NeRFail: Neural Radiance Fields-Based Multiview Adversarial Attack
DOI:
https://doi.org/10.1609/aaai.v38i19.30113Keywords:
GeneralAbstract
Adversarial attacks, i.e., generating adversarial perturbations with a small magnitude to deceive deep neural networks, are important for investigating and improving model trustworthiness. Traditionally, the topic was scoped within 2D images without considering 3D multiview information. Benefiting from Neural Radiance Fields (NeRF), one can easily reconstruct a 3D scene with a Multi-Layer Perceptron (MLP) from given 2D views and synthesize photo-realistic renderings of novel vantages. This opens up a door to discussing the possibility of undertaking to attack multiview NeRF network with downstream tasks from different rendering angles, which we denote Neural Radiance Fiels-based multiview adversarial Attack (NeRFail). The goal is, given one scene and a subset of views, to deceive the recognition results of agnostic view angles as well as given views. To do so, we propose a transformation mapping from pixels to 3D points such that our attack generates multiview adversarial perturbations by attacking a subset of images with different views, intending to prevent the downstream classifier from correctly predicting images rendered by NeRF from other views. Experiments show that our multiview adversarial perturbations successfully obfuscate the downstream classifier at both known and unknown views. Notably, when retraining another NeRF on the perturbed training data, we show that the perturbation can be inherited and reproduced. The code can be found at https://github.com/jiang-wenxiang/NeRFail.
Downloads
Published
2024-03-24
How to Cite
Jiang, W., Zhang, H., Wang, X., Guo, Z., & Wang, H. (2024). NeRFail: Neural Radiance Fields-Based Multiview Adversarial Attack. Proceedings of the AAAI Conference on Artificial Intelligence, 38(19), 21197-21205. https://doi.org/10.1609/aaai.v38i19.30113
Issue
Section
AAAI Technical Track on Safe, Robust and Responsible AI Track
