LG-GAN: Label Guided Adversarial Network for Flexible Targeted Attack of Point Cloud-based Deep Networks

by   Hang Zhou, et al.

Deep neural networks have made tremendous progress in 3D point-cloud recognition. Recent works have shown that these 3D recognition networks are also vulnerable to adversarial samples produced from various attack methods, including optimization-based 3D Carlini-Wagner attack, gradient-based iterative fast gradient method, and skeleton-detach based point-dropping. However, after a careful analysis, these methods are either extremely slow because of the optimization/iterative scheme, or not flexible to support targeted attack of a specific category. To overcome these shortcomings, this paper proposes a novel label guided adversarial network (LG-GAN) for real-time flexible targeted point cloud attack. To the best of our knowledge, this is the first generation based 3D point cloud attack method. By feeding the original point clouds and target attack label into LG-GAN, it can learn how to deform the point clouds to mislead the recognition network into the specific label only with a single forward pass. In detail, LGGAN first leverages one multi-branch adversarial network to extract hierarchical features of the input point clouds, then incorporates the specified label information into multiple intermediate features using the label encoder. Finally, the encoded features will be fed into the coordinate reconstruction decoder to generate the target adversarial sample. By evaluating different point-cloud recognition models (e.g., PointNet, PointNet++ and DGCNN), we demonstrate that the proposed LG-GAN can support flexible targeted attack on the fly while guaranteeing good attack performance and higher efficiency simultaneously.


Adversarial Attack and Defense on Point Sets

Emergence of the utility of 3D point cloud data in critical vision tasks...

Minimal Adversarial Examples for Deep Learning on 3D Point Clouds

With the recent developments of convolutional neural networks, deep lear...

Once a MAN: Towards Multi-Target Attack via Learning Multi-Target Adversarial Network Once

Modern deep neural networks are often vulnerable to adversarial samples....

Poisoning MorphNet for Clean-Label Backdoor Attack to Point Clouds

This paper presents Poisoning MorphNet, the first backdoor attack method...

Prototype-supervised Adversarial Network for Targeted Attack of Deep Hashing

Due to its powerful capability of representation learning and high-effic...

Passive Defense Against 3D Adversarial Point Clouds Through the Lens of 3D Steganalysis

Nowadays, 3D data plays an indelible role in the computer vision field. ...

Learning Saliency Maps for Adversarial Point-Cloud Generation

3D point-cloud recognition with deep neural network (DNN) has received r...

Please sign up or login with your details

Forgot password? Click here to reset