Abstract
3D vision with real-time LiDAR-based point cloud data became a vital part of autonomous system research, especially perception and prediction modules use for object classification, segmentation, and detection. Despite their success, point cloud-based network models are vulnerable to multiple adversarial attacks, where the certain factor of changes in the validation set causes significant performance drop in well-trained networks. Most of the existing verifiers work perfectly on 2D convolution. Due to complex architecture, dimension of hyper-parameter, and 3D convolution, no verifiers can perform the basic layer-wise verification. It is difficult to conclude the robustness of a 3D vision model without performing the verification. Because there will be always corner cases and adversarial input that can compromise the model's effectiveness. In this project, we describe a point cloud-based network verifier that successfully deals state of the art 3D classifier PointNet verifies the robustness by generating adversarial inputs. We have used extracted properties from the trained PointNet and changed certain factors for perturbation input. We calculate the impact on model accuracy versus property factor and can test PointNet network's robustness against a small collection of perturbing input states resulting from adversarial attacks like the suggested hybrid reverse signed attack. The experimental results reveal that the resilience property of PointNet is affected by our hybrid reverse signed perturbation strategy
Abstract (translated)
实时激光扫描点云数据生成的三维视觉成为了自主系统研究的重要部分,特别是用于对象分类、分割和检测的感知和预测模块。尽管取得了成功,基于点云的网络模型仍然容易受到多种dversarial攻击,其中在验证集上某些因素的变化会导致训练好的网络的性能下降。目前大多数现有验证器在2D卷积上表现完美。由于复杂的架构、超参数维度和3D卷积,没有任何验证器能够进行基本层wise verification。因此,很难在没有验证的情况下结论3D视觉模型的鲁棒性。因为总是存在角落情况和dversarial输入,它们可能会削弱模型的效果。在本项目中,我们描述了一个基于点云的网络验证器,成功处理了最先进的3D分类器PointNet,通过生成dversarial输入来验证其鲁棒性。我们使用了训练好的PointNet提取的属性,并改变了某些因素以影响扰动输入。我们计算了模型准确性与属性因子的影响,并可以测试PointNet网络的鲁棒性,对抗性攻击如建议的混合反签名攻击造成了小批量扰动输入状态的影响。实验结果表明,PointNet的韧性特性受到我们的混合反签名扰动策略的影响。
URL
https://arxiv.org/abs/2301.11806