On Adversarial Robustness of Point Cloud Semantic Segmentation

• URL: http://arxiv.org/abs/2112.05871v4
• Date: Sun, 23 Apr 2023 23:45:13 GMT
• Title: On Adversarial Robustness of Point Cloud Semantic Segmentation
• Authors: Jiacen Xu, Zhe Zhou, Boyuan Feng, Yufei Ding, Zhou Li
• Abstract summary: PCSS has been applied in many safety-critical applications like autonomous driving. This study shows how PCSS models are affected under adversarial samples. We call the attention of the research community to develop new approaches to harden PCSS models.
• Score: 16.89469632840972
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Recent research efforts on 3D point cloud semantic segmentation (PCSS) have achieved outstanding performance by adopting neural networks. However, the robustness of these complex models have not been systematically analyzed. Given that PCSS has been applied in many safety-critical applications like autonomous driving, it is important to fill this knowledge gap, especially, how these models are affected under adversarial samples. As such, we present a comparative study of PCSS robustness. First, we formally define the attacker's objective under performance degradation and object hiding. Then, we develop new attack by whether to bound the norm. We evaluate different attack options on two datasets and three PCSS models. We found all the models are vulnerable and attacking point color is more effective. With this study, we call the attention of the research community to develop new approaches to harden PCSS models.

Related papers

• Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models [112.48136829374741]
  In this paper, we unveil a new vulnerability: the privacy backdoor attack. When a victim fine-tunes a backdoored model, their training data will be leaked at a significantly higher rate than if they had fine-tuned a typical model. Our findings highlight a critical privacy concern within the machine learning community and call for a reevaluation of safety protocols in the use of open-source pre-trained models.
  arXiv  Detail & Related papers  (2024-04-01T16:50:54Z)
• PCLD: Point Cloud Layerwise Diffusion for Adversarial Purification [0.8192907805418583]
  Point clouds are extensively employed in a variety of real-world applications such as robotics, autonomous driving and augmented reality. A typical way to assess a model's robustness is through adversarial attacks. We propose Point Cloud Layerwise Diffusion (PCLD), a layerwise diffusion based 3D point cloud defense strategy.
  arXiv  Detail & Related papers  (2024-03-11T13:13:10Z)
• Unified Physical-Digital Face Attack Detection [66.14645299430157]
  Face Recognition (FR) systems can suffer from physical (i.e., print photo) and digital (i.e., DeepFake) attacks. Previous related work rarely considers both situations at the same time. We propose a Unified Attack Detection framework based on Vision-Language Models (VLMs)
  arXiv  Detail & Related papers  (2024-01-31T09:38:44Z)
• A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective [8.941193384980147]
  We focus on threat models targeting the learning process of FL systems. Defense strategies have evolved from using a singular metric to excluding malicious clients. Recent endeavors subtly alter the least significant weights in local models to bypass defense measures.
  arXiv  Detail & Related papers  (2023-11-27T18:32:08Z)
• Clustering based Point Cloud Representation Learning for 3D Analysis [80.88995099442374]
  We propose a clustering based supervised learning scheme for point cloud analysis. Unlike current de-facto, scene-wise training paradigm, our algorithm conducts within-class clustering on the point embedding space. Our algorithm shows notable improvements on famous point cloud segmentation datasets.
  arXiv  Detail & Related papers  (2023-07-27T03:42:12Z)
• Adversarial Robustness Assessment of NeuroEvolution Approaches [1.237556184089774]
  We evaluate the robustness of models found by two NeuroEvolution approaches on the CIFAR-10 image classification task. Our results show that when the evolved models are attacked with iterative methods, their accuracy usually drops to, or close to, zero. Some of these techniques can exacerbate the perturbations added to the original inputs, potentially harming robustness.
  arXiv  Detail & Related papers  (2022-07-12T10:40:19Z)
• FOSTER: Feature Boosting and Compression for Class-Incremental Learning [52.603520403933985]
  Deep neural networks suffer from catastrophic forgetting when learning new categories. We propose a novel two-stage learning paradigm FOSTER, empowering the model to learn new categories adaptively.
  arXiv  Detail & Related papers  (2022-04-10T11:38:33Z)
• Recent improvements of ASR models in the face of adversarial attacks [28.934863462633636]
  Speech Recognition models are vulnerable to adversarial attacks. We show that the relative strengths of different attack algorithms vary considerably when changing the model architecture. We release our source code as a package that should help future research in evaluating their attacks and defenses.
  arXiv  Detail & Related papers  (2022-03-29T22:40:37Z)
• Efficient Person Search: An Anchor-Free Approach [86.45858994806471]
  Person search aims to simultaneously localize and identify a query person from realistic, uncropped images. To achieve this goal, state-of-the-art models typically add a re-id branch upon two-stage detectors like Faster R-CNN. In this work, we present an anchor-free approach to efficiently tackling this challenging task, by introducing the following dedicated designs.
  arXiv  Detail & Related papers  (2021-09-01T07:01:33Z)
• A Deep Marginal-Contrastive Defense against Adversarial Attacks on 1D Models [3.9962751777898955]
  Deep learning algorithms have been recently targeted by attackers due to their vulnerability. Non-continuous deep models are still not robust against adversarial attacks. We propose a novel objective/loss function, which enforces the features to lie under a specified margin to facilitate their prediction.
  arXiv  Detail & Related papers  (2020-12-08T20:51:43Z)
• Orthogonal Deep Models As Defense Against Black-Box Attacks [71.23669614195195]
  We study the inherent weakness of deep models in black-box settings where the attacker may develop the attack using a model similar to the targeted model. We introduce a novel gradient regularization scheme that encourages the internal representation of a deep model to be orthogonal to another. We verify the effectiveness of our technique on a variety of large-scale models.
  arXiv  Detail & Related papers  (2020-06-26T08:29:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.