Scientists from St Petersburg University teach a neural network to identify potential vulnerabilities in text-based CAPTCHAs
Computer scientists from St Petersburg University and St Petersburg Federal Research Centre of the Russian Academy of Sciences have tested the effectiveness of text-based CAPTCHAs in protecting against malware. They created a neural network that was able to detect such protection, which was subjected to more than 20 distortions, and proved that this method is insecure.

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a computer test used to determine whether a person or a computer is using a system or trying to access a website. The main point of this defence is to present the user with a task that is easy for a human to complete but difficult for a computer. For example, to print out characters in a distorted form, or to mark certain objects in photographs that are often encountered in human life: traffic lights, bicycles, and others. As a rule, only a human can perform this task, as artificial intelligence is poor at distinguishing distorted objects.
The research findings are published in Scientific and Technical Journal of Information Technologies, Mechanics and Optics.
The rapid development of artificial intelligence technologies has called into question the effectiveness of such a test as a malware protection tool. For example, some AI technologies are already capable of recognising the necessary objects, even if they are distorted. Today, scientists are actively studying such technologies and algorithms to evaluate the effectiveness of CAPTCHA and possibly offer more complex options of the tasks to better understand that the user is a human.
Our proposed method makes it possible to train a system, a CAPTCHA solver, on a dataset of a small number of images. One of the major challenges in working with artificial intelligence models is to collect a dataset of sufficient size for training.
Anastasia Korepanova, Assistant Professor in the Department of Informatics at St Petersburg University
'The main difference between our approach and analogues is that it makes it possible to detect much more complex text tests that contain more than 20 distortions at once: changing the size and spacing between letters, creating "noise", overlapping elements, and others,' said Anastasia Korepanova, Assistant Professor in the Department of Informatics at St Petersburg University.
The approach of the scientists from St Petersburg University consists of two main steps: first, it was necessary to add image generation to the model in order to increase the dataset — the amount of data that will enable the system to solve the problem in future. The second step is to train the model on the resulting dataset.
The development by the computer scientists from St Petersburg University made it possible, even on the basis of a limited data set, to recognise 63% of distorted images offered as a computer text. According to the researchers, this shows the insecurity of sites that use this type of CAPTCHA.
‘The research findings can be used to improve the security of Internet resources. By drawing the attention of information security specialists to the vulnerabilities identified in the research, it will be possible to: more effectively refine methods for detecting and circumventing CAPTCHA; and on this basis develop improved algorithms for protection against automated attacks,’ said Maxim Abramov, Head of the Laboratory of Theoretical and Interdisciplinary Problems of Informatics at St Petersburg Federal Research Centre of the Russian Academy of Sciences.
St Petersburg University, the oldest university in Russia, was founded on 28 January (8 February) 1724. This is the day when Peter the Great issued a decree establishing the University and the Russian Academy of Sciences. Today, St Petersburg University is an internationally recognised centre for education, research and culture. In 2024, St Petersburg University celebrates its 300th anniversary.
The plan of events during the celebration of the anniversary of the University was approved at the meeting of the Organising Committee for the celebration of St Petersburg University’s 300th anniversary. The meeting was chaired by Dmitry Chernyshenko, Deputy Prime Minister of the Russian Federation. Among the events are: the naming of a minor planet in honour of St Petersburg University; the issuance of bank cards with a special design; and the branding of the aircraft of the Rossiya Airlines to name just a few. To mark the 300th anniversary of St Petersburg University, a postage stamp depicting the Twelve Collegia building and the monument to Count Sergey Uvarov was issued.
By the decision of the Governor of St Petersburg Alexander Beglov, 2024 is a year of the 300th anniversary of St Petersburg University in St Petersburg. On the day of the University’s 300th anniversary torches were lit on the Rostral Columns on the Spit of Vasilyevsky Island. St Petersburg University flags were raised on the Palace Bridge. The city public transport was decorated with the University’s symbols. New tourist maps will feature the locations of the University buildings, with thematic and historical materials about the University placed nearby. During St Petersburg’s City Day celebrations in May 2024, St Petersburg University will be a participating venue. The traditional ‘Scarlet Sails Festival’ will also be dedicated to the anniversaries of St Petersburg University and the Russian Academy of Sciences. Additionally, the University has launched a website dedicated to the upcoming holiday. The website contains information about outstanding University staff, students, and alumni; scientific achievements; and details of events held as part of the celebration of the 300th anniversary of the University.