• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Research
  • Publications
  • People
  • Teaching
  • Media Outreach
  • News
  • AI Spies News

SPIES Lab, Computer Science and Engineering

Texas A&M University College of Engineering

DCG

Investigation of Dynamic Cognitive Game CAPTCHAs

Existing captcha solutions on the Internet are a major source of user frustration. Game captchas are an interesting and, to date, little studied approach claiming to make captcha solving a fun activity for the users. One broad form of such captchas – called Dynamic Cognitive Game (DCG) captchas – challenge the user to perform a game-like cognitive task interacting with a series of dynamic images. We pursue a comprehensive analysis of a representative category of DCG captchas. We formalize, design and implement such captchas, and dissect them across: (1) fully automated attacks, (2) human-solver relay attacks, and (3) usability. Our results suggest that the studied DCG captchas exhibit high usability and, unlike other known captchas, offer some resistance to relay attacks, but they are also vulnerable to our novel dictionary-based automated attack.

Dynamic Cognitive Game (DCG) CAPTCHAs are a promising new generation of interactive CAPTCHAs aiming to provide improved security against automated and human-solver relay attacks. Unlike existing CAPTCHAs, defeating DCG CAPTCHAs using pure automated attacks or pure relay attacks may be challenging in practice due to the fundamental limitations of computer algorithms (semantic gap) and synchronization issues with solvers. To overcome this barrier, we propose two hybrid attack frameworks, which carefully combine the strengths of an automated program and offline/online human intelligence. These hybrid attacks require maintaining the synchronization only between the game and the bot similar to a pure automated attack, while solving the static AI problem (i.e., bridging the semantic gap) behind the game challenge similar to a pure relay attack. As a crucial component of our framework, we design a new DCG object tracking algorithm, based on color code histogram, and show that it is simpler, more efficient and more robust compared to several known tracking approaches. We demonstrate that both frameworks can effectively defeat a wide range of DCG CAPTCHAs.

Static snapshots of 4 game instances of a representative DCG captcha analysed in the study (targets are static;  objects are mobile)

Static snapshots of 4 game instances of a representative DCG captcha analysed in the study (targets are static; objects are mobile)

People

Faculty

  • Nitesh Saxena
  • Chengcui Zhang

Student

  • Manar Mohamed (@UAB; PhD 2016; now Visiting Assistant Professor at Miami University)
  • Song Gao (@UAB; PhD 2014; now Software Engineer at Google)
  • Michael Georgescu (@UAB; BS 2014)

External Collaborators:

  • Paul C. van Oorschot (@Carleton University; Professor)
  • Wei-Bang Chen (@Virginia State University; Assistant Professor)
  • Ponnurangam Kumaraguru (@Indraprastha Institute of Information Technology, India; Assistant Professor)
  • Niharika Sachdeva (@Indraprastha Institute of Information Technology, India; PhD student)

Publication

  • A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability.
    Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot and Wei-Bang Chen
    In ACM Symposium on Information, Computer and Communications Security (ASIACCS), June 2014.
    [pdf]
  • Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming
    Manar Mohamed, Song Gao, Nitesh Saxena, and Chengcui Zhang
    In the Workshop on Usable Security (USEC), co-located with NDSS, February 2014.
    [pdf]
  • Gaming the Game: Defeating a Game CAPTCHA with Efficient and Robust Hybrid Attacks
    Song Gao, Manar Mohamed, Nitesh Saxena, and Chengcui Zhang
    In Security and Forensics Track, IEEE International Conference on Multimedia and Expo (ICME), July 2014
    [pdf]

Recent News

  • Paper accepted to ACM CCS 2025 July 2, 2025
  • News: Security and Accessibility Gaps in Web Authentication for Blind and Visually Impaired Users June 30, 2025
  • Paper accepted to ICME 2025 June 24, 2025
  • SPIES Lab’s Browser Fingerprinting Work in the News June 23, 2025
  • Journal paper accepted to IEEE TIFS June 19, 2025
  • SPIES Lab’s Browser Fingerprinting Work Features in News June 18, 2025
  • Paper Accepted to USENIX Security 2025 June 6, 2025
  • 2 Papers Accepted to PST 2025 June 6, 2025
  • AI Spies News — BPSniff (IEEE S&P 2025) Paper News Story May 12, 2025
  • Launching the AI Spies News Channel May 12, 2025
  • Paper accepted to WiSec 2025 May 11, 2025
  • SPIES Lab’s Secure Messaging Work Features in News May 3, 2025
  • SPIES Lab Student to Start as an Assistant Professor April 18, 2025
  • Dr. Saxena’s Primer on Secure Communications in News Media March 31, 2025
  • Dr. Saxena recognized with the Dean’s Excellence Award! February 14, 2025
  • Dr. Saxena appointed as the Senior Area Editor, IEEE TIFS February 6, 2025
  • 2 Full Papers Accepted to WWW 2025 January 20, 2025
  • Journal paper accepted to IEEE TMC December 18, 2024
  • New post-doctoral researcher joins the lab December 11, 2024
  • Paper Accepted to ACM Computing Surveys 2024 November 30, 2024

© 2016–2025 SPIES Lab, Computer Science and Engineering Log in

Texas A&M Engineering Experiment Station Logo
  • College of Engineering
  • Facebook
  • Twitter
  • State of Texas
  • Open Records
  • Risk, Fraud & Misconduct Hotline
  • Statewide Search
  • Site Links & Policies
  • Accommodations
  • Environmental Health, Safety & Security
  • Employment