Rethinking Transferable Adversarial Attacks on Point Clouds from a Compact Subspace Perspective

TL;DR

This paper introduces CoSA, a novel transferable adversarial attack framework for point clouds that operates within a shared low-dimensional semantic space, enhancing transferability across different models.

Contribution

The paper proposes a compact subspace approach for adversarial attacks on point clouds, improving transferability without relying on model-specific gradients or heuristics.

Findings

CoSA outperforms existing transferable attack methods across multiple datasets.

The approach maintains high imperceptibility and robustness against defenses.

It effectively suppresses model-dependent noise and focuses on semantic directions.

Abstract

Transferable adversarial attacks on point clouds remain challenging, as existing methods often rely on model-specific gradients or heuristics that limit generalization to unseen architectures. In this paper, we rethink adversarial transferability from a compact subspace perspective and propose CoSA, a transferable attack framework that operates within a shared low-dimensional semantic space. Specifically, each point cloud is represented as a compact combination of class-specific prototypes that capture shared semantic structure, while adversarial perturbations are optimized within a low-rank subspace to induce coherent and architecture-agnostic variations. This design suppresses model-dependent noise and constrains perturbations to semantically meaningful directions, thereby improving cross-model transferability without relying on surrogate-specific artifacts. Extensive experiments on multiple datasets and network architectures demonstrate that CoSA consistently outperforms state-of-the-art transferable attacks, while maintaining competitive imperceptibility and robustness under common defense strategies. Codes will be made public upon paper acceptance.