Targeted Adversarial Attacks on Generalizable Neural Radiance Fields
Andras Horvath, Csaba M. Jozsa
TL;DR
This paper explores how generalizable Neural Radiance Fields (NeRFs) can be vulnerable to adversarial attacks, including low-intensity and patch-based methods, capable of producing targeted, predefined scene outputs.
Contribution
It introduces novel targeted adversarial attack techniques on NeRFs, demonstrating their effectiveness and potential real-world implications.
Findings
Adversarial patches can reliably manipulate NeRF outputs.
Targeted attacks can produce specific scene reconstructions.
Low-intensity attacks can compromise NeRF models.
Abstract
Neural Radiance Fields (NeRFs) have recently emerged as a powerful tool for 3D scene representation and rendering. These data-driven models can learn to synthesize high-quality images from sparse 2D observations, enabling realistic and interactive scene reconstructions. However, the growing usage of NeRFs in critical applications such as augmented reality, robotics, and virtual environments could be threatened by adversarial attacks. In this paper we present how generalizable NeRFs can be attacked by both low-intensity adversarial attacks and adversarial patches, where the later could be robust enough to be used in real world applications. We also demonstrate targeted attacks, where a specific, predefined output scene is generated by these attack with success.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Generative Adversarial Networks and Image Synthesis