Generative strategy based backdoor attacks to 3D point clouds: work-in-progress

Abstract

3D deep learning has been applied in safety-critical scenarios, e.g., autonomous driving. Several works have raised the security problems of 3D deep learnings mainly from the perspective of adversarial attacks. In this paper, we propose a novel backdoor attack method to threaten 3D deep learning without the original training data. Several neurons are selected and made sensitive to backdoor triggers. The backdoor triggers are generated by reversing neural network, and the shape of which is constrained to map the objects in the physical world. Sufficient training data can be also generated by reverse engineering. Finally, retraining with the generated 3D trigger and training data is applied to inject backdoors, which is in no need of accessing the original training process and data.