Geometric Adversarial Attacks and Defenses on 3D Point Clouds

Itai Lang, Uriel Kotlicki, Shai Avidan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Deep neural networks are prone to adversarial examples that maliciously alter the network's outcome. Due to the increasing popularity of 3D sensors in safety-critical systems and the vast deployment of deep learning models for 3D point sets,there is a growing interest in adversarial attacks and defenses for such models. So far,the research has focused on the semantic level,namely,deep point cloud classifiers. However,point clouds are also widely used in a geometric-related form that includes encoding and reconstructing the geometry. In this work,we are the first to consider the problem of adversarial examples at a geometric level. In this setting,the question is how to craft a small change to a clean source point cloud that leads,after passing through an autoencoder model,to the reconstruction of a different target shape. Our attack is in sharp contrast to existing semantic attacks on 3D point clouds. While such works aim to modify the predicted label by a classifier,we alter the entire reconstructed geometry. Additionally,we demonstrate the robustness of our attack in the case of defense,where we show that remnant characteristics of the target shape are still present at the output after applying the defense to the adversarial input. Our code is publicly available1.

Original languageEnglish
Title of host publicationProceedings - 2021 International Conference on 3D Vision, 3DV 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1196-1205
Number of pages10
ISBN (Electronic)9781665426886
DOIs
StatePublished - 2021
Event9th International Conference on 3D Vision, 3DV 2021 - Virtual, Online, United Kingdom
Duration: 1 Dec 20213 Dec 2021

Publication series

NameProceedings - 2021 International Conference on 3D Vision, 3DV 2021

Conference

Conference9th International Conference on 3D Vision, 3DV 2021
Country/TerritoryUnited Kingdom
CityVirtual, Online
Period1/12/213/12/21

Keywords

  • 3D Point Clouds
  • Adversarial Attacks
  • Deep Learning
  • Defense Methods
  • Geometry Processing

Fingerprint

Dive into the research topics of 'Geometric Adversarial Attacks and Defenses on 3D Point Clouds'. Together they form a unique fingerprint.

Cite this