Abstract: The current CAPTCHA is so simple that it can be easily identified by the automated procedures, which may cause many security risks. On the purpose of enhancing the security of Web applications, an improved CAPTCHA algorithm based on the random sequence was introduced. First of all, the algorithm created a true color image with random background color. Second, it determined characters and the number of character that were randomly generated in a certain range. Finally, the algorithm put characters on the image and the positions of characters were random. To determine the sequence of characters, lines were put between characters. The characteristic of the algorithm is that the number, font, position and input sequence of the characters were uncertain. The experimental results show that the CAPTCHA based on random sequence has great advantages, which can provide a strong security for Web applications.

Key words: CAPTCHA, network attack, Web security

摘要： 针对目前常用图形验证码过于简单,容易被自动化程序识别所产生的安全隐患,提出了基于随机顺序的图形验证码改进算法。该算法首先创建一张随机背景色的真彩图片,然后在特定范围内随机选择验证字符个数,在此基础上将随机字符写入随机位置并标识字符顺序。其主要特征为验证码字符数目不固定,字体不固定,字符位置不固定和验证字符输入顺序不固定。实验证明,基于随机顺序的图形验证码在健壮性和可靠性方面都有很大提高,为保证Web安全提供了强有力的保障。

关键词: 图形验证码, 网络攻击, Web安全