Shape Prior Guided Attack: Sparser Perturbations on 3D Point Clouds
DOI:
https://doi.org/10.1609/aaai.v36i8.20802Keywords:
Machine Learning (ML), Computer Vision (CV), Humans And AI (HAI), Game Theory And Economic Paradigms (GTEP)Abstract
Deep neural networks are extremely vulnerable to malicious input data. As 3D data is increasingly used in vision tasks such as robots, autonomous driving and drones, the internal robustness of the classification models for 3D point cloud has received widespread attention. In this paper, we propose a novel method named SPGA (Shape Prior Guided Attack) to generate adversarial point cloud examples. We use shape prior information to make perturbations sparser and thus achieve imperceptible attacks. In particular, we propose a Spatially Logical Block (SLB) to apply adversarial points through sliding in the oriented bounding box. Moreover, we design an algorithm called FOFA for this type of task, which further refines the adversarial attack in the process of breaking down complicated problems into sub-problems. Compared with the methods of global perturbation, our attack method consumes significantly fewer computations, making it more efficient. Most importantly of all, SPGA can generate examples with a higher attack success rate (even in a defensive situation), less perturbation budget and stronger transferability.
Downloads
Published
2022-06-28
How to Cite
Shi, Z., Chen, Z., Xu, Z., Yang, W., Yu, Z., & Huang, L. (2022). Shape Prior Guided Attack: Sparser Perturbations on 3D Point Clouds. Proceedings of the AAAI Conference on Artificial Intelligence, 36(8), 8277-8285. https://doi.org/10.1609/aaai.v36i8.20802
Issue
Section
AAAI Technical Track on Machine Learning III
