Eidos: Efficient, Imperceptible Adversarial 3D Point Clouds
Authors: Hanwei Zhang, Luo Cheng, 
Qisong He, Wei Huang, Renjue Li, Ronan Sicre, Xiaowei Huang, Holger Hermanns, Lijun ZhangAuthors Info & Claims
Qisong He, Wei Huang, Renjue Li, Ronan Sicre, Xiaowei Huang, Holger Hermanns, Lijun ZhangAuthors Info & ClaimsPages 310 - 326
Abstract
Classification of 3D point clouds is a challenging machine learning (ML) task with important real-world applications in a spectrum from autonomous driving and robot-assisted surgery to earth observation from low orbit. As with other ML tasks, classification models are notoriously brittle in the presence of adversarial attacks. These are rooted in imperceptible changes to inputs with the effect that a seemingly well-trained model ends up misclassifying the input. This paper adds to the understanding of adversarial attacks by presenting Eidos, a framework providing Efficient Imperceptible aDversarial attacks on 3D pOint cloudS. Eidos supports a diverse set of imperceptibility metrics. It employs an iterative, two-step procedure to identify optimal adversarial examples, thereby enabling a runtime-imperceptibility trade-off. We provide empirical evidence relative to several popular 3D point cloud classification models and several established 3D attack methods, showing Eidos ’ superiority with respect to efficiency as well as imperceptibility. Eidos is an open-source project, and its code is available on GitHub at https://github.com/Uzukidd/eidos.
References
[1]
Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: International Conference on Machine Learning, pp. 274–283. PMLR (2018)
[2]
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)
[3]
Duan, Y., Zheng, Y., Lu, J., Zhou, J., Tian, Q.: Structural relational reasoning of point clouds. In: 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 949–958 (2019).
[4]
EU: The artificial intelligence act (2023). https://artificialintelligenceact.eu
[5]
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv:1412.6572 (2014)
[6]
Guo, C., Gardner, J., You, Y., Wilson, A.G., Weinberger, K.: Simple black-box adversarial attacks. In: International Conference on Machine Learning, pp. 2484–2493. PMLR (2019)
[7]
Hamdi A, Rojas S, Thabet A, and Ghanem B Vedaldi A, Bischof H, Brox T, and Frahm J-M AdvPC: transferable adversarial perturbations on 3d point clouds Computer Vision – ECCV 2020 2020 Cham Springer 241-257
[8]
Hu, Q., Liu, D., Hu, W.: Exploring the devil in graph spectral domain for 3d point cloud attacks. arXiv preprint arXiv:2202.07261 (2022)
[9]
Huang, Q., Dong, X., Chen, D., Zhou, H., Zhang, W., Yu, N.: Shape-invariant 3d adversarial point clouds. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 15335–15344 (2022)
[10]
Kim, J., Hua, B.S., Nguyen, T., Yeung, S.K.: Minimal adversarial examples for deep learning on 3d point clouds. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 7797–7806 (2021)
[11]
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv:1607.02533 (2016)
[12]
Liu, D., Yu, R., Su, H.: Extending adversarial attacks and defenses to deep 3d point cloud classifiers. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 2279–2283. IEEE (2019)
[13]
Liu D, Yu R, and Su H Bartoli A and Fusiello A Adversarial shape perturbations on 3d point clouds Computer Vision – ECCV 2020 Workshops 2020 Cham Springer 88-104
[14]
Liu, Y., Fan, B., Meng, G., Lu, J., Xiang, S., Pan, C.: Densepoint: learning densely contextual representation for efficient point cloud processing. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 5239–5248 (2019)
[15]
Maturana, D., Scherer, S.: Voxnet: a 3d convolutional neural network for real-time object recognition. In: 2015 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), pp. 922–928. IEEE (2015)
[16]
Miao, Y., Dong, Y., Zhu, J., Gao, X.S.: Isometric 3d adversarial examples in the physical world. arXiv preprint arXiv:2210.15291 (2022)
[17]
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 372–387. IEEE (2016)
[18]
Qi, C.R., Su, H., Mo, K., Guibas, L.J.: Pointnet: deep learning on point sets for 3d classification and segmentation. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 652–660 (2017)
[19]
Qi, C.R., Yi, L., Su, H., Guibas, L.J.: Pointnet++: Deep hierarchical feature learning on point sets in a metric space. In: Advances in Neural Information Processing Systems, vol. 30 (2017)
[20]
Rusu RB, Marton ZC, Blodow N, Dolha M, and Beetz M Towards 3d point cloud based object maps for household environments Robot. Auton. Syst. 2008 56 11 927-941
[21]
Shi, Z., Chen, Z., Xu, Z., Yang, W., Yu, Z., Huang, L.: Shape prior guided attack: sparser perturbations on 3d point clouds. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, pp. 8277–8285 (2022)
