Benchmarking and Analyzing Robust Point Cloud Recognition: Bag of Tricks for Defending Adversarial Examples

by   Qiufan Ji, et al.
Huazhong University of Science u0026 Technology
New Jersey Institute of Technology
Rutgers University
The Hong Kong University of Science and Technology

Deep Neural Networks (DNNs) for 3D point cloud recognition are vulnerable to adversarial examples, threatening their practical deployment. Despite the many research endeavors have been made to tackle this issue in recent years, the diversity of adversarial examples on 3D point clouds makes them more challenging to defend against than those on 2D images. For examples, attackers can generate adversarial examples by adding, shifting, or removing points. Consequently, existing defense strategies are hard to counter unseen point cloud adversarial examples. In this paper, we first establish a comprehensive, and rigorous point cloud adversarial robustness benchmark to evaluate adversarial robustness, which can provide a detailed understanding of the effects of the defense and attack methods. We then collect existing defense tricks in point cloud adversarial defenses and then perform extensive and systematic experiments to identify an effective combination of these tricks. Furthermore, we propose a hybrid training augmentation methods that consider various types of point cloud adversarial examples to adversarial training, significantly improving the adversarial robustness. By combining these tricks, we construct a more robust defense framework achieving an average accuracy of 83.45% against various attacks, demonstrating its capability to enabling robust learners. Our codebase are open-sourced on: <>.


PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples

Point cloud completion, as the upstream procedure of 3D recognition and ...

Deflecting 3D Adversarial Point Clouds Through Outlier-Guided Removal

Neural networks are vulnerable to adversarial examples, which poses a th...

Benchmarking Adversarial Robustness

Deep neural networks are vulnerable to adversarial examples, which becom...

Passive Defense Against 3D Adversarial Point Clouds Through the Lens of 3D Steganalysis

Nowadays, 3D data plays an indelible role in the computer vision field. ...

Geometric Adversarial Attacks and Defenses on 3D Point Clouds

Deep neural networks are prone to adversarial examples that maliciously ...

Mitigating adversarial effects through randomization

Convolutional neural networks have demonstrated their powerful ability o...

Learning Saliency Maps for Adversarial Point-Cloud Generation

3D point-cloud recognition with deep neural network (DNN) has received r...

Please sign up or login with your details

Forgot password? Click here to reset