Transferable 3D Adversarial Shape Completion using Diffusion Models

• URL: http://arxiv.org/abs/2407.10077v1
• Date: Sun, 14 Jul 2024 04:51:32 GMT
• Title: Transferable 3D Adversarial Shape Completion using Diffusion Models
• Authors: Xuelong Dai, Bin Xiao,
• Abstract summary: 3D point cloud feature learning has significantly improved the performance of 3D deep-learning models. Existing attack methods primarily focus on white-box scenarios and struggle to transfer to recently proposed 3D deep-learning models. In this paper, we generate high-quality adversarial point clouds using diffusion models. Our proposed attacks outperform state-of-the-art adversarial attack methods against both black-box models and defenses.
• Score: 8.323647730916635
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent studies that incorporate geometric features and transformers into 3D point cloud feature learning have significantly improved the performance of 3D deep-learning models. However, their robustness against adversarial attacks has not been thoroughly explored. Existing attack methods primarily focus on white-box scenarios and struggle to transfer to recently proposed 3D deep-learning models. Even worse, these attacks introduce perturbations to 3D coordinates, generating unrealistic adversarial examples and resulting in poor performance against 3D adversarial defenses. In this paper, we generate high-quality adversarial point clouds using diffusion models. By using partial points as prior knowledge, we generate realistic adversarial examples through shape completion with adversarial guidance. The proposed adversarial shape completion allows for a more reliable generation of adversarial point clouds. To enhance attack transferability, we delve into the characteristics of 3D point clouds and employ model uncertainty for better inference of model classification through random down-sampling of point clouds. We adopt ensemble adversarial guidance for improved transferability across different network architectures. To maintain the generation quality, we limit our adversarial guidance solely to the critical points of the point clouds by calculating saliency scores. Extensive experiments demonstrate that our proposed attacks outperform state-of-the-art adversarial attack methods against both black-box models and defenses. Our black-box attack establishes a new baseline for evaluating the robustness of various 3D point cloud classification models.

Related papers

• PCLD: Point Cloud Layerwise Diffusion for Adversarial Purification [0.8192907805418583]
  Point clouds are extensively employed in a variety of real-world applications such as robotics, autonomous driving and augmented reality. A typical way to assess a model's robustness is through adversarial attacks. We propose Point Cloud Layerwise Diffusion (PCLD), a layerwise diffusion based 3D point cloud defense strategy.
  arXiv  Detail & Related papers  (2024-03-11T13:13:10Z)
• Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds [62.94859179323329]
  Adrial attack methods based on point manipulation for 3D point cloud classification have revealed the fragility of 3D models. We propose a novel shape-based adversarial attack method, HiT-ADV, which conducts a two-stage search for attack regions based on saliency and imperceptibility perturbation scores. We propose that by employing benign resampling and benign rigid transformations, we can further enhance physical adversarial strength with little sacrifice to imperceptibility.
  arXiv  Detail & Related papers  (2024-03-08T12:08:06Z)
• Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion [70.60038549155485]
  Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving. This paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model.
  arXiv  Detail & Related papers  (2022-11-29T14:32:43Z)
• PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples [63.84378007819262]
  We propose PointCA, the first adversarial attack against 3D point cloud completion models. PointCA can generate adversarial point clouds that maintain high similarity with the original ones. We show that PointCA can cause a performance degradation from 77.9% to 16.7%, with the structure chamfer distance kept below 0.01.
  arXiv  Detail & Related papers  (2022-11-22T14:15:41Z)
• PointACL:Adversarial Contrastive Learning for Robust Point Clouds Representation under Adversarial Attack [73.3371797787823]
  Adversarial contrastive learning (ACL) is considered an effective way to improve the robustness of pre-trained models. We present our robust aware loss function to train self-supervised contrastive learning framework adversarially. We validate our method, PointACL on downstream tasks, including 3D classification and 3D segmentation with multiple datasets.
  arXiv  Detail & Related papers  (2022-09-14T22:58:31Z)
• PointDP: Diffusion-driven Purification against Adversarial Attacks on 3D Point Cloud Recognition [29.840946461846]
  3D Point cloud is a critical data representation in many real-world applications like autonomous driving, robotics, and medical imaging. Deep learning is notorious for its vulnerability to adversarial attacks. We propose PointDP, a purification strategy that leverages diffusion models to defend against 3D adversarial attacks.
  arXiv  Detail & Related papers  (2022-08-21T04:49:17Z)
• Shape-invariant 3D Adversarial Point Clouds [111.72163188681807]
  Adversary and invisibility are two fundamental but conflict characters of adversarial perturbations. Previous adversarial attacks on 3D point cloud recognition have often been criticized for their noticeable point outliers. We propose a novel Point-Cloud Sensitivity Map to boost both the efficiency and imperceptibility of point perturbations.
  arXiv  Detail & Related papers  (2022-03-08T12:21:35Z)
• Imperceptible Transfer Attack and Defense on 3D Point Cloud Classification [12.587561231609083]
  We study 3D point cloud attacks from two new and challenging perspectives. We develop an adversarial transformation model to generate the most harmful distortions and enforce the adversarial examples to resist it. We train more robust black-box 3D models to defend against such ITA attacks by learning more discriminative point cloud representations.
  arXiv  Detail & Related papers  (2021-11-22T05:07:36Z)
• Generating Unrestricted 3D Adversarial Point Clouds [9.685291478330054]
  deep learning for 3D point clouds is still vulnerable to adversarial attacks. We propose an Adversarial Graph-Convolutional Generative Adversarial Network (AdvGCGAN) to generate realistic adversarial 3D point clouds.
  arXiv  Detail & Related papers  (2021-11-17T08:30:18Z)
• ShapeAdv: Generating Shape-Aware Adversarial 3D Point Clouds [78.25501874120489]
  We develop shape-aware adversarial 3D point cloud attacks by leveraging the learned latent space of a point cloud auto-encoder. Different from prior works, the resulting adversarial 3D point clouds reflect the shape variations in the 3D point cloud space while still being close to the original one.
  arXiv  Detail & Related papers  (2020-05-24T00:03:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.