3D vision with real-time LiDAR-based point cloud data became a vital part of autonomous system research, especially perception and prediction modules use for object classification, segmentation, and detection. Despite their success, point cloud-based network models are vulnerable to multiple adversarial attacks, where the certain factor of changes in the validation set causes significant performance drop in well-trained networks. Most of the existing verifiers work perfectly on 2D convolution. Due to complex architecture, dimension of hyper-parameter, and 3D convolution, no verifiers can perform the basic layer-wise verification. It is difficult to conclude the robustness of a 3D vision model without performing the verification. Because there will be always corner cases and adversarial input that can compromise the model's effectiveness. In this project, we describe a point cloud-based network verifier that successfully deals state of the art 3D classifier PointNet verifies the robustness by generating adversarial inputs. We have used extracted properties from the trained PointNet and changed certain factors for perturbation input. We calculate the impact on model accuracy versus property factor and can test PointNet network's robustness against a small collection of perturbing input states resulting from adversarial attacks like the suggested hybrid reverse signed attack. The experimental results reveal that the resilience property of PointNet is affected by our hybrid reverse signed perturbation strategy

翻译：基于实时LiDAR点云数据的3D视觉已成为自主系统研究中不可或缺的组成部分，尤其是用于目标分类、分割与检测的感知与预测模块。尽管取得了成功，基于点云的网络模型仍易受多种对抗性攻击的影响——验证集中特定因素的变化会导致训练良好的网络性能显著下降。现有验证器大多完美适用于2D卷积，但由于复杂架构、超参数维度及3D卷积的限制，尚无验证器能执行基础层级验证。若不开展验证，则难以判定3D视觉模型的鲁棒性，因为始终存在可能削弱模型有效性的极端案例与对抗性输入。在本项目中，我们描述了一种基于点云的网络验证器，它成功处理了最先进的3D分类器PointNet，通过生成对抗性输入来验证其鲁棒性。我们利用从训练好的PointNet中提取的属性，并改变扰动输入的特定因素。通过计算模型精度与属性因素间的影响关系，我们能够针对少量由对抗性攻击（如提出的混合反向符号攻击）所产生的扰动输入状态，测试PointNet网络的鲁棒性。实验结果表明，我们的混合反向符号扰动策略显著影响了PointNet的鲁棒性特征。