Defense-PointNet: Protecting PointNet Against Adversarial Attacks
Abstract
Despite remarkable performance across a broad range of tasks, neural networks have been shown to be vulnerable to adversarial attacks. Many works focus on adversarial attacks and defenses on 2D images, but few focus on 3D point clouds. In this paper, our goal is to enhance the adversarial robustness of PointNet, which is one of the most widely used models for 3D point clouds. We apply the fast gradient sign attack method (FGSM) on 3D point clouds and find that FGSM can be used to generate not only adversarial images but also adversarial point clouds. To minimize the vulnerability of PointNet to adversarial attacks, we propose Defense-PointNet. We compare our model with two baseline approaches and show that Defense-PointNet significantly improves the robustness of the network against adversarial samples.
- Publication:
-
arXiv e-prints
- Pub Date:
- February 2020
- DOI:
- arXiv:
- arXiv:2002.11881
- Bibcode:
- 2020arXiv200211881Z
- Keywords:
-
- Computer Science - Computer Vision and Pattern Recognition;
- Computer Science - Machine Learning;
- Electrical Engineering and Systems Science - Image and Video Processing
- E-Print:
- Accepted by IEEE International Conference on Big Data (BigData) Workshop: The Next Frontier of Big Data From LiDAR, 2019