Visible to the public Biblio

Filters: First Letter Of Title is K  [Clear All Filters]
A B C D E F G H I J [K] L M N O P Q R S T U V W X Y Z   [Show ALL]
K
Lingyu Wang, Jajodia, S., Singhal, A., Pengsu Cheng, Noel, S..  2014.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities. Dependable and Secure Computing, IEEE Transactions on. 11:30-44.

By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on security metrics has been hindered by difficulties in handling zero-day attacks exploiting unknown vulnerabilities. In fact, the security risk of unknown vulnerabilities has been considered as something unmeasurable due to the less predictable nature of software flaws. This causes a major difficulty to security metrics, because a more secure configuration would be of little value if it were equally susceptible to zero-day attacks. In this paper, we propose a novel security metric, k-zero day safety, to address this issue. Instead of attempting to rank unknown vulnerabilities, our metric counts how many such vulnerabilities would be required for compromising network assets; a larger count implies more security because the likelihood of having more unknown vulnerabilities available, applicable, and exploitable all at the same time will be significantly lower. We formally define the metric, analyze the complexity of computing the metric, devise heuristic algorithms for intractable cases, and finally demonstrate through case studies that applying the metric to existing network security practices may generate actionable knowledge.

Liu, F., Li, J., Wang, Y., Li, L..  2019.  Kubestorage: A Cloud Native Storage Engine for Massive Small Files. 2019 6th International Conference on Behavioral, Economic and Socio-Cultural Computing (BESC). :1—4.
Cloud Native, the emerging computing infrastructure has become a new trend for cloud computing, especially after the development of containerization technology such as docker and LXD, and the orchestration system for them like Kubernetes and Swarm. With the growing popularity of Cloud Native, the following problems have been raised: (i) most Cloud Native applications were designed for making full use of the cloud platform, but their file storage has not been completely optimized for adapting it. (ii) the traditional file system is designed as a utility for storing and retrieving files, usually built into the kernel of the operating systems. But when placing it to a large-scale condition, like a network storage server shared by thousands of computing instances, and stores millions of files, it will be slow and even unstable. (iii) most storage solutions use metadata for faster tracking of files, but the metadata itself will take up a lot of space, and the capacity of it is usually limited. If the file system store metadata directly into hard disk without caching, the tracking of massive small files will be a lot slower. (iv) The traditional object storage solution can't provide enough features to make itself more practical on the cloud such as caching and auto replication. This paper proposes a new storage engine based on the well-known Haystack storage engine, optimized in terms of service discovery and Automated fault tolerance, make it more suitable for Cloud Native infrastructure, deployment and applications. We use the object storage model to solve the large and high-frequency file storage needs, offering a simple and unified set of APIs for application to access. We also take advantage of Kubernetes' sophisticated and automated toolchains to make cloud storage easier to deploy, more flexible to scale, and more stable to run.
Omori, T., Isono, Y., Kondo, K., Akamine, Y., Kidera, S..  2020.  k-Space Decomposition Based Super-resolution Three-dimensional Imaging Method for Millimeter Wave Radar. 2020 IEEE Radar Conference (RadarConf20). :1–6.
Millimeter wave imaging radar is indispensible for collision avoidance of self-driving system, especially in optically blurred visions. The range points migration (RPM) is one of the most promising imaging algorithms, which provides a number of advantages from synthetic aperture radar (SAR), in terms of accuracy, computational complexity, and potential for multifunctional imaging. The inherent problem in the RPM is that it suffers from lower angular resolution in narrower frequency band even if higher frequency e.g. millimeter wave, signal is exploited. To address this problem, the k-space decomposition based RPM has been developed. This paper focuses on the experimental validation of this method using the X-band or millimeter wave radar system, and demonstrated that our method significantly enhances the reconstruction accuracy in three-dimensional images for the two simple spheres and realistic vehicle targets.
Xu, Meng, Kashyap, Sanidhya, Zhao, Hanqing, Kim, Taesoo.  2020.  Krace: Data Race Fuzzing for Kernel File Systems. 2020 IEEE Symposium on Security and Privacy (SP). :1643—1660.
Data races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.
Huo, Weiqian, Pei, Jisheng, Zhang, Ke, Ye, Xiaojun.  2014.  KP-ABE with Attribute Extension: Towards Functional Encryption Schemes Integration. 2014 Sixth International Symposium on Parallel Architectures, Algorithms and Programming. :230—237.

