APC: Transferable and Efficient Adversarial Point Counterattack for Robust 3D Point Cloud Recognition

The advent of deep neural networks has led to remarkable progress in 3D point cloud recognition, but they remain vulnerable to adversarial attacks. Although various defense methods have been studied, they suffer from a trade-off between robustness and transferability. We propose Adversarial Point Counterattack (APC) to achieve both simultaneously. APC is a lightweight input-level purification module that generates instance-specific counter-perturbations for each point, effectively neutralizing attacks. Leveraging clean-adversarial pairs, APC enforces geometric consistency in data space and semantic consistency in feature space. To improve generalizability across diverse attacks, we adopt a hybrid training strategy using adversarial point clouds from multiple attack types. Since APC operates purely on input point clouds, it directly transfers to unseen models and defends against attacks targeting them without retraining. At inference, a single APC forward pass provides purified point clouds with negligible time and parameter overhead. Extensive experiments on two 3D recognition benchmarks demonstrate that the APC achieves state-of-the-art defense performance. Furthermore, cross-model evaluations validate its superior transferability. The code is available at https://github.com/gyjung975/APC.

Key Contributions

• Lightweight input-level purification module that generates instance-specific counter-perturbations for adversarial point clouds
• Hybrid training strategy using multiple attack types to improve generalizability across diverse adversarial attacks
• Transferable defense that works on unseen models without retraining, with negligible computational overhead

🛡️ Threat Analysis

Details

Similar Papers