- Describe what a CAPTCHA is.
- Describe evolution of CAPTCHAs
- Describe how trying this goal can lead to different approaches to fighting against each other.
- Usability
- Systems that are easy to use will be used more frequently.
- Security
- CAPTCHA prevents spammy messages and content.
- Usability
- Describe the necessity for these features to exist.
- Describe how a compromise is necessary.
- Describe a brief overview of the proposed system.
- State goals and hypothesis.
- Goals
- Open (Kerckho�s' Principle)
- Secure (Resistant against malicious users and sites)
- Performant (Able to handle the computation of user scores)
- Usable (Provides noticeable benefit to the user)
- Hypothesis
- It is possible to increase usability and maintain security while decreasing the occurrence of CAPTCHAs with the use of feedback filtering and clustering.
- Goals
- Describe the paper layout and how it will address the compromise.
- Describe CAPTCHAs in more depth.
- Types
- Smarter AI causing common type to be more complicated to solve.
- Usability of CAPTCHAs being addressed in other ways. (Video CAPTCHA, Drag-and-drop tests)
- Describe work done in reputation systems, referral systems, and collaborative filtering/sanctioning.
- Distributed vs Cetralized
- Methods of generating reputation (Summation/Average, Bayesian, Discrete Trust Models, Belief Models, Fuzzy Models, Flow Models)
- Clustering/Top N Items
- Similarity Measures
- Attacks on these types of systems
- Methods for protecting against strategic oscillation.
- Talk about registering users
- Talk about registering a site and confirming ownership
- Talk about API
- Describe model where one site takes averages for each users performance.
- Introduce sessions as a way to better handle calculating scores to account for human error.
- Why is a session necessary?
- How to calculate it.
- Introduce malicious user
- Describe the goal of the malicious user.
- Describe how malicious user would attempt to attack the system and how it can be countered.
- Describe how average doesn't represent true behavior. (Most recent more important)
- Introduce PID Controllers and TrustGaurd and describe what properties make them useful. (Good reputation hard to obtain, detect fluctuations in behavior)
- Explain problems with TrustGaurd for use with UserTrust and how they can remedied.
- Degrading trust between CAPTCHAs (should increase briefly)
- Consistent intervals (May need different fading memory function)
- Introduce malicious site and why user reputations can't be simple averages
- Describe the goal of the malicious site.
- Describe the attack of the malicous site and how it will be countered.
- Describe method of verifying CAPTCHA transactions
- Describe method for clustering sites using similarity of users.
- Describe how clusters are used to calculate reputation and how reputation can be different for the same user on different sites.
- Talk about a model for efficient computation
- Lazy computing successful CAPTCHAs
- Immediate computing of failed CAPTCHAs
- Storing computed values
- Lazy computing similarities (May be beneficial for detecting a user who has changed behavior)
- Talk about storage structure for data
- Talk about how system is to be evaluated
- Simulation of many sites
- Good sites modeling
- Malicious sites modeling
- Simulation of many users
- Good user modeling (Techie, Grandpa, Kid, etc...)
- Bad user modeling (Alternating behavior, etc...)
- Simulation of many sites
- Introduce sessions as a way to better handle calculating scores to account for human error.
TBD