To allow fine-grained access control of sensitive data, researchers have proposed various types of functional encryption schemes, such as identity-based encryption, searchable encryption and attribute-based encryption. We observe that it is difficult to define some complex access policies in certain application scenarios by using these schemes individually. In this paper, we attempt to address this problem by proposing a functional encryption approach named Key-Policy Attribute-Based Encryption with Attribute Extension (KP-ABE-AE). In this approach, we utilize extended attributes to integrate various encryption schemes that support different access policies under a common top-level KP-ABE scheme, thus expanding the scope of access policies that can be defined. Theoretical analysis and experimental studies are conducted to demonstrate the applicability of the proposed KP-ABE-AE. We also present an optimization for a special application of KP-ABE-AE where IPE schemes are integrated with a KP-ABE scheme. The optimization results in an integrated scheme with better efficiency when compared to the existing encryption schemes that support the same scope of access policies.

Si, Xiaolin, Wang, Pengpian, Zhang, Liwu.  2013.  KP-ABE Based Verifiable Cloud Access Control Scheme. 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. :34—41.

With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed.

Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh.  2017.  Kont: Computing Tradeoffs in Normative Multiagent Systems. 31st Conference on Artificial Intelligence (AAAI).
Kozen, Dexter.  2016.  Kolmogorov Extension, Martingale Convergence, and Compositionality of Processes. Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science. :692–699.

We show that the Kolmogorov extension theorem and the Doob martingale convergence theorem are two aspects of a common generalization, namely a colimit-like construction in a category of Radon spaces and reversible Markov kernels. The construction provides a compositional denotational semantics for lossless iteration in probabilistic programming languages, even in the absence of a natural partial order.

Sion, Laurens, Yskout, Koen, Van Landuyt, Dimitri, Joosen, Wouter.  2018.  Knowledge-enriched Security and Privacy Threat Modeling. Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. :290–291.
Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design.
Angarita, Rafael, Rukoz, Marta, Manouvrier, Maude, Cardinale, Yudith.  2016.  A Knowledge-based Approach for Self-healing Service-oriented Applications. Proceedings of the 8th International Conference on Management of Digital EcoSystems. :1–8.

In the context of service-oriented applications, the self-healing property provides reliable execution in order to support failures and assist automatic recovery techniques. This paper presents a knowledge-based approach for self-healing Composite Service (CS) applications. A CS is an application composed by a set of services interacting each other and invoked on the Web. Our approach is supported by Service Agents, which are in charge of the CS fault-tolerance execution control, making decisions about the selection of recovery and proactive strategies. Service Agents decisions are based on the information they have about the whole application, about themselves, and about what it is expected and what it is really happening at run-time. Hence, application knowledge for decision making comprises off-line precomputed global and local information, user QoS preferences, and propagated actual run-time information. Our approach is evaluated experimentally using a case study.

Auxilia, M., Raja, K..  2016.  Knowledge Based Security Model for Banking in Cloud. Proceedings of the International Conference on Informatics and Analytics. :51:1–51:6.

Cloud computing is one of the happening technologies in these years and gives scope to lot of research ideas. Banks are likely to enter the cloud computing field because of abundant advantages offered by cloud like reduced IT costs, pay-per-use modeling, and business agility and green IT. Main challenges to be addressed while moving bank to cloud are security breach, governance, and Service Level Agreements (SLA). Banks should not give prospect for security breaches at any cost. Access control and authorization are vivacious solutions to security risks. Thus we are proposing a knowledge based security model addressing the present issue. Separate ontologies for subject, object, and action elements are created and an authorization rule is framed by considering the inter linkage between those elements to ensure data security with restricted access. Moreover banks are now using Software as a Service (SaaS), which is managed by Cloud Service Providers (CSPs). Banks rely upon the security measures provided by CSPs. If CSPs follow traditional security model, then the data security will be a big question. Our work facilitates the bank to pose some security measures on their side along with the security provided by the CSPs. Banks can add and delete rules according to their needs and can have control over the data in addition to CSPs. We also showed the performance analysis of our model and proved that our model provides secure access to bank data.

El Haourani, Lamia, Elkalam, Anas Abou, Ouahman, Abdelah Ait.  2018.  Knowledge Based Access Control a Model for Security and Privacy in the Big Data. Proceedings of the 3rd International Conference on Smart City Applications. :16:1-16:8.
The most popular features of Big Data revolve around the so-called "3V" criterion: Volume, Variety and Velocity. Big Data is based on the massive collection and in-depth analysis of personal data, with a view to profiling, or even marketing and commercialization, thus violating citizens' privacy and the security of their data. In this article we discuss security and privacy solutions in the context of Big Data. We then focus on access control and present our new model called Knowledge-based Access Control (KBAC); this strengthens the access control already deployed in the target company (e.g., based on "RBAC" role or "ABAC" attributes for example) by adding a semantic access control layer. KBAC offers thinner access control, tailored to Big Data, with effective protection against intrusion attempts and unauthorized data inferences.
Lu, Marisa, Bose, Gautam, Lee, Austin, Scupelli, Peter.  2017.  Knock Knock to Unlock: A Human-centered Novel Authentication Method for Secure System Fluidity. Proceedings of the Eleventh International Conference on Tangible, Embedded, and Embodied Interaction. :729–732.

