response test widely used in authentication systems. A well-known challenge it faces is the CAPTCHA farm, where workers are hired to solve CAPTCHAs manually. In this work, we propose to tackle this challenge from a novel perspective, converting CAPTCHA farm detection to identity inconsistency detection, which essentially becomes an authentication process. Specifically, we develop a novel embedding model, which measures the similarity between mouse trajectories collected during the session and when registering/solving CAPTCHA, to authenticate and detect identity inconsistency. Moreover, unlike most existing works that employ a separate mouse movement classifier for each individual user, which brings in considerable costs when serving a large number of users, our model performs detection tasks using only one classifier for all users, significantly reducing the cost. Experiment results validate the superiority of our method over the state-of-the-art time series classification methods, achieving 94.3% and 97.7% of AUC in identity and authentication inconsistency detection, respectively.

翻译：全自动区分计算机与人类的图灵测试（CAPTCHA）是一种广泛应用于认证系统的挑战-响应测试。其面临的一个众所周知难题是CAPTCHA农场——通过雇佣人工手动破解CAPTCHA。本文从新颖视角提出应对该挑战的方案，将CAPTCHA农场检测转化为身份不一致检测，本质上成为认证过程。具体而言，我们开发了一种新型嵌入模型，通过度量会话期间采集的鼠标轨迹与注册/破解CAPTCHA时采集的鼠标轨迹之间的相似性，实现身份认证与身份不一致检测。与现有大多数方法为每个用户单独训练鼠标移动分类器从而导致大规模用户服务成本高昂不同，我们的模型仅需对所有用户使用单一分类器即可完成检测任务，显著降低了成本。实验结果表明，我们的方法优于当前最先进的时间序列分类方法，在身份认证不一致检测与身份不一致检测中分别达到94.3%和97.7%的AUC值。