Improving Adversarial Robustness for 3D Point Cloud Recognition at Test-Time through Purified Self-Training

TL;DR

This paper introduces a test-time purified self-training approach to enhance adversarial robustness in 3D point cloud recognition, addressing computational overhead and streaming data challenges with adaptive techniques.

Contribution

It proposes a novel dynamic self-training method with adaptive thresholding and feature alignment to improve robustness against evolving adversarial attacks.

Findings

Method is effective against various adversarial attacks.

Enhances robustness in streaming test scenarios.

Complementary to existing purification techniques.

Abstract

Recognizing 3D point cloud plays a pivotal role in many real-world applications. However, deploying 3D point cloud deep learning model is vulnerable to adversarial attacks. Despite many efforts into developing robust model by adversarial training, they may become less effective against emerging attacks. This limitation motivates the development of adversarial purification which employs generative model to mitigate the impact of adversarial attacks. In this work, we highlight the remaining challenges from two perspectives. First, the purification based method requires retraining the classifier on purified samples which introduces additional computation overhead. Moreover, in a more realistic scenario, testing samples arrives in a streaming fashion and adversarial samples are not isolated from clean samples. These challenges motivates us to explore dynamically update model upon observing testing samples. We proposed a test-time purified self-training strategy to achieve this objective. Adaptive thresholding and feature distribution alignment are introduced to improve the robustness of self-training. Extensive results on different adversarial attacks suggest the proposed method is complementary to purification based method in handling continually changing adversarial attacks on the testing data stream.