Assessing the Operational Impact of Poisoning Attacks over Augmented 3D Point Cloud Public Datasets for Connected and Autonomous Vehicles
Summary
New research by Marwan Lazrag, Badis Hammi, and Joaquin Garcia-Alfaro assesses the operational impact of poisoning attacks on augmented 3D point cloud public datasets for Connected and Autonomous Vehicles (CAVs). The study found that data augmentation, specifically using Generative Adversarial Networks (GANs), can amplify the effects of poisoning attacks rather than sanitize them. Experiments conducted with the ModelNet dataset and an InceptionNet-based classifier demonstrated that at a 40% poisoning rate, the augmented scenario resulted in an MCC of 0.70, an F1 score of 0.79, and an Attack Success Rate (ASR) of 17.6%. This was significantly worse than the baseline's MCC of 0.88, F1 of 0.93, and ASR of 5.8%. This amplification led to a threefold increase in the probability of operational disruption for CAV decision-making functions, rising from 4% in the baseline to 13% in the augmented scenario at 40% poisoning. The research validates that poisoning evades augmentation's sanitizing nature, propagating through augmented datasets and perturbing general-purpose classifiers.
Key takeaway
For AI Security Engineers developing perception systems for Connected and Autonomous Vehicles, you must re-evaluate assumptions about data augmentation. Your current augmentation pipelines, particularly those using GANs for 3D point clouds, could amplify poisoning attacks. This leads to a threefold increase in operational disruption probability for critical decision-making functions. Implement robust verification steps before augmentation to filter malicious samples. Also, consider the operational impact quantification model to assess risks accurately.
Key insights
Data augmentation can amplify, not mitigate, poisoning attacks in 3D point cloud datasets for CAVs.
Principles
- Data augmentation may reinforce adversarial manipulations.
- Poisoning impact propagates through dependency graphs.
- 3D point clouds are sensitive to subtle perturbations.
Method
The study used a two-scenario experimental framework: classifier trained on original vs. augmented (3D-GAN) ModelNet data. Poisoned samples (50% points removed) were injected at 0-40% rates. Performance was evaluated using MCC, F1, and ASR.
In practice
- Evaluate augmentation's sanitizing effect on 3D point clouds.
- Quantify operational impact using ASR and dependency graphs.
- Consider clean-label adversaries in dataset security.
Topics
- Connected Autonomous Vehicles
- 3D Point Clouds
- Data Poisoning Attacks
- Data Augmentation
- Generative Adversarial Networks
- Operational Impact Assessment
Code references
- carla-simulator/carla
- ApolloAuto/apollo
- Marwanlz/Assessing_Operational_Impact_Poisoning_3d_PointCloud-CAV
Best for: Computer Vision Engineer, Research Scientist, AI Security Engineer, AI Scientist, Machine Learning Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.CV updates on arXiv.org.