D3AdvM: A direct 3D adversarial sample attack inside mesh data

Deep learning and neural networks are being extended to geometric design and computation. Recent studies show that deep neural networks are vulnerable to adversarial samples. However, for 3D mesh adversarial samples, the most related studies actually attack the 2D victim networks, in which they have to project 3D objects to 2D images. In this paper, we present D3AdvM (Direct 3D adversary for mesh) to directly generate adversarial samples inside mesh data. Specifically, we propose two adversary generation approaches: vertex-based and edge-based. The first one, 3DVP (3D Vertex-based Perturbation), skillfully searches the optimized vertices positions based on opposite gradient fitness. The second one, KES (Key Edge-based Selection), carefully collapses the key feature edges according to importance of edge feature. Thus, our approaches avoid 3D/2D projections and approximation errors. Also, our approach can reduce the computation overhead. In addition, the proposed D3AdvM can control the number of perturbed vertices for real-world engineering designs and applications. Extensive experiments show that the generated 3D meshes are effective to attack classification networks. Furthermore, we evaluate the transferability, in which D3AdvM can attack both mesh-based networks and point cloud-based networks as victim networks. Our findings could benefit 3D geometry design based on the new generation of artificial intelligence and big data. •This work is the first one to directly attack mesh-based neural networks with adversarial meshes in 3D space without the 2D projection.•We explore the characteristics of 3D mesh topological entities and propose both vertex-based and edge-based adversarial approaches.•D3AdvM can constrain the adversarial samples within a specific number to support high feasibility in real-world applications.•D3AdvM shows valuable transferability to attack different versions of mesh-based networks and even the point cloud-based networks.•Our findings could benefit 3D geometry design based on the new generation of artificial intelligence and big data.