Researchers crack Internet security system

By Sarah Yang, Public Affairs

16 January 2003 | For every warm-blooded human who has ever participated in an online poll or signed up for free web-based e-mail, legions of computer-automated Internet robots, or “bots,” are trying to do the same thing. They scour cyberspace relentlessly, alert to opportunities to register new e-mail addresses, stuff ballots for online polls, and direct unwitting participants in Internet chat rooms to advertisements. Bot-produced e-mail accounts are hard to block or trace, making them ideal vehicles for sending spam to legitimate e-mail users.

A clever security system designed to stop these bot programs — which some consider the Internet equivalent of computer-generated telemarketing calls — has now been cracked by a pair of Berkeley computer scientists. The two were responding to an open challenge by the research team at Carnegie Mellon University in Pittsburgh that created the security system, known familiarly as Gimpy. The researchers issued a challenge to the computer-science community: write a program capable of reading the Gimpy-distorted text meant to defeat bots.

Gimpy takes advantage of the fact that most people can easily recognize words with letters that are squiggly, fuzzy, or otherwise distorted. In contrast, computer programs, such as those based upon optical character recognition technology, are easily flustered if the text is not clear and free of background clutter.

In 2001, Yahoo!, one of the largest providers of free web-based e-mail, implemented the Gimpy check as part of its process for registering new accounts. Those who can pass the test by typing in the correct word shown on the screen can go on to get an account. Bots, presumably, are stopped cold.

“We were able to crack Gimpy because of our previous research on a technique called ‘shape contexts’ for object recognition,” says Jitendra Malik, professor and chair of the Division of Computer Science at Berkeley’s College of Engineering. “The basic idea is to match shapes based upon the relative configuration of contours in a way that can tolerate small distortions.”

It took five days for Malik and Greg Mori, a computer-science PhD student at Berkeley, to create the program, which works by comparing the distorted letters in the given field to the 26 letters of the alphabet. In a trial, the process worked 83 percent of the time for the simplest version of Gimpy, known as EZ-Gimpy. This is the version used by Yahoo! in its e-mail-registration process.

Malik says the Gimpy challenge is a great test for the ongoing research in computer object recognition that he and others at Berkeley are conducting. “We’re looking at the bigger picture, so to speak,” he says. “The goal of the computer-vision research we are doing is to develop programs that can recognize people, animals, and other objects in a picture. It’s a shift from programs that can simply read text to those that can actually see pictures, which is a major step forward in the field of artificial intelligence.”


Home | Search | Archive | About | Contact | More News

Copyright 2002, The Regents of the University of California.
Produced and maintained by the Office of Public Affairs at UC Berkeley.

Comments? E-mail