DeepAI AI Chat
Log In Sign Up

Adversarial Attack by Limited Point Cloud Surface Modifications

by   Atrin Arya, et al.
Sharif Accelerator

Recent research has revealed that the security of deep neural networks that directly process 3D point clouds to classify objects can be threatened by adversarial samples. Although existing adversarial attack methods achieve high success rates, they do not restrict the point modifications enough to preserve the point cloud appearance. To overcome this shortcoming, two constraints are proposed. These include applying hard boundary constraints on the number of modified points and on the point perturbation norms. Due to the restrictive nature of the problem, the search space contains many local maxima. The proposed method addresses this issue by using a high step-size at the beginning of the algorithm to search the main surface of the point cloud fast and effectively. Then, in order to converge to the desired output, the step-size is gradually decreased. To evaluate the performance of the proposed method, it is run on the ModelNet40 and ScanObjectNN datasets by employing the state-of-the-art point cloud classification models; including PointNet, PointNet++, and DGCNN. The obtained results show that it can perform successful attacks and achieve state-of-the-art results by only a limited number of point modifications while preserving the appearance of the point cloud. Moreover, due to the effective search algorithm, it can perform successful attacks in just a few steps. Additionally, the proposed step-size scheduling algorithm shows an improvement of up to 14.5% when adopted by other methods as well. The proposed method also performs effectively against popular defense methods.


page 1

page 2

page 3

page 4


IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function based Restoration

Point cloud is an important 3D data representation widely used in many e...

Adversarial Attack and Defense on Point Sets

Emergence of the utility of 3D point cloud data in critical vision tasks...

Nudge Attacks on Point-Cloud DNNs

The wide adaption of 3D point-cloud data in safety-critical applications...

AdvPC: Transferable Adversarial Perturbations on 3D Point Clouds

Deep neural networks are vulnerable to adversarial attacks, in which imp...

Robust Structured Declarative Classifiers for 3D Point Clouds: Defending Adversarial Attacks with Implicit Gradients

Deep neural networks for 3D point cloud classification, such as PointNet...

Local Aggressive Adversarial Attacks on 3D Point Cloud

Deep neural networks are found to be prone to adversarial examples which...

Automated classification of stems and leaves of potted plants based on point cloud data

The accurate classification of plant organs is a key step in monitoring ...