3D vision with real-time LiDAR-based point cloud data became a vital part of autonomous system research, especially perception and prediction modules use for object classification, segmentation, and detection. Despite their success, point cloud-based network models are vulnerable to multiple adversarial attacks, where the certain factor of changes in the validation set causes significant performance drop in well-trained networks. Most of the existing verifiers work perfectly on 2D convolution. Due to complex architecture, dimension of hyper-parameter, and 3D convolution, no verifiers can perform the basic layer-wise verification. It is difficult to conclude the robustness of a 3D vision model without performing the verification. Because there will be always corner cases and adversarial input that can compromise the model's effectiveness. In this project, we describe a point cloud-based network verifier that successfully deals state of the art 3D classifier PointNet verifies the robustness by generating adversarial inputs. We have used extracted properties from the trained PointNet and changed certain factors for perturbation input. We calculate the impact on model accuracy versus property factor and can test PointNet network's robustness against a small collection of perturbing input states resulting from adversarial attacks like the suggested hybrid reverse signed attack. The experimental results reveal that the resilience property of PointNet is affected by our hybrid reverse signed perturbation strategy

翻译：摘要：基于实时激光雷达点云数据的三维视觉已成为自主系统研究的重要组成部分，尤其是感知与预测模块用于物体分类、分割与检测。尽管取得了成功，基于点云的网络模型易受多种对抗性攻击影响，其中验证集中特定因素的变化会导致训练良好的网络性能显著下降。现有大多数验证器能完美处理二维卷积，但由于复杂架构、超参数维度及三维卷积的限制，尚无验证器能执行基本的逐层验证。若不进行验证，则难以判定三维视觉模型的鲁棒性，因为始终存在可能削弱模型有效性的边缘案例与对抗性输入。在本项目中，我们描述了一种基于点云的网络验证器，它成功处理了最先进的三维分类器PointNet，通过生成对抗性输入验证鲁棒性。我们利用从训练后的PointNet中提取的属性，并改变扰动输入的某些因素。通过计算模型精度与属性因素的比值，可测试PointNet网络对因混合反向符号攻击等对抗性攻击产生的小规模扰动输入状态的鲁棒性。实验结果表明，我们提出的混合反向符号扰动策略会影响PointNet的弹性属性。