On Isometry Robustness of Deep 3D Point Cloud Models under Adversarial Attacks

• URL: http://arxiv.org/abs/2002.12222v2
• Date: Tue, 10 Mar 2020 10:35:50 GMT
• Title: On Isometry Robustness of Deep 3D Point Cloud Models under Adversarial Attacks
• Authors: Yue Zhao, Yuwei Wu, Caihua Chen, Andrew Lim
• Abstract summary: We show that existing state-of-the-art deep 3D models are extremely vulnerable to isometry transformations. We develop a black-box attack with success rate over 95% on ModelNet40 data set. In contrast to previous works, our adversarial samples are experimentally shown to be strongly transferable.
• Score: 28.937800357992906
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: While deep learning in 3D domain has achieved revolutionary performance in many tasks, the robustness of these models has not been sufficiently studied or explored. Regarding the 3D adversarial samples, most existing works focus on manipulation of local points, which may fail to invoke the global geometry properties, like robustness under linear projection that preserves the Euclidean distance, i.e., isometry. In this work, we show that existing state-of-the-art deep 3D models are extremely vulnerable to isometry transformations. Armed with the Thompson Sampling, we develop a black-box attack with success rate over 95% on ModelNet40 data set. Incorporating with the Restricted Isometry Property, we propose a novel framework of white-box attack on top of spectral norm based perturbation. In contrast to previous works, our adversarial samples are experimentally shown to be strongly transferable. Evaluated on a sequence of prevailing 3D models, our white-box attack achieves success rates from 98.88% to 100%. It maintains a successful attack rate over 95% even within an imperceptible rotation range $[\pm 2.81^{\circ}]$.

Related papers

• Transferable 3D Adversarial Shape Completion using Diffusion Models [8.323647730916635]
  3D point cloud feature learning has significantly improved the performance of 3D deep-learning models. Existing attack methods primarily focus on white-box scenarios and struggle to transfer to recently proposed 3D deep-learning models. In this paper, we generate high-quality adversarial point clouds using diffusion models. Our proposed attacks outperform state-of-the-art adversarial attack methods against both black-box models and defenses.
  arXiv  Detail & Related papers  (2024-07-14T04:51:32Z)
• AdvMono3D: Advanced Monocular 3D Object Detection with Depth-Aware Robust Adversarial Training [64.14759275211115]
  We propose a depth-aware robust adversarial training method for monocular 3D object detection, dubbed DART3D. Our adversarial training approach capitalizes on the inherent uncertainty, enabling the model to significantly improve its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2023-09-03T07:05:32Z)
• 3D Adversarial Augmentations for Robust Out-of-Domain Predictions [115.74319739738571]
  We focus on improving the generalization to out-of-domain data. We learn a set of vectors that deform the objects in an adversarial fashion. We perform adversarial augmentation by applying the learned sample-independent vectors to the available objects when training a model.
  arXiv  Detail & Related papers  (2023-08-29T17:58:55Z)
• 3DHacker: Spectrum-based Decision Boundary Generation for Hard-label 3D Point Cloud Attack [64.83391236611409]
  We propose a novel 3D attack method to generate adversarial samples solely with the knowledge of class labels. Even in the challenging hard-label setting, 3DHacker still competitively outperforms existing 3D attacks regarding the attack performance as well as adversary quality.
  arXiv  Detail & Related papers  (2023-08-15T03:29:31Z)
• FrozenRecon: Pose-free 3D Scene Reconstruction with Frozen Depth Models [67.96827539201071]
  We propose a novel test-time optimization approach for 3D scene reconstruction. Our method achieves state-of-the-art cross-dataset reconstruction on five zero-shot testing datasets.
  arXiv  Detail & Related papers  (2023-08-10T17:55:02Z)
• SAGA: Spectral Adversarial Geometric Attack on 3D Meshes [13.84270434088512]
  A triangular mesh is one of the most popular 3D data representations. We propose a novel framework for a geometric adversarial attack on a 3D mesh autoencoder.
  arXiv  Detail & Related papers  (2022-11-24T19:29:04Z)
• Isometric 3D Adversarial Examples in the Physical World [34.291370103424995]
  3D deep learning models are shown to be as vulnerable to adversarial examples as 2D models. Existing attack methods are still far from stealthy and suffer from severe performance degradation in the physical world. We propose a novel $epsilon$-isometric ($epsilon$-ISO) attack to generate natural and robust 3D adversarial examples.
  arXiv  Detail & Related papers  (2022-10-27T09:58:15Z)
• Imperceptible and Robust Backdoor Attack in 3D Point Cloud [62.992167285646275]
  We propose a novel imperceptible and robust backdoor attack (IRBA) to tackle this challenge. We utilize a nonlinear and local transformation, called weighted local transformation (WLT), to construct poisoned samples with unique transformations. Experiments on three benchmark datasets and four models show that IRBA achieves 80%+ ASR in most cases even with pre-processing techniques.
  arXiv  Detail & Related papers  (2022-08-17T03:53:10Z)
• 3D-VField: Learning to Adversarially Deform Point Clouds for Robust 3D Object Detection [111.32054128362427]
  In safety-critical settings, robustness on out-of-distribution and long-tail samples is fundamental to circumvent dangerous issues. We substantially improve the generalization of 3D object detectors to out-of-domain data by taking into account deformed point clouds during training. We propose and share open source CrashD: a synthetic dataset of realistic damaged and rare cars.
  arXiv  Detail & Related papers  (2021-12-09T08:50:54Z)
• PointBA: Towards Backdoor Attacks in 3D Point Cloud [31.210502946247498]
  We present the backdoor attacks in 3D with a unified framework that exploits the unique properties of 3D data and networks. Our proposed backdoor attack in 3D point cloud is expected to perform as a baseline for improving the robustness of 3D deep models.
  arXiv  Detail & Related papers  (2021-03-30T04:49:25Z)
• Geometric Adversarial Attacks and Defenses on 3D Point Clouds [25.760935151452063]
  In this work, we explore adversarial examples at a geometric level. That is, a small change to a clean source point cloud leads, after passing through an autoencoder model, to a shape from a different target class. On the defense side, we show that remnants of the attack's target shape are still present at the reconstructed output after applying the defense to the adversarial input.
  arXiv  Detail & Related papers  (2020-12-10T13:30:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.