Research On Generation Of Adversarial Examples Based On Graphics

With the rapid development of the research and application of artificial intelligence,neural network and deep learning has become one of the hottest research field in computer science and technology.However,in recent years,studies show that there may exist serious flaws in deep neural networks,as adversarial examples can cause fatal error with deep learning models.Adversarial examples are a kind of deliberately modified data examples,which mislead the neural network to give a wrong results when input to the model.So far the main concerns of computer vision and deep learning on adversarial examples focus on image field,which modify the direct input image of learning models.These methods are easy to operate in research studies,but are highly restricted in actual application,thus may sort of lack practical significance.In this thesis,we focus on 3D graphics and research on generation and application of adversarial examples from aspects of the texture,mesh and render process in computer graphics.For textures,we use methods based on the basic iteration method to modify the origin texture of a 3d object and get the adversarial texture.As the modification of a texture bitmap is not the same as the change of a normal image,we study and compare the feasibility and robustness of the two techniques and give the method to generate adversarial textures.Meanwhile,we research on the transferability of adversarial textures,and find that the modification on one texture can also work on some other textures.For meshes,we modify the vertex location coordinates of the mesh model in a technique similar with BIM and get the adversarial mesh.One of the main difficult points is that normal renderers are not differentiable to image pixels and vertex locations of the 3D model,thus it cannot be optimized with gradient measures.In this thesis we use a differentiable renderer based on NMR,and use several assumptions to avoid the problem of differentiability of traditional renderers and generate adversarial mesh models based on gradient decent.Meanwhile,we take use of the EOT in image domain and expand it to 3D space in order to enhance the robustness of our adversarial attack.For illumination of render process,we render the 3D object with adversarial illumination,which generates from gradient decent method.As mentioned above,traditional renderers are not differentiable to illumination parameters.We solve the problem with the renderer based on spherical harmonic function,and use some assumptions to simplify the render process to achieve the gradient descent method for lighting parameters of the scene,and finally generate the adversarial examples based on illumination conditions.Finally,we summary the methods and process of the adversarial attack based on graphics,conclude our main works and propose an outlook on related researches.