3D scene representation methods like Neural Radiance Fields (NeRF) and 3D Gaussian Splatting (3DGS) have significantly advanced novel view synthesis. As these methods become prevalent, addressing their vulnerabilities becomes critical. We analyze 3DGS robustness against image-level poisoning attacks and propose a novel density-guided poisoning method. Our method strategically injects Gaussian points into low-density regions identified via Kernel Density Estimation (KDE), embedding viewpoint-dependent illusory objects clearly visible from poisoned views while minimally affecting innocent views. Additionally, we introduce an adaptive noise strategy to disrupt multi-view consistency, further enhancing attack effectiveness. We propose a KDE-based evaluation protocol to assess attack difficulty systematically, enabling objective benchmarking for future research. Extensive experiments demonstrate our method's superior performance compared to state-of-the-art techniques. Project page: https://hentci.github.io/stealthattack/

翻译：以神经辐射场（NeRF）和3D高斯溅射（3DGS）为代表的三维场景表示方法显著推动了新视角合成技术的发展。随着这些方法的广泛应用，应对其安全脆弱性变得至关重要。本文分析了3DGS在图像级投毒攻击下的鲁棒性，并提出一种新颖的密度引导投毒方法。该方法通过核密度估计（KDE）识别低密度区域，策略性地注入高斯点，从而嵌入视角依赖的幻觉物体——这些物体在受污染视角下清晰可见，而对正常视角的影响极小。此外，我们引入自适应噪声策略以破坏多视角一致性，进一步提升攻击效果。我们提出基于KDE的评估协议来系统化评估攻击难度，为未来研究提供客观的基准测试体系。大量实验证明，相较于现有先进技术，本方法具有更优越的性能。项目页面：https://hentci.github.io/stealthattack/