Less Is More: Sparse and Cooperative Perturbation for Point Cloud Attacks

Most adversarial attacks on point clouds perturb a large number of points, causing widespread geometric changes and limiting applicability in real-world scenarios. While recent works explore sparse attacks by modifying only a few points, such approaches often struggle to maintain effectiveness due to the limited influence of individual perturbations. In this paper, we propose SCP, a sparse and cooperative perturbation framework that selects and leverages a compact subset of points whose joint perturbations produce amplified adversarial effects. Specifically, SCP identifies the subset where the misclassification loss is locally convex with respect to their joint perturbations, determined by checking the positivedefiniteness of the corresponding Hessian block. The selected subset is then optimized to generate high-impact adversarial examples with minimal modifications. Extensive experiments show that SCP achieves 100% attack success rates, surpassing state-of-the-art sparse attacks, and delivers superior imperceptibility to dense attacks with far fewer modifications.

Key Contributions

• SCP framework that selects a sparse subset of points whose joint perturbations are cooperative (locally convex misclassification loss) via Hessian block positive-definiteness checking
• Optimization of the selected cooperative subset to produce high-impact adversarial examples with minimal geometric modification
• Achieves 100% attack success rate on point cloud classifiers, outperforming state-of-the-art sparse attacks while improving imperceptibility over dense attacks

🛡️ Threat Analysis

Details

Similar Papers