Boosting 3D Adversarial Attacks with Attacking On Frequency

Deep neural networks (DNNs) have been shown to be vulnerable to adversarial attacks. Recently, 3D adversarial attacks, especially adversarial attacks on point clouds, have elicited mounting interest. However, adversarial point clouds obtained by previous methods show weak transferability and are easy to defend. To address these problems, in this paper we propose a novel point cloud attack (dubbed AOF) that pays more attention on the low-frequency component of point clouds. We combine the losses from point cloud and its lowfrequency component to craft adversarial samples. Extensive experiments validate that AOF can improve the transferability significantly compared to state-of-the-art (SOTA) attacks, and is more robust to SOTA 3D defense methods. Otherwise, compared to clean point clouds, adversarial point clouds obtained by AOF contain more deformation than outlier.

[1]  Lyujie Chen,et al.  3D Adversarial Attacks Beyond Point Cloud , 2021, Inf. Sci..

[2]  Una-May O'Reilly,et al.  Sign Bits Are All You Need for Black-Box Attacks , 2020, ICLR.

[3]  Seong Joon Oh,et al.  CutMix: Regularization Strategy to Train Strong Classifiers With Localizable Features , 2019, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[4]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[5]  Jihong Zhu,et al.  PointCutMix: Regularization Strategy for Point Cloud Classification , 2021, Neurocomputing.

[6]  Andrew Gordon Wilson,et al.  Simple Black-box Adversarial Attacks , 2019, ICML.

[7]  Gene Cheung,et al.  3D Point Cloud Denoising Using Graph Laplacian Regularization of a Low Dimensional Manifold Model , 2018, IEEE Transactions on Image Processing.

[8]  Qi Zhang,et al.  Hybrid Point Cloud Attribute Compression Using Slice-based Layered Structure and Block-based Intra Prediction , 2018, ACM Multimedia.

[9]  Xiaolin Huang,et al.  Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet , 2020, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[10]  Kejiang Chen,et al.  DUP-Net: Denoiser and Upsampler Network for 3D Adversarial Point Clouds Defense , 2018, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[11]  Pascal Frossard,et al.  The emerging field of signal processing on graphs: Extending high-dimensional data analysis to networks and other irregular domains , 2012, IEEE Signal Processing Magazine.

[12]  C. L. Philip Chen,et al.  Geometry-Aware Generation of Adversarial Point Clouds. , 2020, IEEE transactions on pattern analysis and machine intelligence.

[13]  Kejiang Chen,et al.  LG-GAN: Label Guided Adversarial Network for Flexible Targeted Attack of Point Cloud Based Deep Networks , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[14]  Aleksander Madry,et al.  Adversarial Examples Are Not Bugs, They Are Features , 2019, NeurIPS.

[15]  Jianxiong Xiao,et al.  3D ShapeNets: A deep representation for volumetric shapes , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[16]  Wen Gao,et al.  Cluster-Based Point Cloud Coding with Normal Weighted Graph Fourier Transform , 2018, 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[17]  Yuefeng Chen,et al.  AdvDrop: Adversarial Attack to DNNs by Dropping Information , 2021, 2021 IEEE/CVF International Conference on Computer Vision (ICCV).

[18]  Tsung-Yi Ho,et al.  Robust Adversarial Objects against Deep Learning Models , 2020, AAAI.

[19]  Lina J. Karam,et al.  Frequency-Tuned Universal Adversarial Attacks , 2020, ArXiv.

[20]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[21]  C. Qi Deep Learning on Point Sets for 3 D Classification and Segmentation , 2016 .

[22]  Leonidas J. Guibas,et al.  PointNet++: Deep Hierarchical Feature Learning on Point Sets in a Metric Space , 2017, NIPS.

[23]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[24]  Shuang Zhang,et al.  Frequency domain point cloud registration based on the Fourier transform , 2019, J. Vis. Commun. Image Represent..

[25]  Xiaopeng Zhang,et al.  Efficient Joint Gradient Based Attack Against SOR Defense for 3D Point Cloud Classification , 2020, ACM Multimedia.

[26]  Leonidas J. Guibas,et al.  IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function based Restoration , 2020, ArXiv.

[27]  Ali K. Thabet,et al.  AdvPC: Transferable Adversarial Perturbations on 3D Point Clouds , 2019, ECCV.

[28]  Chong Xiang,et al.  Generating 3D Adversarial Point Clouds , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[29]  Yue Wang,et al.  Dynamic Graph CNN for Learning on Point Clouds , 2018, ACM Trans. Graph..

[30]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[31]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[32]  Leonidas J. Guibas,et al.  PointNet: Deep Learning on Point Sets for 3D Classification and Segmentation , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[33]  Fuxin Li,et al.  PointConv: Deep Convolutional Networks on 3D Point Clouds , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[34]  Nicolas Flammarion,et al.  Square Attack: a query-efficient black-box adversarial attack via random search , 2020, ECCV.