TL;DR
This paper introduces APC, a lightweight purification module that generates instance-specific counter-perturbations to defend 3D point cloud recognition models against adversarial attacks, achieving high transferability and robustness.
Contribution
APC is a novel input-level purification method that enforces geometric and semantic consistency, enabling effective and transferable defense against diverse adversarial attacks.
Findings
APC achieves state-of-the-art defense performance on benchmark datasets.
APC demonstrates superior transferability across different models.
APC operates efficiently with negligible overhead during inference.
Abstract
The advent of deep neural networks has led to remarkable progress in 3D point cloud recognition, but they remain vulnerable to adversarial attacks. Although various defense methods have been studied, they suffer from a trade-off between robustness and transferability. We propose Adversarial Point Counterattack (APC) to achieve both simultaneously. APC is a lightweight input-level purification module that generates instance-specific counter-perturbations for each point, effectively neutralizing attacks. Leveraging clean-adversarial pairs, APC enforces geometric consistency in data space and semantic consistency in feature space. To improve generalizability across diverse attacks, we adopt a hybrid training strategy using adversarial point clouds from multiple attack types. Since APC operates purely on input point clouds, it directly transfers to unseen models and defends against attacks…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
