Machine learning models are known to be vulnerable to adversarial attacks, namely perturbations of the data that lead to wrong predictions despite being imperceptible. However, the existence of “universal” attacks (i.e., unique perturbations that transfer across different data points) has only been demonstrated for images to date. Part of the reason lies in the lack of a common domain, for geometric data such as graphs, meshes, and point clouds, where a universal perturbation can be defined. In this paper, we offer a change in perspective and demonstrate the existence of universal attacks for geometric data (shapes). We introduce a computational procedure that operates entirely in the spectral domain, where the attacks take the form of small perturbations to short eigenvalue sequences; the resulting geometry is then synthesized via shape-from-spectrum recovery. Our attacks are universal, in that they transfer across different shapes, different representations (meshes and point clouds), and generalize to previously unseen data.

Rampini, A., Pestarini, F., Cosmo, L., Melzi, S., Rodola, E. (2021). Universal Spectral Adversarial Attacks for Deformable Shapes. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (pp.3215-3225). 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : Institute of Electrical and Electronic Engineers [10.1109/CVPR46437.2021.00323].

Universal Spectral Adversarial Attacks for Deformable Shapes

Melzi, S;
2021

Abstract

Machine learning models are known to be vulnerable to adversarial attacks, namely perturbations of the data that lead to wrong predictions despite being imperceptible. However, the existence of “universal” attacks (i.e., unique perturbations that transfer across different data points) has only been demonstrated for images to date. Part of the reason lies in the lack of a common domain, for geometric data such as graphs, meshes, and point clouds, where a universal perturbation can be defined. In this paper, we offer a change in perspective and demonstrate the existence of universal attacks for geometric data (shapes). We introduce a computational procedure that operates entirely in the spectral domain, where the attacks take the form of small perturbations to short eigenvalue sequences; the resulting geometry is then synthesized via shape-from-spectrum recovery. Our attacks are universal, in that they transfer across different shapes, different representations (meshes and point clouds), and generalize to previously unseen data.
No
paper
adversarial attacks; spectral geometry processing; shape classification; universal attacks;
English
2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2021 - 19 June 2021 through 25 June 2021
978-1-6654-4509-2
Rampini, A., Pestarini, F., Cosmo, L., Melzi, S., Rodola, E. (2021). Universal Spectral Adversarial Attacks for Deformable Shapes. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (pp.3215-3225). 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : Institute of Electrical and Electronic Engineers [10.1109/CVPR46437.2021.00323].
Rampini, A; Pestarini, F; Cosmo, L; Melzi, S; Rodola, E
File in questo prodotto:
File Dimensione Formato  
Rampini_Universal_Spectral_Adversarial_Attacks_for_Deformable_Shapes_CVPR_2021_paper.pdf

Solo gestori archivio

Tipologia di allegato: Publisher’s Version (Version of Record, VoR)
Dimensione 7.25 MB
Formato Adobe PDF
7.25 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10281/350424
Citazioni
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 5
Social impact