(IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 13, No. 2, 2022 360 | Page www.ijacsa.thesai.org A Novel Animated CAPTCHA Technique based on Persistence of Vision Shafiya Afzal Sheikh, M. Tariq Banday Department of Electronics and Inst. Technology University of Kashmir Srinagar, India Abstract—Image-based CAPTCHA challenges have been successfully used to distinguish between humans and bots for a long time. However, image-based CAPTCHA techniques are constantly broken by hackers, forcing web developers to implement more robust security features and new approaches in CAPTCHA images. Modern-day bots can use many techniques and technologies to break CAPTCHA images automatically. These techniques include OCR, Segmentation, erosion, threshold, flood fill, etc. This led to innovative CAPTCHA systems, including those based on drag and drop, image recognition, fingerprint, mathematical problems, etc. Animated image CAPTCHAs have also been designed to show moving characters and objects and require users to recognize the characters or objects in the animation. Unfortunately, these CAPTCHA systems have also been broken successfully. This research proposes a novel animated CAPTCHA technique based on the persistence of vision, which shows text characters in multiple layers in an animated image. The proposed CAPTCHA technique has been implemented in PHP using GD library functions and tested using various popular CAPTCHA breaking tools. Further, the proposed CAPTCHA challenge has also been tested against the frame separation based breaking technique. The security analysis and usability study have demonstrated user-friendliness, vast accessibility, and robustness. Keywords—CAPTCHA; OCR; animation; segmentation; botnet; HIP; CAPTCHA usability I. INTRODUCTION CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is some kind of test or challenge which can be solved by a human user very quickly but cannot be solved by modern computer software [1]. These tests help distinguish between humans and computer programs. Unfortunately, hackers widely use automatic computer programs or bots to misuse Internet-based services causing harm to the services and service providers. Therefore, it is incumbent that these services be prevented from automated access and misuse by bots, and it should be done without affecting human users. CAPTCHA challenges help the Internet-based services distinguish between humans and bots, and based on the CAPTCHA test result, and they deny access to the bots. Nowadays, CAPTCHA tests are extensively used on the Internet and have effectively kept away automated bots and prevented misuse of online services only for human users [2]. CAPTCHAs are used for securing web-based services in many ways. They prevent bots from creating email accounts that can misuse online email services and send SPAM emails. CAPTCHAs are also used to prevent search engines and crawlers from accessing web pages and accessing or copying any type of content. Spammers use web crawlers to automatically fetch website content and harvest email addresses from website content. CAPTCHAs can help hide email addresses by default and reveal them only to human users. CAPTCHAs help prevent hacking attacks by defending against brute force and dictionary attacks. These attacks work by trying many login attempts at a fast rate. CAPTCHAs help determine if the client is a human, and only then the service allows further attempts to log in or access the prevented resource. Online services are intended to enable human users to keep trying logging in, even after a bunch of failed attempts, rather than disallow further login attempts, as in the case of bots. Asking a human user to solve a CAPTCHA instead of blocking them offers users a better user experience than being blocked from further login attempts. CAPTCHAs prevent bots from accessing and spamming discussion forums, comment sections of websites, online polling systems and social media applications. Gaming bots can be highly competitive against human users in playing computer games and thus need to be kept away from online gaming platforms. CAPTCHAs help e- commerce websites reject bots that obtain product information and pricing for price comparison. CAPTCHAs play an essential role in keeping these bots away from online services. Hackers constantly keep trying to bypass CAPTCHAs by implementing CAPTCHA breaking techniques in their bots, making it necessary to design more secure CAPTCHA challenges. There are several types of CAPTCHA challenges currently on the Internet-based services viz. Text-based CAPTCHA, Image-based CAPTCHAs, Audio-based CAPTCHA, Video-based CAPTCHAs, Puzzle-based CAPTCHAs, Mouse based CAPTCHAs and Invisible CAPTCHA. The most common type of CAPTCHA is Text-based, in which a set of characters is displayed on an image, and the user is required to recognize the text characters and type them in a text box. If the user input matches the characters displayed on the image, the CAPTCHA is accepted as passed. Some examples of Text-based CAPTCHAs are EZ gimpy, Gimpy, Register, Ticketmaster, Yahoo and its multiple Versions, Mailblocks, Google, MSN, Holiday inn priority CAPTCHA, Phpcaptcha.org, FreeCap, Megaupload, BotDetect, Cryptograph, LinkedIn, Authorize, Baidu, Blizzard, CAPTCHA.net, CNN, Digg, Megaupload, Slashdot,