Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion

• URL: http://arxiv.org/abs/2211.16247v2
• Date: Fri, 22 Sep 2023 12:42:02 GMT
• Title: Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion
• Authors: Kui Zhang, Hang Zhou, Jie Zhang, Qidong Huang, Weiming Zhang, Nenghai Yu
• Abstract summary: Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving. This paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model.
• Score: 70.60038549155485
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving. Robust training and defend-by-denoising are typical strategies for defending adversarial perturbations. However, they either induce massive computational overhead or rely heavily upon specified priors, limiting generalized robustness against attacks of all kinds. To remedy it, this paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model. To perform distortion-aware forward diffusion, we design a distortion estimation algorithm that is obtained by summing the distance of each point to the best-fitting plane of its local neighboring points, which is based on the observation of the local spatial properties of the adversarial point cloud. By iterative diffusion and reverse denoising, the perturbed point cloud under various distortions can be restored back to a clean distribution. This approach enables effective defense against adaptive attacks with varying noise budgets, enhancing the robustness of existing 3D deep recognition models.

Related papers

• Transferable 3D Adversarial Shape Completion using Diffusion Models [8.323647730916635]
  3D point cloud feature learning has significantly improved the performance of 3D deep-learning models. Existing attack methods primarily focus on white-box scenarios and struggle to transfer to recently proposed 3D deep-learning models. In this paper, we generate high-quality adversarial point clouds using diffusion models. Our proposed attacks outperform state-of-the-art adversarial attack methods against both black-box models and defenses.
  arXiv  Detail & Related papers  (2024-07-14T04:51:32Z)
• Digging into contrastive learning for robust depth estimation with diffusion models [55.62276027922499]
  We propose a novel robust depth estimation method called D4RD. It features a custom contrastive learning mode tailored for diffusion models to mitigate performance degradation in complex environments. In experiments, D4RD surpasses existing state-of-the-art solutions on synthetic corruption datasets and real-world weather conditions.
  arXiv  Detail & Related papers  (2024-04-15T14:29:47Z)
• iBA: Backdoor Attack on 3D Point Cloud via Reconstructing Itself [5.007492246056274]
  MirrorAttack is a novel effective 3D backdoor attack method. It implants the trigger by simply reconstructing a clean point cloud with an auto-encoder. We achieve state-of-the-art ASR on different types of victim models with the intervention of defensive techniques.
  arXiv  Detail & Related papers  (2024-03-09T09:15:37Z)
• Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds [62.94859179323329]
  Adrial attack methods based on point manipulation for 3D point cloud classification have revealed the fragility of 3D models. We propose a novel shape-based adversarial attack method, HiT-ADV, which conducts a two-stage search for attack regions based on saliency and imperceptibility perturbation scores. We propose that by employing benign resampling and benign rigid transformations, we can further enhance physical adversarial strength with little sacrifice to imperceptibility.
  arXiv  Detail & Related papers  (2024-03-08T12:08:06Z)
• Risk-optimized Outlier Removal for Robust 3D Point Cloud Classification [54.286437930350445]
  This paper highlights the challenges of point cloud classification posed by various forms of noise. We introduce an innovative point outlier cleansing method that harnesses the power of downstream classification models. Our proposed technique not only robustly filters diverse point cloud outliers but also consistently and significantly enhances existing robust methods for point cloud classification.
  arXiv  Detail & Related papers  (2023-07-20T13:47:30Z)
• Adaptive Local Adversarial Attacks on 3D Point Clouds for Augmented Reality [10.118505317224683]
  Adversarial examples are beneficial to improve the robustness of the 3D neural network model. Most 3D adversarial attack methods perturb the entire point cloud to generate adversarial examples. We propose an adaptive local adversarial attack method (AL-Adv) on 3D point clouds to generate adversarial point clouds.
  arXiv  Detail & Related papers  (2023-03-12T11:52:02Z)
• PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples [63.84378007819262]
  We propose PointCA, the first adversarial attack against 3D point cloud completion models. PointCA can generate adversarial point clouds that maintain high similarity with the original ones. We show that PointCA can cause a performance degradation from 77.9% to 16.7%, with the structure chamfer distance kept below 0.01.
  arXiv  Detail & Related papers  (2022-11-22T14:15:41Z)
• PointCAT: Contrastive Adversarial Training for Robust Point Cloud Recognition [111.55944556661626]
  We propose Point-Cloud Contrastive Adversarial Training (PointCAT) to boost the robustness of point cloud recognition models. We leverage a supervised contrastive loss to facilitate the alignment and uniformity of the hypersphere features extracted by the recognition model. To provide the more challenging corrupted point clouds, we adversarially train a noise generator along with the recognition model from the scratch.
  arXiv  Detail & Related papers  (2022-09-16T08:33:04Z)
• Generating Unrestricted 3D Adversarial Point Clouds [9.685291478330054]
  deep learning for 3D point clouds is still vulnerable to adversarial attacks. We propose an Adversarial Graph-Convolutional Generative Adversarial Network (AdvGCGAN) to generate realistic adversarial 3D point clouds.
  arXiv  Detail & Related papers  (2021-11-17T08:30:18Z)
• Local Aggressive Adversarial Attacks on 3D Point Cloud [12.121901103987712]
  Deep neural networks are prone to adversarial examples which could deliberately fool the model to make mistakes. In this paper, we propose a local aggressive adversarial attacks (L3A) to solve above issues. Experiments on PointNet, PointNet++ and DGCNN demonstrate the state-of-the-art performance of our method.
  arXiv  Detail & Related papers  (2021-05-19T12:22:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.