P Sahithi Reddy supervised by Dr. Ankit Gangwal received her Master of Science  in Computer Science and Engineering (CSE). Here’s a summary of her research work on Swiss Cheese CAPTCHA: A Novel Multi-barrier Mechanism for Bot Detection:

A Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is one of the primary barriers between malicious bots and legitimate human users. However, advancements in Artificial Intelligence (AI) have enabled bots to bypass CAPTCHA challenges effectively, rendering several types of CAPTCHA ineffective. This thesis introduces Swiss Cheese CAPTCHA (SCCaptcha), a novel multi-barrier mechanism designed to differentiate humans from bots by leveraging human cognitive abilities and sensor inputs from modern devices. Inspired by the Swiss Cheese Model, SCCaptcha creates a layered defense system that is simple for humans but computationally expensive for bots to bypass. It is designed to be easily solvable by humans while presenting multiple obstructions for bots, even when sensor outputs can be predicted and interfered with. Leveraging human cognitive abilities and the Generic Sensor API in modern devices, this method provides robust protection by increasing computational difficulty for bots. SCCaptcha utilizes accelerometer data and cognitive tasks, such as guiding a ball to a target while navigating obstacles. Its design is resistant to automated attacks due to randomized challenge layouts and human-like trajectory analysis. SCCaptcha is implemented as a browser-based challenge where users tilt their device to move a virtual ball to a target object while avoiding obstacles. The design includes: 1. Client-side: Real-time interaction using device sensors like accelerometers to track ball movement. 2. Server-side: Verification of correctness of the answers along with various checks on the trajectory to determine the abnormalities and to distinguish bots and humans. Fallback options (e.g., text or audio CAPTCHAs) are provided for unsupported devices and unresponsive sensor cases. Next we evaluated the usability of the SCCaptcha human users based on data driven analysis. We conducted two user studies with a total of 223 participants: the first, with 116 participants, assessed the likability and design improvements, and the second, with 107 participants, evaluated the impact of those changes on cognitive abilities. Results show an average completion time of 4.76 seconds and 6.12 seconds, with success rates of 90.3% and 83.25%, respectively. Analysis of 2,141 trajectories from these studies highlights learnability, error recovery, efficiency, and user satisfaction. SCCaptcha outperforms widely used CAPTCHA systems such as Google reCAPTCHA and hCAPTCHA in solving time, usability. It offers an innovative approach by incorporating real-time sensor data and cognitive tasks, which are challenging for bots to replicate. Finally, we designed an automated attack to test real-world security, demonstrating a low probability of successful attacks. The accompanying dataset and the code is made publicly available to support further research.

March 2025