KNN-Defense: Defense against 3D Adversarial Point Clouds using Nearest-Neighbor Search
- URL: http://arxiv.org/abs/2506.06906v1
- Date: Sat, 07 Jun 2025 19:54:02 GMT
- Title: KNN-Defense: Defense against 3D Adversarial Point Clouds using Nearest-Neighbor Search
- Authors: Nima Jamali, Matina Mahdizadeh Sani, Hanieh Naderi, Shohreh Kasaei,
- Abstract summary: A defense strategy named KNN-Defense is proposed, grounded in the manifold assumption and nearest-neighbor search in feature space.<n>It restores inputs by leveraging the semantic similarity of neighboring samples from the training set.<n> Empirical results on the ModelNet40 dataset demonstrated that KNN-Defense significantly improves robustness across various attack types.
- Score: 8.96924004526559
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Deep neural networks (DNNs) have demonstrated remarkable performance in analyzing 3D point cloud data. However, their vulnerability to adversarial attacks-such as point dropping, shifting, and adding-poses a critical challenge to the reliability of 3D vision systems. These attacks can compromise the semantic and structural integrity of point clouds, rendering many existing defense mechanisms ineffective. To address this issue, a defense strategy named KNN-Defense is proposed, grounded in the manifold assumption and nearest-neighbor search in feature space. Instead of reconstructing surface geometry or enforcing uniform point distributions, the method restores perturbed inputs by leveraging the semantic similarity of neighboring samples from the training set. KNN-Defense is lightweight and computationally efficient, enabling fast inference and making it suitable for real-time and practical applications. Empirical results on the ModelNet40 dataset demonstrated that KNN-Defense significantly improves robustness across various attack types. In particular, under point-dropping attacks-where many existing methods underperform due to the targeted removal of critical points-the proposed method achieves accuracy gains of 20.1%, 3.6%, 3.44%, and 7.74% on PointNet, PointNet++, DGCNN, and PCT, respectively. These findings suggest that KNN-Defense offers a scalable and effective solution for enhancing the adversarial resilience of 3D point cloud classifiers. (An open-source implementation of the method, including code and data, is available at https://github.com/nimajam41/3d-knn-defense).
Related papers
- Revisiting Domain-Adaptive 3D Object Detection by Reliable, Diverse and
Class-balanced Pseudo-Labeling [38.07637524378327]
Unsupervised domain adaptation (DA) with the aid of pseudo labeling techniques has emerged as a crucial approach for domain-adaptive 3D object detection.
Existing DA methods suffer from a substantial drop in performance when applied to a multi-class training setting.
We propose a novel ReDB framework tailored for learning to detect all classes at once.
arXiv Detail & Related papers (2023-07-16T04:34:11Z) - Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive
Diffusion [70.60038549155485]
Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving.
This paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model.
arXiv Detail & Related papers (2022-11-29T14:32:43Z) - PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models
Against Adversarial Examples [63.84378007819262]
We propose PointCA, the first adversarial attack against 3D point cloud completion models.
PointCA can generate adversarial point clouds that maintain high similarity with the original ones.
We show that PointCA can cause a performance degradation from 77.9% to 16.7%, with the structure chamfer distance kept below 0.01.
arXiv Detail & Related papers (2022-11-22T14:15:41Z) - Understanding Key Point Cloud Features for Development Three-dimensional Adversarial Attacks [32.54336705252989]
Adversarial attacks pose serious challenges for deep neural network (DNN)-based analysis of various input signals.<n>This paper explores which point cloud features are most important for predicting adversarial points.<n>It is demonstrated that these features can predict adversarial points across four different DNN architectures.
arXiv Detail & Related papers (2022-10-19T21:52:01Z) - Robust Structured Declarative Classifiers for 3D Point Clouds: Defending
Adversarial Attacks with Implicit Gradients [27.738181762952006]
Current defenders often learn to denoise the adversarial point clouds by reconstruction, and then feed them to the adversarials as input.
We propose a family of robust structured declaratives for point cloud classification, where the internal constrained optimization mechanism can effectively defend adversarial attacks.
We demonstrate state-of-the-art point cloud classification performance on ModelNet40 and ScanNet under seven different attackers.
arXiv Detail & Related papers (2022-03-29T05:35:51Z) - PointAttN: You Only Need Attention for Point Cloud Completion [89.88766317412052]
Point cloud completion refers to completing 3D shapes from partial 3D point clouds.
We propose a novel neural network for processing point cloud in a per-point manner to eliminate kNNs.
The proposed framework, namely PointAttN, is simple, neat and effective, which can precisely capture the structural information of 3D shapes.
arXiv Detail & Related papers (2022-03-16T09:20:01Z) - LPF-Defense: 3D Adversarial Defense based on Frequency Analysis [11.496599300185915]
3D point cloud classification is still very vulnerable to adversarial attacks.
More adversarial perturbations are found in the mid and high-frequency components of input data.
By suppressing the high-frequency content in the training phase, the models against adversarial examples is improved.
arXiv Detail & Related papers (2022-02-23T03:31:25Z) - IF-Defense: 3D Adversarial Point Cloud Defense via Implicit Function
based Restoration [68.88711148515682]
Deep neural networks are vulnerable to various 3D adversarial attacks.
We propose an IF-Defense framework to directly optimize the coordinates of input points with geometry-aware and distribution-aware constraints.
Our results show that IF-Defense achieves the state-of-the-art defense performance against existing 3D adversarial attacks on PointNet, PointNet++, DGCNN, PointConv and RS-CNN.
arXiv Detail & Related papers (2020-10-11T15:36:40Z) - Local Grid Rendering Networks for 3D Object Detection in Point Clouds [98.02655863113154]
CNNs are powerful but it would be computationally costly to directly apply convolutions on point data after voxelizing the entire point clouds to a dense regular 3D grid.
We propose a novel and principled Local Grid Rendering (LGR) operation to render the small neighborhood of a subset of input points into a low-resolution 3D grid independently.
We validate LGR-Net for 3D object detection on the challenging ScanNet and SUN RGB-D datasets.
arXiv Detail & Related papers (2020-07-04T13:57:43Z) - Defense against Adversarial Attacks in NLP via Dirichlet Neighborhood
Ensemble [163.3333439344695]
Dirichlet Neighborhood Ensemble (DNE) is a randomized smoothing method for training a robust model to defense substitution-based attacks.
DNE forms virtual sentences by sampling embedding vectors for each word in an input sentence from a convex hull spanned by the word and its synonyms, and it augments them with the training data.
We demonstrate through extensive experimentation that our method consistently outperforms recently proposed defense methods by a significant margin across different network architectures and multiple data sets.
arXiv Detail & Related papers (2020-06-20T18:01:16Z) - Triangle-Net: Towards Robustness in Point Cloud Learning [0.0]
We propose a novel approach for 3D classification that can simultaneously achieve invariance towards rotation, positional shift, scaling, and is robust to point sparsity.
We show that our approach outperforms PointNet and 3DmFV by 35.0% and 28.1% respectively in ModelNet 40 classification tasks.
arXiv Detail & Related papers (2020-02-27T20:42:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.