三维点云目标识别对抗攻击研究综述  

作　　者：刘伟权 郑世均 郭宇[1,2] 王程 LIU Weiquan;ZHENG Shijun;GUO Yu;WANG Cheng(School of Informatics,Xiamen University,Xiamen 361005,China;Fujian Key Laboratory of Sensing and Computing for Smart City,Xiamen University,Xiamen 361005,China;College of Computer Engineering,Jimei University,Xiamen 361021,China)

机构地区：[1]厦门大学信息学院,厦门361005 [2]福建省智慧城市感知与计算重点实验室,厦门361005 [3]集美大学计算机工程学院,厦门361021

出　　处：《电子与信息学报》2024年第5期1645-1657,共13页Journal of Electronics & Information Technology

基　　金：中国博士后科学基金(2021M690094);福厦泉国家自主创新示范区协同创新平台(3502ZCQXT2021003)。

摘　　要：当前,人工智能系统在诸多领域都取得了巨大的成功,其中深度学习技术发挥了关键作用。然而,尽管深度神经网络具有强大的推理识别能力,但是依然容易受到对抗样本的攻击,表现出了脆弱性。对抗样本是经过特殊设计的输入数据,能够攻击并误导深度学习模型的输出。随着激光雷达等3维传感器的快速发展,使用深度学习技术解决3维领域的各种智能任务也越来越受到重视。采用深度学习技术处理3维点云数据的人工智能系统的安全性和鲁棒性至关重要,如基于深度学习的自动驾驶3维目标检测与识别技术。为了分析3维点云对抗样本对深度神经网络的攻击方式,揭示3维对抗样本对深度神经网络的干扰机制,该文总结了基于3维点云深度神经网络模型的对抗攻击方法的研究进展。首先,介绍了对抗攻击的基本原理和实现方法,然后,总结并分析了3维点云的数字域对抗攻击和物理域对抗攻击,最后,讨论了3维点云对抗攻击面临的挑战和未来的研究方向。Currently,artificial intelligence systems have achieved significant success in various domains,with deep learning technology playing a pivotal role.However,although the deep neural network has strong inference recognition ability,it is still vulnerable to the attack of adversarial examples,showing its vulnerability.Adversarial samples are specially crafted input data designed to attack and mislead the outputs of deep learning models.With the rapid development of 3D sensors such as LiDAR,the use of deep learning technology to address various intelligent tasks in the 3D domain is gaining increasing attention.Ensuring the security and robustness of artificial intelligence systems that process 3D point cloud data,such as deep learning-based autonomous 3D object detection and recognition for self-driving vehicles,is crucial.In order to analyze the methods by which 3D adversarial samples attack deep neural networks,and reveal the interference mechanisms of 3D adversarial samples on deep neural networks,this paper summarizes the research progress on adversarial attack methods for deep neural network models based on 3D point cloud data.The paper first introduces the fundamental principles and implementation methods of adversarial attacks,and then it summarizes and analyzes digital domain adversarial attacks and physical domain adversarial attacks on 3D point clouds.Finally,it discusses the challenges and future research directions in the realm of 3D point cloud adversarial attacks.

关 键 词：对抗攻击 深度学习 3维点云 对抗样本 

分 类 号：TN249.3[电子电信—物理电子学] TN957.52[自动化与计算机技术—计算机应用技术] TN958.98[自动化与计算机技术—计算机科学与技术] TN972TP39