Rethinking Transferable Adversarial Attacks on Point Clouds from a Compact Subspace Perspective

Transferable adversarial attacks on point clouds remain challenging, as existing methods often rely on model-specific gradients or heuristics that limit generalization to unseen architectures. In this paper, we rethink adversarial transferability from a compact subspace perspective and propose CoSA, a transferable attack framework that operates within a shared low-dimensional semantic space. Specifically, each point cloud is represented as a compact combination of class-specific prototypes that capture shared semantic structure, while adversarial perturbations are optimized within a low-rank subspace to induce coherent and architecture-agnostic variations. This design suppresses model-dependent noise and constrains perturbations to semantically meaningful directions, thereby improving cross-model transferability without relying on surrogate-specific artifacts. Extensive experiments on multiple datasets and network architectures demonstrate that CoSA consistently outperforms state-of-the-art transferable attacks, while maintaining competitive imperceptibility and robustness under common defense strategies. Codes will be made public upon paper acceptance.

Key Contributions

• Compact subspace perspective: represents point clouds as combinations of class-specific prototypes capturing shared semantic structure to improve adversarial transferability
• Low-rank perturbation optimization that suppresses model-specific gradient noise and constrains perturbations to architecture-agnostic, semantically meaningful directions
• CoSA consistently outperforms state-of-the-art transferable attacks across multiple datasets and network architectures while maintaining imperceptibility under common defenses

🛡️ Threat Analysis

Details

Similar Papers