Be Careful with Rotation: A Uniform Backdoor Pattern for 3D Shape
This addresses security vulnerabilities in 3D deep learning systems that rely on third-party datasets, offering a novel attack method for 3D data.
The paper tackles the problem of backdoor attacks on 3D deep neural networks by designing NRBdoor, a uniform backdoor pattern that adapts to heterogeneous 3D data structures, achieving state-of-the-art performance with negligible shape variation in experiments on 3D mesh and point cloud.
For saving cost, many deep neural networks (DNNs) are trained on third-party datasets downloaded from internet, which enables attacker to implant backdoor into DNNs. In 2D domain, inherent structures of different image formats are similar. Hence, backdoor attack designed for one image format will suite for others. However, when it comes to 3D world, there is a huge disparity among different 3D data structures. As a result, backdoor pattern designed for one certain 3D data structure will be disable for other data structures of the same 3D scene. Therefore, this paper designs a uniform backdoor pattern: NRBdoor (Noisy Rotation Backdoor) which is able to adapt for heterogeneous 3D data structures. Specifically, we start from the unit rotation and then search for the optimal pattern by noise generation and selection process. The proposed NRBdoor is natural and imperceptible, since rotation is a common operation which usually contains noise due to both the miss match between a pair of points and the sensor calibration error for real-world 3D scene. Extensive experiments on 3D mesh and point cloud show that the proposed NRBdoor achieves state-of-the-art performance, with negligible shape variation.