When a person gets to a door and wants to get in, what do they do? They knock. In our system, the user's specific knock pattern authenticates their identity, and opens the door for them. The system empowers people's intuitive actions and responses to affect the world around them in a new way. We leverage IOT, and physical computing to make more technology feel like less. From there, the system of a knock based entrance creates affordances in social interaction for shared spaces wherein ownership fluidity and accessibility needs to be balanced with security

Nadeem, Humaira, Rabbani, Imran Mujaddid, Aslam, Muhammad, M, Martinez Enriquez A..  2018.  KNN-Fuzzy Classification for Cloud Service Selection. Proceedings of the 2Nd International Conference on Future Networks and Distributed Systems. :66:1-66:8.

Cloud computing is an emerging technology that provides services to its users via Internet. It also allows sharing of resources there by reducing cost, money and space. With the popularity of cloud and its advantages, the trend of information industry shifting towards cloud services is increasing tremendously. Different cloud service providers are there on internet to provide services to the users. These services provided have certain parameters to provide better usage. It is difficult for the users to select a cloud service that is best suited to their requirements. Our proposed approach is based on data mining classification technique with fuzzy logic. Proposed algorithm uses cloud service design factors (security, agility and assurance etc.) and international standards to suggest the cloud service. The main objective of this research is to enable the end cloud users to choose best service as per their requirements and meeting international standards. We test our system with major cloud provider Google, Microsoft and Amazon.

Gu, P., Khatoun, R., Begriche, Y., Serhrouchni, A..  2017.  k-Nearest Neighbours classification based Sybil attack detection in Vehicular networks. 2017 Third International Conference on Mobile and Secure Services (MobiSecServ). :1–6.

In Vehicular networks, privacy, especially the vehicles' location privacy is highly concerned. Several pseudonymous based privacy protection mechanisms have been established and standardized in the past few years by IEEE and ETSI. However, vehicular networks are still vulnerable to Sybil attack. In this paper, a Sybil attack detection method based on k-Nearest Neighbours (kNN) classification algorithm is proposed. In this method, vehicles are classified based on the similarity in their driving patterns. Furthermore, the kNN methods' high runtime complexity issue is also optimized. The simulation results show that our detection method can reach a high detection rate while keeping error rate low.

Ranjan, G S K, Kumar Verma, Amar, Radhika, Sudha.  2019.  K-Nearest Neighbors and Grid Search CV Based Real Time Fault Monitoring System for Industries. 2019 IEEE 5th International Conference for Convergence in Technology (I2CT). :1—5.
Fault detection in a machine at earlier stage can prevent severe damage and loss to the industries. Fault detection techniques are broadly classified into three categories; signature extraction-based, model-based and knowledge-based approach. Model-based techniques are efficient for raising an alarm signal if there is any fault in the machine. This paper focuses on one such model based-technique to identify the internal faults of induction machine. The model developed is deployed in the end to make it feasible to use in real time. K-Nearest Neighbors (KNN) and grid search cross validation (CV) have been used to train and optimize the model to give the best results. The advantage of proposed algorithm is the accuracy in prediction which has been seen to be 80%. Finally, a user friendly interface has been built using Flask, a python web framework.
Yan, Donghui, Wang, Yingjie, Wang, Jin, Wang, Honggang, Li, Zhenpeng.  2018.  K-nearest Neighbor Search by Random Projection Forests. 2018 IEEE International Conference on Big Data (Big Data). :4775—4781.
K-nearest neighbor (kNN) search has wide applications in many areas, including data mining, machine learning, statistics and many applied domains. Inspired by the success of ensemble methods and the flexibility of tree-based methodology, we propose random projection forests, rpForests, for kNN search. rpForests finds kNNs by aggregating results from an ensemble of random projection trees with each constructed recursively through a series of carefully chosen random projections. rpForests achieves a remarkable accuracy in terms of fast decay in the missing rate of kNNs and that of discrepancy in the kNN distances. rpForests has a very low computational complexity. The ensemble nature of rpForests makes it easily run in parallel on multicore or clustered computers; the running time is expected to be nearly inversely proportional to the number of cores or machines. We give theoretical insights by showing the exponential decay of the probability that neighboring points would be separated by ensemble random projection trees when the ensemble size increases. Our theory can be used to refine the choice of random projections in the growth of trees, and experiments show that the effect is remarkable.
Cai, Y., Huang, H., Cai, H., Qi, Y..  2017.  A K-nearest neighbor locally search regression algorithm for short-term traffic flow forecasting. 2017 9th International Conference on Modelling, Identification and Control (ICMIC). :624–629.

