NeRFail: Neural Radiance Fields-Based Multiview Adversarial Attack - Laboratoire d'informatique de l'X (LIX)
Communication Dans Un Congrès Année : 2024

NeRFail: Neural Radiance Fields-Based Multiview Adversarial Attack

Résumé

Adversarial attacks, i.e. generating adversarial perturbations with a small magnitude to deceive deep neural networks, are important for investigating and improving model trustworthiness. Traditionally, the topic was scoped within 2D images without considering 3D multiview information. Benefiting from Neural Radiance Fields (NeRF), one can easily reconstruct a 3D scene with a Multi-Layer Perceptron (MLP) from given 2D views and synthesize photo-realistic renderings of novel vantages. This opens up a door to discussing the possibility of undertaking to attack multiview NeRF network with downstream tasks from different rendering angles, which we denote Neural Radiance Fields-based multiview adversarial Attack (NeRFail). The goal is, given one scene and a subset of views, to deceive the recognition results of agnostic view angles as well as given views. To do so, we propose a transformation mapping from pixels to 3D representation such that our attack generates multiview adversarial perturbations by attacking a subset of images with different views, intending to prevent the downstream classifier from correctly predicting images rendered by NeRF from other views. Experiments show that our multiview adversarial perturbations successfully obfuscate the downstream classifier at both known and unknown views. Notably, when retraining another NeRF on the perturbed training data, we show that the perturbation can be inherited and reproduced. The code can be found at https://github.com/jiang-wenxiang/NeRFail.
Fichier principal
Vignette du fichier
AAAI23_Adversarial_attacks_against_NeRF_camera_ready_Authors_version (1).pdf (16.44 Mo) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-04826512 , version 1 (16-12-2024)

Identifiants

Citer

Wenxiang Jiang, Hanwei Zhang, Xi Wang, Zhongwen Guo, Hao Wang. NeRFail: Neural Radiance Fields-Based Multiview Adversarial Attack. Proceedings of the AAAI Conference on Artificial Intelligence, Feb 2024, Vancouver, Canada. pp.21197-21205, ⟨10.1609/aaai.v38i19.30113⟩. ⟨hal-04826512⟩
0 Consultations
0 Téléchargements

Altmetric

Partager

More