RemedyGS: Defend 3D Gaussian Splatting against Computation Cost Attacks

As a mainstream technique for 3D reconstruction, 3D Gaussian splatting (3DGS) has been applied in a wide range of applications and services. Recent studies have revealed critical vulnerabilities in this pipeline and introduced computation cost attacks that lead to malicious resource occupancies and even denial-of-service (DoS) conditions, thereby hindering the reliable deployment of 3DGS. In this paper, we propose the first effective and comprehensive black-box defense framework, named RemedyGS, against such computation cost attacks, safeguarding 3DGS reconstruction systems and services. Our pipeline comprises two key components: a detector to identify the attacked input images with poisoned textures and a purifier to recover the benign images from their attacked counterparts, mitigating the adverse effects of these attacks. Moreover, we incorporate adversarial training into the purifier to enforce distributional alignment between the recovered and original natural images, thereby enhancing the defense efficacy. Experimental results demonstrate that our framework effectively defends against white-box, black-box, and adaptive attacks in 3DGS systems, achieving state-of-the-art performance in both safety and utility.

Key Contributions

• First black-box defense framework (RemedyGS) against computation cost attacks on 3D Gaussian Splatting systems
• Two-component pipeline combining an adversarial input detector (identifies poisoned-texture images) and an image purifier that recovers benign inputs
• Adversarial training integrated into the purifier to enforce distributional alignment between recovered and natural images, improving defense efficacy against adaptive attacks

🛡️ Threat Analysis

Details

Similar Papers