3D Gaussian Splatting (3DGS) is vulnerable to computationally intensive adversarial attacks that exhaust system resources and cause denial-of-service, severely compromising its practical deployment security. To address this, we propose the first black-box defense framework specifically designed for 3DGS, comprising two core components: poison-texture detection and image purification. We innovatively integrate adversarial training to align source and target data distributions, significantly enhancing both robustness and reconstruction fidelity. Our deep learning–based method operates without access to model internals, enabling effective identification and restoration of corrupted inputs. Extensive experiments demonstrate consistent defense efficacy under white-box, black-box, and adaptive attack settings, with reconstruction quality degradation below 1.2%. The framework achieves state-of-the-art security performance while maintaining computational efficiency, offering a practical, deployable security solution for real-world 3DGS systems.

As a mainstream technique for 3D reconstruction, 3D Gaussian splatting (3DGS) has been applied in a wide range of applications and services. Recent studies have revealed critical vulnerabilities in this pipeline and introduced computation cost attacks that lead to malicious resource occupancies and even denial-of-service (DoS) conditions, thereby hindering the reliable deployment of 3DGS. In this paper, we propose the first effective and comprehensive black-box defense framework, named RemedyGS, against such computation cost attacks, safeguarding 3DGS reconstruction systems and services. Our pipeline comprises two key components: a detector to identify the attacked input images with poisoned textures and a purifier to recover the benign images from their attacked counterparts, mitigating the adverse effects of these attacks. Moreover, we incorporate adversarial training into the purifier to enforce distributional alignment between the recovered and original natural images, thereby enhancing the defense efficacy. Experimental results demonstrate that our framework effectively defends against white-box, black-box, and adaptive attacks in 3DGS systems, achieving state-of-the-art performance in both safety and utility.