StealthAttack: Robust 3D Gaussian Splatting Poisoning via Density-Guided Illusions
Bo-Hsu Ke, You-Zhe Xie, Yu-Lun Liu, Wei-Chen Chiu
TL;DR
The paper tackles data-poisoning risks for explicit 3D scene representations by attacking 3D Gaussian Splatting (3DGS) with a density-guided poisoning strategy. It leverages Kernel Density Estimation to locate low-density regions in the initial 3D Gaussian point cloud and backprojects illusory object points along rays from a targeted viewpoint, embedding convincing illusions while preserving innocent-view fidelity; an additional View Consistency Disruption attack injects adaptive Gaussian noise into non-target views to weaken multi-view consistency. A KDE-based evaluation protocol benchmarks attack difficulty across scenes, and extensive experiments on Mip-NeRF360, Tanks & Temples, and Free datasets show superior illusion quality and robustness against baselines like IPA-NeRF and IPA-Splat. The work highlights critical security vulnerabilities in 3D representations and provides a framework and benchmarks to guide defense research and future investigations into robust neural rendering systems.
Abstract
3D scene representation methods like Neural Radiance Fields (NeRF) and 3D Gaussian Splatting (3DGS) have significantly advanced novel view synthesis. As these methods become prevalent, addressing their vulnerabilities becomes critical. We analyze 3DGS robustness against image-level poisoning attacks and propose a novel density-guided poisoning method. Our method strategically injects Gaussian points into low-density regions identified via Kernel Density Estimation (KDE), embedding viewpoint-dependent illusory objects clearly visible from poisoned views while minimally affecting innocent views. Additionally, we introduce an adaptive noise strategy to disrupt multi-view consistency, further enhancing attack effectiveness. We propose a KDE-based evaluation protocol to assess attack difficulty systematically, enabling objective benchmarking for future research. Extensive experiments demonstrate our method's superior performance compared to state-of-the-art techniques. Project page: https://hentci.github.io/stealthattack/