Robust Structured Declarative Classifiers for 3D Point Clouds: Defending
Adversarial Attacks with Implicit Gradients
- URL: http://arxiv.org/abs/2203.15245v1
- Date: Tue, 29 Mar 2022 05:35:51 GMT
- Title: Robust Structured Declarative Classifiers for 3D Point Clouds: Defending
Adversarial Attacks with Implicit Gradients
- Authors: Kaidong Li, Ziming Zhang, Cuncong Zhong, Guanghui Wang
- Abstract summary: Current defenders often learn to denoise the adversarial point clouds by reconstruction, and then feed them to the adversarials as input.
We propose a family of robust structured declaratives for point cloud classification, where the internal constrained optimization mechanism can effectively defend adversarial attacks.
We demonstrate state-of-the-art point cloud classification performance on ModelNet40 and ScanNet under seven different attackers.
- Score: 27.738181762952006
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep neural networks for 3D point cloud classification, such as PointNet,
have been demonstrated to be vulnerable to adversarial attacks. Current
adversarial defenders often learn to denoise the (attacked) point clouds by
reconstruction, and then feed them to the classifiers as input. In contrast to
the literature, we propose a family of robust structured declarative
classifiers for point cloud classification, where the internal constrained
optimization mechanism can effectively defend adversarial attacks through
implicit gradients. Such classifiers can be formulated using a bilevel
optimization framework. We further propose an effective and efficient
instantiation of our approach, namely, Lattice Point Classifier (LPC), based on
structured sparse coding in the permutohedral lattice and 2D convolutional
neural networks (CNNs) that is end-to-end trainable. We demonstrate
state-of-the-art robust point cloud classification performance on ModelNet40
and ScanNet under seven different attackers. For instance, we achieve 89.51%
and 83.16% test accuracy on each dataset under the recent JGBA attacker that
outperforms DUP-Net and IF-Defense with PointNet by ~70%. Demo code is
available at https://zhang-vislab.github.io.
Related papers
- Data Augmentation-free Unsupervised Learning for 3D Point Cloud
Understanding [61.30276576646909]
We propose an augmentation-free unsupervised approach for point clouds to learn transferable point-level features via soft clustering, named SoftClu.
We exploit the affiliation of points to their clusters as a proxy to enable self-training through a pseudo-label prediction task.
arXiv Detail & Related papers (2022-10-06T10:18:16Z) - SVNet: Where SO(3) Equivariance Meets Binarization on Point Cloud
Representation [65.4396959244269]
The paper tackles the challenge by designing a general framework to construct 3D learning architectures.
The proposed approach can be applied to general backbones like PointNet and DGCNN.
Experiments on ModelNet40, ShapeNet, and the real-world dataset ScanObjectNN, demonstrated that the method achieves a great trade-off between efficiency, rotation, and accuracy.
arXiv Detail & Related papers (2022-09-13T12:12:19Z) - Dynamic Convolution for 3D Point Cloud Instance Segmentation [146.7971476424351]
We propose an approach to instance segmentation from 3D point clouds based on dynamic convolution.
We gather homogeneous points that have identical semantic categories and close votes for the geometric centroids.
The proposed approach is proposal-free, and instead exploits a convolution process that adapts to the spatial and semantic characteristics of each instance.
arXiv Detail & Related papers (2021-07-18T09:05:16Z) - Local Aggressive Adversarial Attacks on 3D Point Cloud [12.121901103987712]
Deep neural networks are prone to adversarial examples which could deliberately fool the model to make mistakes.
In this paper, we propose a local aggressive adversarial attacks (L3A) to solve above issues.
Experiments on PointNet, PointNet++ and DGCNN demonstrate the state-of-the-art performance of our method.
arXiv Detail & Related papers (2021-05-19T12:22:56Z) - PointGuard: Provably Robust 3D Point Cloud Classification [30.954481481297563]
3D point cloud classification has many safety-critical applications such as autonomous driving and robotic grasping.
In particular, an attacker can make a classifier predict an incorrect label for a 3D point cloud via carefully modifying, adding, and/or deleting a small number of its points.
We propose PointGuard, the first defense that has provable robustness guarantees against adversarially modified, added, and/or deleted points.
arXiv Detail & Related papers (2021-03-04T14:09:37Z) - LG-GAN: Label Guided Adversarial Network for Flexible Targeted Attack of
Point Cloud-based Deep Networks [123.5839352227726]
This paper proposes a novel label guided adversarial network (LG-GAN) for real-time flexible targeted point cloud attack.
To the best of our knowledge, this is the first generation based 3D point cloud attack method.
arXiv Detail & Related papers (2020-11-01T17:17:10Z) - IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function
based Restoration [68.88711148515682]
Deep neural networks are vulnerable to various 3D adversarial attacks.
We propose an IF-Defense framework to directly optimize the coordinates of input points with geometry-aware and distribution-aware constraints.
Our results show that IF-Defense achieves the state-of-the-art defense performance against existing 3D adversarial attacks on PointNet, PointNet++, DGCNN, PointConv and RS-CNN.
arXiv Detail & Related papers (2020-10-11T15:36:40Z) - Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood
Ensemble [163.3333439344695]
Dirichlet Neighborhood Ensemble (DNE) is a randomized smoothing method for training a robust model to defense substitution-based attacks.
DNE forms virtual sentences by sampling embedding vectors for each word in an input sentence from a convex hull spanned by the word and its synonyms, and it augments them with the training data.
We demonstrate through extensive experimentation that our method consistently outperforms recently proposed defense methods by a significant margin across different network architectures and multiple data sets.
arXiv Detail & Related papers (2020-06-20T18:01:16Z) - Defensive Approximation: Securing CNNs using Approximate Computing [2.29450472676752]
We show that our approximate computing implementation achieves robustness across a wide range of attack scenarios.
Our model maintains the same level in terms of classification accuracy, does not require retraining, and reduces resource utilization and energy consumption.
arXiv Detail & Related papers (2020-06-13T18:58:25Z) - Triangle-Net: Towards Robustness in Point Cloud Learning [0.0]
We propose a novel approach for 3D classification that can simultaneously achieve invariance towards rotation, positional shift, scaling, and is robust to point sparsity.
We show that our approach outperforms PointNet and 3DmFV by 35.0% and 28.1% respectively in ModelNet 40 classification tasks.
arXiv Detail & Related papers (2020-02-27T20:42:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.