[22]
Singh RD, Mittal A, and Bhatia RK 3d convolutional neural network for object recognition: a review Multimedia Tools Appl. 2019 78 15951-15995
[23]
Tang K et al. Rethinking perturbation directions for imperceptible adversarial attacks on point clouds IEEE Internet Things J. 2022 10 6 5158-5169
[24]
Tang K et al. Normalattack: curvature-aware shape deformation along normals for imperceptible point cloud attack Secur. Commun. Netw. 2022 2022 1 1186633
[25]
Tsai, T., Yang, K., Ho, T.Y., Jin, Y.: Robust adversarial objects against deep learning models. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 34, pp. 954–962 (2020)
[26]
Wang Y, Sun Y, Liu Z, Sarma SE, Bronstein MM, and Solomon JM Dynamic graph CNN for learning on point clouds ACM Trans. Graph. (tog) 2019 38 5 1-12
[27]
Wang Z, Bovik AC, Sheikh HR, and Simoncelli EP Image quality assessment: from error visibility to structural similarity IEEE Trans. Image Process. 2004 13 4 600-612
[28]
Wen, Y., Lin, J., Chen, K., Chen, C., Jia, K.: Geometry-aware generation of adversarial point clouds. arXiv preprint arXiv:1912.11171 (2019)
[29]
Wicker, M., Kwiatkowska, M.: Robustness of 3d deep learning in an adversarial setting. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 11767–11775 (2019)
[30]
Wu, Z., et al.: 3d shapenets: a deep representation for volumetric shapes. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1912–1920 (2015)
[31]
Xiang, C., Qi, C.R., Li, B.: Generating 3d adversarial point clouds. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9136–9144 (2019)
[32]
Yang J, Jiang Y, Huang X, Ni B, and Zhao C Learning black-box attackers with transferable priors and query feedback Adv. Neural. Inf. Process. Syst. 2020 33 12288-12299
[33]
Yang, J., Zhang, Q., Fang, R., Ni, B., Liu, J., Tian, Q.: Adversarial attack and defense on point sets. arXiv preprint arXiv:1902.10899 (2019)
[34]
Yang, J., et al.: Modeling point clouds with self-attention and gumbel subset sampling. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 3323–3332 (2019)
[35]
Zhang H, Avrithis Y, Furon T, and Amsaleg L Smooth adversarial examples EURASIP J. Inf. Secur. 2020 2020 1 1-12
[36]
Zhang H, Avrithis Y, Furon T, and Amsaleg L Walking on the edge: fast, low-distortion adversarial examples IEEE Trans. Inf. Forensics Secur. 2020 16 701-713
[37]
Zhang, J., et al.: 3d adversarial attacks beyond point cloud. arXiv preprint arXiv:2104.12146 (2021)
[38]
Zheng, T., Chen, C., Ren, K., et al.: Learning saliency maps for adversarial point-cloud generation. arXiv preprint arXiv:1812.01687 (2018)
[39]
Zheng, T., Chen, C., Yuan, J., Li, B., Ren, K.: Pointcloud saliency maps. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 1598–1606 (2019)
[40]
Zhou, H., et al.: LG-GAN: label guided adversarial network for flexible targeted attack of point cloud based deep networks. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 10356–10365 (2020)
[41]
Zhou, H., Chen, K., Zhang, W., Fang, H., Zhou, W., Yu, N.: Dup-net: denoiser and upsampler network for 3d adversarial point clouds defense. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 1961–1970 (2019)
Index Terms
- Eidos: Efficient, Imperceptible Adversarial 3D Point Clouds
Index terms have been assigned to the content through auto-classification.
Recommendations
SymAttack: Symmetry-aware Imperceptible Adversarial Attacks on 3D Point Clouds
MM '24: Proceedings of the 32nd ACM International Conference on MultimediaAdversarial attacks on point clouds are crucial for assessing and improving the adversarial robustness of 3D deep learning models. Despite leveraging various geometric constraints, current adversarial attack strategies often suffer from inadequate ...
Adversarial watermark: A robust and reliable watermark against removal
AbstractDigital image watermarking used to be an important tool for copyright protection. However, as neural network-based watermark removal methods have been proposed in recent years, the embedded watermark is increasingly easy to be erased, which poses ...
Adversarial Shape Perturbations on 3D Point Clouds
Computer Vision – ECCV 2020 WorkshopsAbstractThe importance of training robust neural network grows as 3D data is increasingly utilized in deep learning for vision tasks in robotics, drone control, and autonomous driving. One commonly used 3D data type is 3D point clouds, which describe ...
Comments
Information & Contributors
Information
Published In
Nov 2024
430 pages
ISBN:978-981-96-0601-6
DOI:10.1007/978-981-96-0602-3
- Editors:
- Timothy Bourke,
- Liqian Chen,
- Amir Goharshady
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 26 November 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025