Generating Adversarial Surfaces via Band-Limited Perturbations

Thumbnail Image
Files
v39i5pp253-264.pdf (8.49 MB)
Date
2020
Authors
Mariani, Giorgio
Cosmo, Luca
Bronstein, Alex M.
RodolĂ , Emanuele
Journal Title
Journal ISSN
Volume Title
Publisher
The Eurographics Association and John Wiley & Sons Ltd.
Abstract
Adversarial attacks have demonstrated remarkable efficacy in altering the output of a learning model by applying a minimal perturbation to the input data. While increasing attention has been placed on the image domain, however, the study of adversarial perturbations for geometric data has been notably lagging behind. In this paper, we show that effective adversarial attacks can be concocted for surfaces embedded in 3D, under weak smoothness assumptions on the perceptibility of the attack. We address the case of deformable 3D shapes in particular, and introduce a general model that is not tailored to any specific surface representation, nor does it assume access to a parametric description of the 3D object. In this context, we consider targeted and untargeted variants of the attack, demonstrating compelling results in either case. We further show how discovering adversarial examples, and then using them for adversarial training, leads to an increase in both robustness and accuracy. Our findings are confirmed empirically over multiple datasets spanning different semantic classes and deformations.
Description

        
@article{
10.1111:cgf.14083
,
journal = {Computer Graphics Forum},
title = {{
Generating Adversarial Surfaces via Band-Limited Perturbations
}},
author = {
Mariani, Giorgio
 and 
Cosmo, Luca
 and 
Bronstein, Alex M.
 and 
RodolĂ , Emanuele
},
year = {
2020
},
publisher = {
The Eurographics Association and John Wiley & Sons Ltd.
},
ISSN = {
1467-8659
},
DOI = {
10.1111/cgf.14083
}
}
Citation
URI
https://doi.org/10.1111/cgf.14083
 https://diglib.eg.org:443/handle/10.1111/cgf14083
Collections
39-Issue 5