A triangular mesh is one of the most popular 3D data representations. As such, the deployment of deep neural networks for mesh processing is widely spread and is increasingly attracting more attention. However, neural networks are prone to adversarial attacks, where carefully crafted inputs impair the model's functionality. The need to explore these vulnerabilities is a fundamental factor in the future development of 3D-based applications. Recently, mesh attacks were studied on the semantic level, where classifiers are misled to produce wrong predictions. Nevertheless, mesh surfaces possess complex geometric attributes beyond their semantic meaning, and their analysis often includes the need to encode and reconstruct the geometry of the shape. We propose a novel framework for a geometric adversarial attack on a 3D mesh autoencoder. In this setting, an adversarial input mesh deceives the autoencoder by forcing it to reconstruct a different geometric shape at its output. The malicious input is produced by perturbing a clean shape in the spectral domain. Our method leverages the spectral decomposition of the mesh along with additional mesh-related properties to obtain visually credible results that consider the delicacy of surface distortions. Our code is publicly available at https://github.com/StolikTomer/SAGA.

翻译：三角网格是最流行的3D数据表示形式之一。因此，用于网格处理的深度神经网络部署已广泛普及并日益受到关注。然而，神经网络易受对抗攻击影响，精心设计的输入会损害模型功能。探究这些脆弱性是未来开发基于3D应用的基本因素。近期，网格攻击在语义层面得到研究，分类器被误导产生错误预测。但网格表面具有超越语义含义的复杂几何属性，其分析通常涉及编码与重建形状几何结构。我们提出一种面向3D网格自编码器的几何对抗攻击新框架。在该设置中，对抗性输入网格通过迫使自编码器在输出端重建不同几何形状来欺骗该模型。恶意输入通过在频谱域扰动干净形状产生。我们的方法利用网格的频谱分解与额外网格相关属性，获得考虑表面扭曲精细程度的视觉可信结果。代码已开源：https://github.com/StolikTomer/SAGA。