LEE- Bilgisayar Mühendisliği-Yüksek Lisans

Bu koleksiyon için kalıcı URI

http://hdl.handle.net/11527/19207

Gözat

Konu "adversarial attacks" ile LEE- Bilgisayar Mühendisliği-Yüksek Lisans'a göz atma
  • Öge
    Towards robustness in 3D point cloud analysis: Novel approaches to adversarial attacks and defences
    (Graduate School, 2025-01-21) Cengiz, Batuhan ; Ünal, Gözde ; 504211550 ; Computer Engineering
    This thesis explores the domain of adversarial robustness in 3D point cloud data, addressing both the offensive and the defensive aspects of adversarial interactions. The subject focuses on designing methods for adversarial attacks and defence mechanisms, particularly for applications in safety-critical domains like autonomous driving, robotics, and facial recognition. The first part of the study introduces a novel adversarial attack method, named the ε-Mesh Attack. This method confines perturbations to the surface of 3D meshes, preserving the structural integrity of facial data. Unlike traditional approaches that operate within a 3D ε-ball, the ε-Mesh Attack reduces the optimization domain to 2D triangular planes by employing two projection methods: Central projection and Perpendicular projection. These methods ensure that adversarial manipulations remain realistic while misleading classification models. Evaluations were conducted using PointNet and DGCNN models trained on well-known 3D datasets. The results demonstrate that the ε-Mesh Attack effectively compromises model performance while maintaining the original surface integrity. In the second part, the thesis proposes a novel defence mechanism called Point Cloud Layerwise Diffusion (PCLD). PCLD enhances robustness by employing a diffusion-based purification process that operates layer by layer within the neural network. The method involves training diffusion probabilistic models for each layer of a classifier, enabling hierarchical purification of adversarial perturbations. Suggested Point Cloud Layerwise Diffusion method was tested against state-of-the-art defence techniques and showed superior or comparable performance, particularly in defending against deeper-layer attacks. The conclusions derived from this research emphasize the importance of preserving structural integrity during adversarial attacks and the effectiveness of layerwise purification in defending against such attacks. The findings contribute to advancing secure and resilient 3D point cloud processing methods, paving the way for their safe deployment in critical applications. Future work aims to extend these methods into the temporal domain and adapt them to handle emerging adversarial strategies effectively.