UNDREAM: Bridging Differentiable Rendering and Photorealistic Simulation for End-to-end Adversarial Attacks

Deep learning models deployed in safety critical applications like autonomous driving use simulations to test their robustness against adversarial attacks in realistic conditions. However, these simulations are non-differentiable, forcing researchers to create attacks that do not integrate simulation environmental factors, reducing attack success. To address this limitation, we introduce UNDREAM, the first software framework that bridges the gap between photorealistic simulators and differentiable renderers to enable end-to-end optimization of adversarial perturbations on any 3D objects. UNDREAM enables manipulation of the environment by offering complete control over weather, lighting, backgrounds, camera angles, trajectories, and realistic human and object movements, thereby allowing the creation of diverse scenes. We showcase a wide array of distinct physically plausible adversarial objects that UNDREAM enables researchers to swiftly explore in different configurable environments. This combination of photorealistic simulation and differentiable optimization opens new avenues for advancing research of physical adversarial attacks.

Key Contributions

• UNDREAM: first software framework bridging photorealistic simulators (Unreal Engine) with differentiable renderers for end-to-end adversarial texture optimization on arbitrarily shaped 3D objects
• Automatic 3D transformation pipeline that embeds adversarial textures natively in simulation, preserving lighting, perspective, and material interactions during gradient optimization
• Open-source implementation enabling researchers to optimize physical adversarial attacks across configurable environments (weather, lighting, camera angle, trajectories) with minimal code changes

🛡️ Threat Analysis

Details

Similar Papers