Random Walks for Adversarial Meshes
This addresses a security vulnerability in 3D graphics and computer vision applications, offering a novel attack method for an incremental area of research.
The paper tackles the under-explored problem of adversarial attacks on 3D mesh classification networks by proposing a black-box attack method that uses random walks to identify and modify key mesh regions, achieving misclassification in state-of-the-art networks with minimal visible changes.
A polygonal mesh is the most-commonly used representation of surfaces in computer graphics. Therefore, it is not surprising that a number of mesh classification networks have recently been proposed. However, while adversarial attacks are wildly researched in 2D, the field of adversarial meshes is under explored. This paper proposes a novel, unified, and general adversarial attack, which leads to misclassification of several state-of-the-art mesh classification neural networks. Our attack approach is black-box, i.e. it has access only to the network's predictions, but not to the network's full architecture or gradients. The key idea is to train a network to imitate a given classification network. This is done by utilizing random walks along the mesh surface, which gather geometric information. These walks provide insight onto the regions of the mesh that are important for the correct prediction of the given classification network. These mesh regions are then modified more than other regions in order to attack the network in a manner that is barely visible to the naked eye.