PointGuard: Provably Robust 3D Point Cloud Classification
- URL: http://arxiv.org/abs/2103.03046v1
- Date: Thu, 4 Mar 2021 14:09:37 GMT
- Title: PointGuard: Provably Robust 3D Point Cloud Classification
- Authors: Hongbin Liu, Jinyuan Jia, Neil Zhenqiang Gong
- Abstract summary: 3D point cloud classification has many safety-critical applications such as autonomous driving and robotic grasping.
In particular, an attacker can make a classifier predict an incorrect label for a 3D point cloud via carefully modifying, adding, and/or deleting a small number of its points.
We propose PointGuard, the first defense that has provable robustness guarantees against adversarially modified, added, and/or deleted points.
- Score: 30.954481481297563
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: 3D point cloud classification has many safety-critical applications such as
autonomous driving and robotic grasping. However, several studies showed that
it is vulnerable to adversarial attacks. In particular, an attacker can make a
classifier predict an incorrect label for a 3D point cloud via carefully
modifying, adding, and/or deleting a small number of its points. Randomized
smoothing is state-of-the-art technique to build certifiably robust 2D image
classifiers. However, when applied to 3D point cloud classification, randomized
smoothing can only certify robustness against adversarially {modified} points.
In this work, we propose PointGuard, the first defense that has provable
robustness guarantees against adversarially modified, added, and/or deleted
points. Specifically, given a 3D point cloud and an arbitrary point cloud
classifier, our PointGuard first creates multiple subsampled point clouds, each
of which contains a random subset of the points in the original point cloud;
then our PointGuard predicts the label of the original point cloud as the
majority vote among the labels of the subsampled point clouds predicted by the
point cloud classifier. Our first major theoretical contribution is that we
show PointGuard provably predicts the same label for a 3D point cloud when the
number of adversarially modified, added, and/or deleted points is bounded. Our
second major theoretical contribution is that we prove the tightness of our
derived bound when no assumptions on the point cloud classifier are made.
Moreover, we design an efficient algorithm to compute our certified robustness
guarantees. We also empirically evaluate PointGuard on ModelNet40 and ScanNet
benchmark datasets.
Related papers
- FreePoint: Unsupervised Point Cloud Instance Segmentation [72.64540130803687]
We propose FreePoint, for underexplored unsupervised class-agnostic instance segmentation on point clouds.
We represent point features by combining coordinates, colors, and self-supervised deep features.
Based on the point features, we segment point clouds into coarse instance masks as pseudo labels, which are used to train a point cloud instance segmentation model.
arXiv Detail & Related papers (2023-05-11T16:56:26Z) - PointCert: Point Cloud Classification with Deterministic Certified
Robustness Guarantees [63.85677512968049]
Point cloud classification is an essential component in many security-critical applications such as autonomous driving and augmented reality.
Existing certified defenses against adversarial point clouds suffer from a key limitation: their certified robustness guarantees are probabilistic.
We propose a general framework, namely PointCert, that can transform an arbitrary point cloud classifier to be certifiably robust against adversarial point clouds.
arXiv Detail & Related papers (2023-03-03T14:32:48Z) - PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models
Against Adversarial Examples [63.84378007819262]
We propose PointCA, the first adversarial attack against 3D point cloud completion models.
PointCA can generate adversarial point clouds that maintain high similarity with the original ones.
We show that PointCA can cause a performance degradation from 77.9% to 16.7%, with the structure chamfer distance kept below 0.01.
arXiv Detail & Related papers (2022-11-22T14:15:41Z) - Robust Structured Declarative Classifiers for 3D Point Clouds: Defending
Adversarial Attacks with Implicit Gradients [27.738181762952006]
Current defenders often learn to denoise the adversarial point clouds by reconstruction, and then feed them to the adversarials as input.
We propose a family of robust structured declaratives for point cloud classification, where the internal constrained optimization mechanism can effectively defend adversarial attacks.
We demonstrate state-of-the-art point cloud classification performance on ModelNet40 and ScanNet under seven different attackers.
arXiv Detail & Related papers (2022-03-29T05:35:51Z) - Shape-invariant 3D Adversarial Point Clouds [111.72163188681807]
Adversary and invisibility are two fundamental but conflict characters of adversarial perturbations.
Previous adversarial attacks on 3D point cloud recognition have often been criticized for their noticeable point outliers.
We propose a novel Point-Cloud Sensitivity Map to boost both the efficiency and imperceptibility of point perturbations.
arXiv Detail & Related papers (2022-03-08T12:21:35Z) - IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function
based Restoration [68.88711148515682]
Deep neural networks are vulnerable to various 3D adversarial attacks.
We propose an IF-Defense framework to directly optimize the coordinates of input points with geometry-aware and distribution-aware constraints.
Our results show that IF-Defense achieves the state-of-the-art defense performance against existing 3D adversarial attacks on PointNet, PointNet++, DGCNN, PointConv and RS-CNN.
arXiv Detail & Related papers (2020-10-11T15:36:40Z) - ShapeAdv: Generating Shape-Aware Adversarial 3D Point Clouds [78.25501874120489]
We develop shape-aware adversarial 3D point cloud attacks by leveraging the learned latent space of a point cloud auto-encoder.
Different from prior works, the resulting adversarial 3D point clouds reflect the shape variations in the 3D point cloud space while still being close to the original one.
arXiv Detail & Related papers (2020-05-24T00:03:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.