CAPTCHA is a cybersecurity measure that distinguishes between humans and automated scripts. Researchers have employed various security features to thwart automated program identification by hackers. However, previous research on the attack resistance of CAPTCHAs has used roughly quantitative analysis instead of a fine-grain quantitative study. This study implemented comparative experiments based on CAPTCHA recognition algorithms to find the best-mixed security features. A multi-stage best parameter selection (MBPS) mechanism was proposed in this study. Experiment results indicated that mixed security features of “overlap + scale + rotate + bg (background)” were the best, with an average machine recognition accuracy of only 4.81%. The contrast experiment result illustrated that the anti-attack ability of mixed security features was better than adding adversarial noise, with machine recognition accuracy decreased by 2.2%. Moreover, by investigating the efficacy of security feature parameters, this study provides practical guidelines for designing robust CAPTCHAs. Furthermore, this study also presents valuable insights into the security of image generation technology.

Anti-recognition; CAPTCHA generation; Cybersecurity; Security mechanisms; User-friendliness