Skip to content

Latest commit

 

History

History
5 lines (3 loc) · 2.44 KB

2410.08190.md

File metadata and controls

5 lines (3 loc) · 2.44 KB

Poison-splat: Computation Cost Attack on 3D Gaussian Splatting

3D Gaussian splatting (3DGS), known for its groundbreaking performance and efficiency, has become a dominant 3D representation and brought progress to many 3D vision tasks. However, in this work, we reveal a significant security vulnerability that has been largely overlooked in 3DGS: the computation cost of training 3DGS could be maliciously tampered by poisoning the input data. By developing an attack named Poison-splat, we reveal a novel attack surface where the adversary can poison the input images to drastically increase the computation memory and time needed for 3DGS training, pushing the algorithm towards its worst computation complexity. In extreme cases, the attack can even consume all allocable memory, leading to a Denial-of-Service (DoS) that disrupts servers, resulting in practical damages to real-world 3DGS service vendors. Such a computation cost attack is achieved by addressing a bi-level optimization problem through three tailored strategies: attack objective approximation, proxy model rendering, and optional constrained optimization. These strategies not only ensure the effectiveness of our attack but also make it difficult to defend with simple defensive measures. We hope the revelation of this novel attack surface can spark attention to this crucial yet overlooked vulnerability of 3DGS systems.

3D高斯点(3DGS)因其突破性的性能和效率,已成为主流的3D表示方式,并推动了许多3D视觉任务的发展。然而,在本研究中,我们揭示了3DGS中一个被广泛忽视的重要安全漏洞:训练3DGS的计算成本可能被通过输入数据投毒进行恶意篡改。通过开发一种名为Poison-splat的攻击,我们揭示了一个新的攻击面,攻击者可以投毒输入图像,从而大幅增加3DGS训练所需的计算内存和时间,将算法推向其最糟糕的计算复杂度。在极端情况下,攻击甚至可以消耗所有可分配的内存,导致拒绝服务(DoS),中断服务器,给实际的3DGS服务提供商带来损害。此类计算成本攻击是通过解决一个双层优化问题并结合三种定制策略实现的:攻击目标近似、代理模型渲染和可选的约束优化。这些策略不仅确保了攻击的有效性,还使得简单的防御措施难以抵御此类攻击。我们希望这一新型攻击面的揭示能够引起人们对3DGS系统这一重要但被忽视的漏洞的关注。