3D Adversarial Attacks Beyond Point Cloud

Recently, 3D deep learning models have been shown to be susceptible to adversarial attacks like their 2D counterparts. Most of the state-of-the-art (SOTA) 3D adversarial attacks perform perturbation to 3D point clouds. To reproduce these attacks in pseudo physical scenario, a generated adversarial 3D point cloud need to be reconstructed to mesh, which leads to a significant drop in its adversarial effect. In this paper, we propose a strong 3D adversarial attack named Mesh Attack to address this problem by directly performing perturbation on mesh of a 3D object. Specifically, in each iteration of our method, the mesh is first sampled to point cloud by a differentiable sample module. Then a point cloud classifier is used to back-propagate a combined loss to update the mesh vertices. The combined loss includes an adversarial loss to mislead the point cloud classifier and three mesh losses to regularize the mesh to be smooth. Extensive experiments demonstrate that the proposed scheme outperforms SOTA 3D attacks by a significant margin in the pseudo physical scenario. We also achieved SOTA performance under various defenses. Moreover, to the best of our knowledge, our Mesh Attack is the first attempt of adversarial attack on mesh classifier. Our code is available at: {\footnotesize{\url{https://github.com/cuge1995/Mesh-Attack}}}.