Imperceptible Adversarial Attacks on Point Clouds Guided by Point-to-Surface Field

• URL: http://arxiv.org/abs/2412.19015v1
• Date: Thu, 26 Dec 2024 01:36:35 GMT
• Title: Imperceptible Adversarial Attacks on Point Clouds Guided by Point-to-Surface Field
• Authors: Keke Tang, Weiyao Ke, Weilong Peng, Xiaofei Wang, Ziyong Du, Zhize Wu, Peican Zhu, Zhihong Tian,
• Abstract summary: Adversarial attacks on point clouds are crucial for assessing and improving the adversarial robustness of 3D deep learning models. Traditional solutions strictly limit point displacement during attacks, making it challenging to balance imperceptibility with adversarial effectiveness. We introduce a novel point-to-surface (P2S) field that adjusts adversarial perturbation directions by dragging points back to their original underlying surface.
• Score: 7.343103958556723
• License:
• Abstract: Adversarial attacks on point clouds are crucial for assessing and improving the adversarial robustness of 3D deep learning models. Traditional solutions strictly limit point displacement during attacks, making it challenging to balance imperceptibility with adversarial effectiveness. In this paper, we attribute the inadequate imperceptibility of adversarial attacks on point clouds to deviations from the underlying surface. To address this, we introduce a novel point-to-surface (P2S) field that adjusts adversarial perturbation directions by dragging points back to their original underlying surface. Specifically, we use a denoising network to learn the gradient field of the logarithmic density function encoding the shape's surface, and apply a distance-aware adjustment to perturbation directions during attacks, thereby enhancing imperceptibility. Extensive experiments show that adversarial attacks guided by our P2S field are more imperceptible, outperforming state-of-the-art methods.

Related papers

• Evaluating the Robustness of LiDAR Point Cloud Tracking Against Adversarial Attack [6.101494710781259]
  We introduce a unified framework for conducting adversarial attacks within the context of 3D object tracking. In addressing black-box attack scenarios, we introduce a novel transfer-based approach, the Target-aware Perturbation Generation (TAPG) algorithm. Our experimental findings reveal a significant vulnerability in advanced tracking methods when subjected to both black-box and white-box attacks.
  arXiv  Detail & Related papers  (2024-10-28T10:20:38Z)
• epsilon-Mesh Attack: A Surface-based Adversarial Point Cloud Attack for Facial Expression Recognition [0.8192907805418583]
  A common method is to use adversarial attacks where the gradient direction is followed to change the input slightly. In this paper, we suggest an adversarial attack called $epsilon$-Mesh Attack, which operates on point cloud data via limiting perturbations to be on the mesh surface. Our method successfully confuses trained DGCNN and PointNet models $99.72%$ and $97.06%$ of the time, with indistinguishable facial deformations.
  arXiv  Detail & Related papers  (2024-03-11T12:29:55Z)
• Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds [62.94859179323329]
  Adrial attack methods based on point manipulation for 3D point cloud classification have revealed the fragility of 3D models. We propose a novel shape-based adversarial attack method, HiT-ADV, which conducts a two-stage search for attack regions based on saliency and imperceptibility perturbation scores. We propose that by employing benign resampling and benign rigid transformations, we can further enhance physical adversarial strength with little sacrifice to imperceptibility.
  arXiv  Detail & Related papers  (2024-03-08T12:08:06Z)
• Adaptive Local Adversarial Attacks on 3D Point Clouds for Augmented Reality [10.118505317224683]
  Adversarial examples are beneficial to improve the robustness of the 3D neural network model. Most 3D adversarial attack methods perturb the entire point cloud to generate adversarial examples. We propose an adaptive local adversarial attack method (AL-Adv) on 3D point clouds to generate adversarial point clouds.
  arXiv  Detail & Related papers  (2023-03-12T11:52:02Z)
• Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion [70.60038549155485]
  Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving. This paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model.
  arXiv  Detail & Related papers  (2022-11-29T14:32:43Z)
• Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
  A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
  arXiv  Detail & Related papers  (2022-11-04T13:54:02Z)
• PointCAT: Contrastive Adversarial Training for Robust Point Cloud Recognition [111.55944556661626]
  We propose Point-Cloud Contrastive Adversarial Training (PointCAT) to boost the robustness of point cloud recognition models. We leverage a supervised contrastive loss to facilitate the alignment and uniformity of the hypersphere features extracted by the recognition model. To provide the more challenging corrupted point clouds, we adversarially train a noise generator along with the recognition model from the scratch.
  arXiv  Detail & Related papers  (2022-09-16T08:33:04Z)
• Shape-invariant 3D Adversarial Point Clouds [111.72163188681807]
  Adversary and invisibility are two fundamental but conflict characters of adversarial perturbations. Previous adversarial attacks on 3D point cloud recognition have often been criticized for their noticeable point outliers. We propose a novel Point-Cloud Sensitivity Map to boost both the efficiency and imperceptibility of point perturbations.
  arXiv  Detail & Related papers  (2022-03-08T12:21:35Z)
• Topological Effects on Attacks Against Vertex Classification [61.62383779296796]
  This paper considers two topological characteristics of graphs and explores the way these features affect the amount the adversary must perturb the graph in order to be successful. We show that, if certain vertices are included in the training set, it is possible to substantially an adversary's required perturbation budget. Even for especially easy targets (those that are misclassified after just one or two perturbations), the degradation of performance is much slower, assigning much lower probabilities to the incorrect classes.
  arXiv  Detail & Related papers  (2020-03-12T14:37:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.