Provable Defense Against Clustering Attacks on 3D Point CloudsDownload PDF

Dishanika Dewani Denipitiyage, Thalaiyasingam Ajanthan, Parameswaran Kamalaruban, Adrian Weller

Published: 02 Dec 2021, Last Modified: 05 May 2023AAAI-22 AdvML Workshop LongPaperReaders: Everyone
Keywords: adversarial robustness, point cloud classification, randomized smoothing
Abstract: Lately, the literature on adversarial robustness spans from images to other domains such as point clouds. In this work, we consider clustering attacks on 3D point clouds and devise a provable defense mechanism to counter them. Specifically, we adopt a randomized smoothing strategy for 3D point clouds and derive a robustness certificate based on the cluster radius rather than the number of adversarial points. Our experiments on ModelNet40 and ScanObjectNN datasets using the PointNet classifier demonstrate the effectiveness of our defense mechanism against targeted and untargeted clustering attacks with a large number of adversarial points.
3 Replies

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview