Compared with transferable untargeted attacks, transferable targeted adversarial attacks could specify the misclassification categories of adversarial samples, posing a greater threat to security-critical tasks. In the meanwhile, 3D adversarial samples, due to their potential of multi-view robustness, can more comprehensively identify weaknesses in existing deep learning systems, possessing great application value. However, the field of transferable targeted 3D adversarial attacks remains vacant. The goal of this work is to develop a more effective technique that could generate transferable targeted 3D adversarial examples, filling the gap in this field. To achieve this goal, we design a novel framework named TT3D that could rapidly reconstruct from few multi-view images into Transferable Targeted 3D textured meshes. While existing mesh-based texture optimization methods compute gradients in the high-dimensional mesh space and easily fall into local optima, leading to unsatisfactory transferability and distinct distortions, TT3D innovatively performs dual optimization towards both feature grid and Multi-layer Perceptron (MLP) parameters in the grid-based NeRF space, which significantly enhances black-box transferability while enjoying naturalness. Experimental results show that TT3D not only exhibits superior cross-model transferability but also maintains considerable adaptability across different renders and vision tasks. More importantly, we produce 3D adversarial examples with 3D printing techniques in the real world and verify their robust performance under various scenarios.

翻译：相比可迁移的无目标攻击，可迁移的有目标对抗攻击能够指定对抗样本的误分类类别，对安全关键任务构成更大威胁。同时，三维对抗样本因其多视角鲁棒性潜力，能更全面地识别现有深度学习系统中的弱点，具有重要的应用价值。然而，可迁移的有目标三维对抗攻击领域仍属空白。本研究旨在开发一种更有效的技术，以生成可迁移的有目标三维对抗样本，填补该领域空白。为此，我们设计了一个名为TT3D的新型框架，它能从少量多视角图像快速重建为可迁移的有目标三维纹理网格。现有基于网格的纹理优化方法在高维网格空间中计算梯度，容易陷入局部最优，导致迁移性不佳且存在明显畸变，而TT3D创新地在基于网格的NeRF空间中对特征网格和多层感知机（MLP）参数进行双重优化，显著增强了黑盒迁移性并保持了自然性。实验结果表明，TT3D不仅展现出优越的跨模型迁移性，在不同渲染器和视觉任务中也保持较强的适应性。更重要的是，我们利用3D打印技术在真实世界中制作了三维对抗样本，并验证了其在多种场景下的鲁棒性能。