STONE: Pioneering the One-to-N Universal Backdoor Threat in 3D Point Cloud

Backdoor attacks pose a critical threat to deep learning, especially in safety-sensitive 3D domains such as autonomous driving and robotics. While potent, existing attacks on 3D point clouds are predominantly limited to one-to-one paradigms. The more flexible and universal one-to-N multi-target backdoor threat remains largely unexplored, lacking both theoretical and practical foundations. To bridge this gap, we propose STONE (Spherical Trigger One-to-N universal backdoor Enabling), the first method to instantiate this threat via a configurable spherical trigger design. Its parameterized spatial properties establish a dynamic key space, enabling a single trigger to map to multiple target labels. Theoretically, we ground STONE in a Neural Tangent Kernel (NTK) analysis, providing the first formal basis for one-to-N mappings in 3D models. Empirically, extensive evaluations demonstrate high attack success rates (up to 100\%) without compromising clean-data accuracy. This work establishes a foundational benchmark for multi-target backdoor threats under dirty-label and black-box settings in 3D vision -- a crucial step toward securing future intelligent systems.

Key Contributions

• STONE: first one-to-N universal backdoor attack for 3D point clouds using a configurable spherical trigger whose parameterized spatial properties (e.g., radius, position) form a dynamic key space mapping to N distinct target labels
• Neural Tangent Kernel (NTK) theoretical analysis providing the first formal justification for one-to-N backdoor mappings in 3D models
• Empirical evaluation demonstrating up to 100% attack success rate in dirty-label and black-box settings without degrading clean-data accuracy

🛡️ Threat Analysis

Details

Similar Papers