RemedyGS: Defend 3D Gaussian Splatting against Computation Cost Attacks

TL;DR

RemedyGS is a comprehensive black-box defense framework that detects and recovers from computation cost attacks on 3D Gaussian splatting, ensuring system safety and performance.

Contribution

This work introduces the first effective defense framework against computation cost attacks on 3D Gaussian splatting, combining detection, purification, and adversarial training.

Findings

Effectively defends against various attack types

Achieves state-of-the-art safety and utility performance

Enhances robustness of 3D reconstruction systems

Abstract

As a mainstream technique for 3D reconstruction, 3D Gaussian splatting (3DGS) has been applied in a wide range of applications and services. Recent studies have revealed critical vulnerabilities in this pipeline and introduced computation cost attacks that lead to malicious resource occupancies and even denial-of-service (DoS) conditions, thereby hindering the reliable deployment of 3DGS. In this paper, we propose the first effective and comprehensive black-box defense framework, named RemedyGS, against such computation cost attacks, safeguarding 3DGS reconstruction systems and services. Our pipeline comprises two key components: a detector to identify the attacked input images with poisoned textures and a purifier to recover the benign images from their attacked counterparts, mitigating the adverse effects of these attacks. Moreover, we incorporate adversarial training into the purifier to enforce distributional alignment between the recovered and original natural images, thereby enhancing the defense efficacy. Experimental results demonstrate that our framework effectively defends against white-box, black-box, and adaptive attacks in 3DGS systems, achieving state-of-the-art performance in both safety and utility.