Rigid Body Adversarial Attacks

TL;DR

The paper addresses vulnerabilities in rigid body simulators by constructing perceptually stiff adversarial objects that share the reference's geometry and mass moments $m_0$, $m_1$, and $m_2$ to match rigid trajectories while maximizing differences in deformable simulations. It leverages a differentiable deformable simulator and the adjoint method to optimize per-element material properties and occupancy under bounds on $Y$, $\nu$, $\rho$, and $\alpha$, with a soft constraint enforcing mass moments and a cost that prioritizes deformable trajectory divergence $|| q_{adv}(t_{end}) - q_{ref}(t_{end}) ||^2$. The approach is validated on several objects using Polyfem and commercial simulators, revealing significant trajectory deviations in deformable dynamics despite identical rigid body behavior. These findings highlight potential safety risks in robotics and planning pipelines that rely on rigid body models and suggest directions for improving simulator robustness, including material libraries, anisotropy, multiscale modeling, and adversarial training.

Abstract

Due to their performance and simplicity, rigid body simulators are often used in applications where the objects of interest can considered very stiff. However, no material has infinite stiffness, which means there are potentially cases where the non-zero compliance of the seemingly rigid object can cause a significant difference between its trajectories when simulated in a rigid body or deformable simulator. Similarly to how adversarial attacks are developed against image classifiers, we propose an adversarial attack against rigid body simulators. In this adversarial attack, we solve an optimization problem to construct perceptually rigid adversarial objects that have the same collision geometry and moments of mass to a reference object, so that they behave identically in rigid body simulations but maximally different in more accurate deformable simulations. We demonstrate the validity of our method by comparing simulations of several examples in commercially available simulators.

Figures (14)

• Figure 1: We construct an adversarial ball (right) out of perceptually stiff materials (with a minimum Young's modulus of 2.5 GPa), such that it results in a maximally different deformable simulation trajectory (middle) compared to a reference ball while having identical physical moments and thus trajectories in a rigid body simulation (left).
• Figure 2: For a given geometry, there can be many mass density distributions that have identical moments of mass. Above are three visually different density distributions on a mesh that have the same total mass, center of mass, and moment of inertia.
• Figure 3: We simulate a star colliding off of the ground and a wall in a rigid body simulator (left). From it, we construct an adversarial object (middle) that has identical surface geometries and first three moments of mass, and simulate it in a deformable simulator (middle). On the right, we show the difference in trajectories. Note that the angular difference means separation will grow over time and the effect can cascade through subsequent contacts.
• Figure 4: Our differentiable physics simulator allows us to construct adversarial objects using a first order optimization method.
• Figure 5: Our geometrically motivated smoothing operator from Eq. \ref{['eq:gradient-blurring']} is used to smooth an element defined function on an irregular mesh.