Accurate short-term traffic flow forecasting is of great significance for real-time traffic control, guidance and management. The k-nearest neighbor (k-NN) model is a classic data-driven method which is relatively effective yet simple to implement for short-term traffic flow forecasting. For conventional prediction mechanism of k-NN model, the k nearest neighbors' outputs weighted by similarities between the current traffic flow vector and historical traffic flow vectors is directly used to generate prediction values, so that the prediction results are always not ideal. It is observed that there are always some outliers in k nearest neighbors' outputs, which may have a bad influences on the prediction value, and the local similarities between current traffic flow and historical traffic flows at the current sampling period should have a greater relevant to the prediction value. In this paper, we focus on improving the prediction mechanism of k-NN model and proposed a k-nearest neighbor locally search regression algorithm (k-LSR). The k-LSR algorithm can use locally search strategy to search for optimal nearest neighbors' outputs and use optimal nearest neighbors' outputs weighted by local similarities to forecast short-term traffic flow so as to improve the prediction mechanism of k-NN model. The proposed algorithm is tested on the actual data and compared with other algorithms in performance. We use the root mean squared error (RMSE) as the evaluation indicator. The comparison results show that the k-LSR algorithm is more successful than the k-NN and k-nearest neighbor locally weighted regression algorithm (k-LWR) in forecasting short-term traffic flow, and which prove the superiority and good practicability of the proposed algorithm.

Shirazi, Hossein, Bezawada, Bruhadeshwar, Ray, Indrakshi.  2018.  "Kn0W Thy Doma1N Name": Unbiased Phishing Detection Using Domain Name Based Features. Proceedings of the 23Nd ACM on Symposium on Access Control Models and Technologies. :69-75.

Phishing websites remain a persistent security threat. Thus far, machine learning approaches appear to have the best potential as defenses. But, there are two main concerns with existing machine learning approaches for phishing detection. The first is the large number of training features used and the lack of validating arguments for these feature choices. The second concern is the type of datasets used in the literature that are inadvertently biased with respect to the features based on the website URL or content. To address these concerns, we put forward the intuition that the domain name of phishing websites is the tell-tale sign of phishing and holds the key to successful phishing detection. Accordingly, we design features that model the relationships, visual as well as statistical, of the domain name to the key elements of a phishing website, which are used to snare the end-users. The main value of our feature design is that, to bypass detection, an attacker will find it very difficult to tamper with the visual content of the phishing website without arousing the suspicion of the end user. Our feature set ensures that there is minimal or no bias with respect to a dataset. Our learning model trains with only seven features and achieves a true positive rate of 98% and a classification accuracy of 97%, on sample dataset. Compared to the state-of-the-art work, our per data instance classification is 4 times faster for legitimate websites and 10 times faster for phishing websites. Importantly, we demonstrate the shortcomings of using features based on URLs as they are likely to be biased towards specific datasets. We show the robustness of our learning algorithm by testing on unknown live phishing URLs and achieve a high detection accuracy of \$99.7%\$.

Haoliang, Sun, Dawei, Wang, Ying, Zhang.  2019.  K-Means Clustering Analysis Based on Adaptive Weights for Malicious Code Detection. 2019 IEEE 11th International Conference on Communication Software and Networks (ICCSN). :652—656.

Nowadays, a major challenge to network security is malicious codes. However, manual extraction of features is one of the characteristics of traditional detection techniques, which is inefficient. On the other hand, the features of the content and behavior of the malicious codes are easy to change, resulting in more inefficiency of the traditional techniques. In this paper, a K-Means Clustering Analysis is proposed based on Adaptive Weights (AW-MMKM). Identifying malicious codes in the proposed method is based on four types of network behavior that can be extracted from network traffic, including active, fault, network scanning, and page behaviors. The experimental results indicate that the AW-MMKM can detect malicious codes efficiently with higher accuracy.

