CloudFort: Enhancing Robustness of 3D Point Cloud Classification Against Backdoor Attacks via Spatial Partitioning and Ensemble Prediction

TL;DR

CloudFort is a novel defense method that improves the robustness of 3D point cloud classifiers against backdoor attacks by using spatial partitioning and ensemble prediction, maintaining accuracy on clean data.

Contribution

This paper introduces CloudFort, a new defense mechanism combining spatial partitioning and ensemble prediction to mitigate backdoor attacks in 3D point cloud classification.

Findings

CloudFort significantly reduces backdoor attack success rates.

It maintains high accuracy on clean point cloud data.

Demonstrates robustness against Point Cloud Backdoor Attack (PCBA).

Abstract

The increasing adoption of 3D point cloud data in various applications, such as autonomous vehicles, robotics, and virtual reality, has brought about significant advancements in object recognition and scene understanding. However, this progress is accompanied by new security challenges, particularly in the form of backdoor attacks. These attacks involve inserting malicious information into the training data of machine learning models, potentially compromising the model's behavior. In this paper, we propose CloudFort, a novel defense mechanism designed to enhance the robustness of 3D point cloud classifiers against backdoor attacks. CloudFort leverages spatial partitioning and ensemble prediction techniques to effectively mitigate the impact of backdoor triggers while preserving the model's performance on clean data. We evaluate the effectiveness of CloudFort through extensive experiments, demonstrating its strong resilience against the Point Cloud Backdoor Attack (PCBA). Our results show that CloudFort significantly enhances the security of 3D point cloud classification models without compromising their accuracy on benign samples. Furthermore, we explore the limitations of CloudFort and discuss potential avenues for future research in the field of 3D point cloud security. The proposed defense mechanism represents a significant step towards ensuring the trustworthiness and reliability of point-cloud-based systems in real-world applications.