Abstract
Many machine learning classifiers are vulnerable to adversarial attacks,inputs with perturbations designed to intentionally trigger misclassification.Modern adversarial methods either directly alter pixel colors, or "paint"colors onto a 3D shapes. We propose novel adversarial attacks that directlyalter the geometry of 3D objects and/or manipulate the lighting in a virtualscene. We leverage a novel differentiable renderer that is efficient toevaluate and analytically differentiate. Our renderer generates imagesrealistic enough for correct classification by common pre-trained models, andwe use it to design physical adversarial examples that consistently fool thesemodels. We conduct qualitative and quantitate experiments to validate ouradversarial geometry and adversarial lighting attack capabilities.