Random Walks for Adversarial Meshes
- URL: http://arxiv.org/abs/2202.07453v1
- Date: Tue, 15 Feb 2022 14:31:17 GMT
- Title: Random Walks for Adversarial Meshes
- Authors: Amir Belder, Gal Yefet, Ran Ben Izhak, Ayellet Tal
- Abstract summary: This paper proposes a novel, unified, and general adversarial attack on mesh classification neural networks.
Our attack approach is black-box, i.e. it has access only to the network's predictions, but not to the network's full architecture or gradients.
- Score: 12.922946578413578
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: A polygonal mesh is the most-commonly used representation of surfaces in
computer graphics; thus, a variety of classification networks have been
recently proposed. However, while adversarial attacks are wildly researched in
2D, almost no works on adversarial meshes exist. This paper proposes a novel,
unified, and general adversarial attack, which leads to misclassification of
numerous state-of-the-art mesh classification neural networks. Our attack
approach is black-box, i.e. it has access only to the network's predictions,
but not to the network's full architecture or gradients. The key idea is to
train a network to imitate a given classification network. This is done by
utilizing random walks along the mesh surface, which gather geometric
information. These walks provide insight onto the regions of the mesh that are
important for the correct prediction of the given classification network. These
mesh regions are then modified more than other regions in order to attack the
network in a manner that is barely visible to the naked eye.
Related papers
- SieveNet: Selecting Point-Based Features for Mesh Networks [41.74190660234404]
Meshes are widely used in 3D computer vision and graphics, but their irregular topology poses challenges in applying them to existing neural network architectures.
Recent advances in mesh neural networks turn to remeshing and push the boundary of pioneer methods that solely take the raw meshes as input.
We propose SieveNet, a novel paradigm that takes into account both the regular topology and the exact geometry.
arXiv Detail & Related papers (2023-08-24T03:40:16Z) - Unfolding Local Growth Rate Estimates for (Almost) Perfect Adversarial
Detection [22.99930028876662]
Convolutional neural networks (CNN) define the state-of-the-art solution on many perceptual tasks.
Current CNN approaches largely remain vulnerable against adversarial perturbations of the input that have been crafted specifically to fool the system.
We propose a simple and light-weight detector, which leverages recent findings on the relation between networks' local intrinsic dimensionality (LID) and adversarial attacks.
arXiv Detail & Related papers (2022-12-13T17:51:32Z) - SAGA: Spectral Adversarial Geometric Attack on 3D Meshes [13.84270434088512]
A triangular mesh is one of the most popular 3D data representations.
We propose a novel framework for a geometric adversarial attack on a 3D mesh autoencoder.
arXiv Detail & Related papers (2022-11-24T19:29:04Z) - Generating Band-Limited Adversarial Surfaces Using Neural Networks [0.9208007322096533]
adversarial examples is the art of creating a noise that is added to an input signal of a classifying neural network.
In this technical report we suggest a neural network that generates the attacks.
arXiv Detail & Related papers (2021-11-14T19:16:05Z) - Temporal Graph Network Embedding with Causal Anonymous Walks
Representations [54.05212871508062]
We propose a novel approach for dynamic network representation learning based on Temporal Graph Network.
For evaluation, we provide a benchmark pipeline for the evaluation of temporal network embeddings.
We show the applicability and superior performance of our model in the real-world downstream graph machine learning task provided by one of the top European banks.
arXiv Detail & Related papers (2021-08-19T15:39:52Z) - BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by
Adversarial Attacks [65.2021953284622]
We study robustness of CNNs against white-box and black-box adversarial attacks.
Results are shown for distilled CNNs, agent-based state-of-the-art pruned models, and binarized neural networks.
arXiv Detail & Related papers (2021-03-14T20:43:19Z) - MixNet for Generalized Face Presentation Attack Detection [63.35297510471997]
We have proposed a deep learning-based network termed as textitMixNet to detect presentation attacks.
The proposed algorithm utilizes state-of-the-art convolutional neural network architectures and learns the feature mapping for each attack category.
arXiv Detail & Related papers (2020-10-25T23:01:13Z) - Dynamic Graph: Learning Instance-aware Connectivity for Neural Networks [78.65792427542672]
Dynamic Graph Network (DG-Net) is a complete directed acyclic graph, where the nodes represent convolutional blocks and the edges represent connection paths.
Instead of using the same path of the network, DG-Net aggregates features dynamically in each node, which allows the network to have more representation ability.
arXiv Detail & Related papers (2020-10-02T16:50:26Z) - Patch-wise Attack for Fooling Deep Neural Network [153.59832333877543]
We propose a patch-wise iterative algorithm -- a black-box attack towards mainstream normally trained and defense models.
We significantly improve the success rate by 9.2% for defense models and 3.7% for normally trained models on average.
arXiv Detail & Related papers (2020-07-14T01:50:22Z) - ESPN: Extremely Sparse Pruned Networks [50.436905934791035]
We show that a simple iterative mask discovery method can achieve state-of-the-art compression of very deep networks.
Our algorithm represents a hybrid approach between single shot network pruning methods and Lottery-Ticket type approaches.
arXiv Detail & Related papers (2020-06-28T23:09:27Z) - MeshWalker: Deep Mesh Understanding by Random Walks [19.594977587417247]
We look at the most popular representation of 3D shapes in computer graphics - a triangular mesh - and ask how it can be utilized within deep learning.
This paper proposes a very different approach, termed MeshWalker, to learn the shape directly from a given mesh.
We show that our approach achieves state-of-the-art results for two fundamental shape analysis tasks.
arXiv Detail & Related papers (2020-06-09T15:35:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.