Li, D., Zhang, Z., Liao, W., Xu, Z..  2018.  KLRA: A Kernel Level Resource Auditing Tool For IoT Operating System Security. 2018 IEEE/ACM Symposium on Edge Computing (SEC). :427-432.

Nowadays, the rapid development of the Internet of Things facilitates human life and work, while it also brings great security risks to the society due to the frequent occurrence of various security issues. IoT device has the characteristics of large-scale deployment and single responsibility application, which makes it easy to cause a chain reaction and results in widespread privacy leakage and system security problems when the software vulnerability is identified. It is difficult to guarantee that there is no security hole in the IoT operating system which is usually designed for MCU and has no kernel mode. An alternative solution is to identify the security issues in the first time when the system is hijacked and suspend the suspicious task before it causes irreparable damage. This paper proposes KLRA (A Kernel Level Resource Auditing Tool) for IoT Operating System Security This tool collects the resource-sensitive events in the kernel and audit the the resource consumption pattern of the system at the same time. KLRA can take fine-grained events measure with low cost and report the relevant security warning in the first time when the behavior of the system is abnormal compared with daily operations for the real responsibility of this device. KLRA enables the IoT operating system for MCU to generate the security early warning and thereby provides a self-adaptive heuristic security mechanism for the entire IoT system.

Qazi, Zafar Ayyub, Penumarthi, Phani Krishna, Sekar, Vyas, Gopalakrishnan, Vijay, Joshi, Kaustubh, Das, Samir R..  2016.  KLEIN: A Minimally Disruptive Design for an Elastic Cellular Core. Proceedings of the Symposium on SDN Research. :2:1–2:12.

Today's cellular core, which connects the radio access network to the Internet, relies on fixed hardware appliances placed at a few dedicated locations and uses relatively static routing policies. As such, today's core design has key limitations—it induces inefficient provisioning tradeoffs and is poorly equipped to handle overload, failure scenarios, and diverse application requirements. To address these limitations, ongoing efforts envision "clean slate" solutions that depart from cellular standards and routing protocols; e.g., via programmable switches at base stations and per-flow SDN-like orchestration. The driving question of this work is to ask if a clean-slate redesign is necessary and if not, how can we design a flexible cellular core that is minimally disruptive. We propose KLEIN, a design that stays within the confines of current cellular standards and addresses the above limitations by combining network functions virtualization with smart resource management. We address key challenges w.r.t. scalability and responsiveness in realizing KLEIN via backwards-compatible orchestration mechanisms. Our evaluations through data-driven simulations and real prototype experiments using OpenAirInterface show that KLEIN can scale to billions of devices and is close to optimal for wide variety of traffic and deployment parameters.

Brannsten, M. R., Bloebaum, T. H., Johnsen, F. T., Reitan, B. K..  2017.  Kings Eye: Platform Independent Situational Awareness. 2017 International Conference on Military Communications and Information Systems (ICMCIS). :1–5.

Kings Eye is a platform independent situational awareness prototype for smart devices. Platform independence is important as there are more and more soldiers bringing their own devices, with different operating systems, into the field. The concept of Bring Your Own Device (BYOD) is a low-cost approach to equipping soldiers with situational awareness tools and by this it is important to facilitate and evaluate such solutions.

Miao Yingkai, Chen Jia.  2014.  A Kind of Identity Authentication under Cloud Computing Environment. Intelligent Computation Technology and Automation (ICICTA), 2014 7th International Conference on. :12-15.

An identity authentication scheme is proposed combining with biometric encryption, public key cryptography of homomorphism and predicate encryption technology under the cloud computing environment. Identity authentication scheme is proposed based on the voice and homomorphism technology. The scheme is divided into four stages, register and training template stage, voice login and authentication stage, authorization stage, and audit stage. The results prove the scheme has certain advantages in four aspects.

Wang, Zhao, Xi, Yuan.  2016.  A Kind of De-noising and Segmentation Method for Hollow CAPTCHAs with Noise Arcs. Proceedings of the Fifth International Conference on Network, Communication and Computing. :68–72.
While many text-based CAPTCHA schemes have been broken, hollow CAPTCHAs as a new technology have been used by many websites. The generation method of currently used hollow CAPTCHAs is investigated, we found there is color difference between the boundary of characters contour lines and noise arcs. An algorithm of noise arcs removal to deal with this vulnerability is proposed. Furthermore, a de-noising and segmentation scheme for hollow CAPTCHAs with noise arcs is presented. The scheme is verified by the real CAPTCHA data from the website Sina Weibo. The success segmentation rate is 77%. Finally, some advice is given to improve the design of hollow CAPTCHA.