Related papers: PWAVEP: Purifying Imperceptible Adversarial Perturbations in 3D Point Clouds via Spectral Graph Wavelets

PWAVEP: Purifying Imperceptible Adversarial Perturbations in 3D Point Clouds via Spectral Graph Wavelets

URL: http://arxiv.org/abs/2602.03333v1
Date: Tue, 03 Feb 2026 10:00:04 GMT
Title: PWAVEP: Purifying Imperceptible Adversarial Perturbations in 3D Point Clouds via Spectral Graph Wavelets
Authors: Haoran Li, Renyang Liu, Hongjia Liu, Chen Wang, Long Yin, Jian Xu,
Abstract summary: adversarial attacks on 3D point clouds present significant challenges for defenders.<n>We propose a plug-and-play and non-invasive defense mechanism in the spectral domain.<n>We show that the proposed PWAVEP achieves superior accuracy and robustness compared to existing approaches.
Score: 8.051098153943704
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Recent progress in adversarial attacks on 3D point clouds, particularly in achieving spatial imperceptibility and high attack performance, presents significant challenges for defenders. Current defensive approaches remain cumbersome, often requiring invasive model modifications, expensive training procedures or auxiliary data access. To address these threats, in this paper, we propose a plug-and-play and non-invasive defense mechanism in the spectral domain, grounded in a theoretical and empirical analysis of the relationship between imperceptible perturbations and high-frequency spectral components. Building upon these insights, we introduce a novel purification framework, termed PWAVEP, which begins by computing a spectral graph wavelet domain saliency score and local sparsity score for each point. Guided by these values, PWAVEP adopts a hierarchical strategy, it eliminates the most salient points, which are identified as hardly recoverable adversarial outliers. Simultaneously, it applies a spectral filtering process to a broader set of moderately salient points. This process leverages a graph wavelet transform to attenuate high-frequency coefficients associated with the targeted points, thereby effectively suppressing adversarial noise. Extensive evaluations demonstrate that the proposed PWAVEP achieves superior accuracy and robustness compared to existing approaches, advancing the state-of-the-art in 3D point cloud purification. Code and datasets are available at https://github.com/a772316182/pwavep

Related papers

DefenseSplat: Enhancing the Robustness of 3D Gaussian Splatting via Frequency-Aware Filtering [16.115612700186023]
3D Gaussian Splatting (3DGS) has emerged as a powerful paradigm for real-time and high-fidelity 3D reconstruction from posed images.<n>Recent studies reveal its vulnerability to adversarial corruptions in input views, where imperceptible yet consistent perturbations can drastically degrade rendering quality.<n>We propose a frequency-aware defense strategy that reconstructs training views by filtering high-frequency noise while preserving low-frequency content.
arXiv Detail & Related papers (2026-02-22T20:00:02Z)
SEA: Spectral Edge Attacks on Graph Neural Networks [1.066048003460524]
We propose a new family of adversarial attacks that leverage spectral robustness evaluation to guide perturbations.<n>We introduce two complementary attack variants: (i) a Spade-guided deletion attack that removes the most spectrally robust edges, and (ii) a Spade-guided addition attack that inserts edges between nodes that are maximally incompatible in the fragile spectral space.
arXiv Detail & Related papers (2025-11-30T01:40:15Z)
Certified L2-Norm Robustness of 3D Point Cloud Recognition in the Frequency Domain [5.537678998880092]
3D point cloud classification is a fundamental task in safety-critical applications such as autonomous driving, robotics, and augmented reality.<n>Existing certified defenses limit point-wise perturbations but overlook subtle geometric distortions that preserve individual points yet alter the overall structure.<n>We propose FreqCert, a novel certification framework that shifts robustness analysis to the frequency domain, enabling structured certification against global L2-bounded perturbations.
arXiv Detail & Related papers (2025-11-10T12:24:35Z)
Stealthy Patch-Wise Backdoor Attack in 3D Point Cloud via Curvature Awareness [52.780853311462636]
Backdoor attacks pose a severe threat to deep neural networks (DNNs)<n>Existing 3D point cloud backdoor attacks rely on sample-wise global modifications.<n>We propose the Stealthy Patch-Wise Backdoor Attack (SPBA), the first patch-wise backdoor attack framework for 3D point clouds.
arXiv Detail & Related papers (2025-03-12T12:30:59Z)
Hard-Label Black-Box Attacks on 3D Point Clouds [66.52447238776482]
We introduce a novel 3D attack method based on a new spectrum-aware decision boundary algorithm to generate high-quality adversarial samples.<n>Experiments demonstrate that our attack competitively outperforms existing white/black-box attackers in terms of attack performance and adversary quality.
arXiv Detail & Related papers (2024-11-30T09:05:02Z)
Spatial-Frequency Discriminability for Revealing Adversarial Perturbations [53.279716307171604]
Vulnerability of deep neural networks to adversarial perturbations has been widely perceived in the computer vision community. Current algorithms typically detect adversarial patterns through discriminative decomposition for natural and adversarial data. We propose a discriminative detector relying on a spatial-frequency Krawtchouk decomposition.
arXiv Detail & Related papers (2023-05-18T10:18:59Z)
Ada3Diff: Defending against 3D Adversarial Point Clouds via Adaptive Diffusion [70.60038549155485]
Deep 3D point cloud models are sensitive to adversarial attacks, which poses threats to safety-critical applications such as autonomous driving. This paper introduces a novel distortion-aware defense framework that can rebuild the pristine data distribution with a tailored intensity estimator and a diffusion model.
arXiv Detail & Related papers (2022-11-29T14:32:43Z)
Point Cloud Attacks in Graph Spectral Domain: When 3D Geometry Meets Graph Signal Processing [30.86044518259855]
Point cloud learning models have been shown to be vulnerable to adversarial attacks. We propose the graph spectral domain attack, aiming to perturb graph transform coefficients in the spectral domain that corresponds to varying geometric structure. Experimental results demonstrate the effectiveness of the proposed attack in terms of both the imperceptibility and attack success rates.
arXiv Detail & Related papers (2022-07-27T07:02:36Z)
Multi-Discriminator Sobolev Defense-GAN Against Adversarial Attacks for End-to-End Speech Systems [78.5097679815944]
This paper introduces a defense approach against end-to-end adversarial attacks developed for cutting-edge speech-to-text systems. First, we represent speech signals with 2D spectrograms using the short-time Fourier transform. Second, we iteratively find a safe vector using a spectrogram subspace projection operation. Third, we synthesize a spectrogram with such a safe vector using a novel GAN architecture trained with Sobolev integral probability metric.
arXiv Detail & Related papers (2021-03-15T01:11:13Z)
WaveTransform: Crafting Adversarial Examples via Input Decomposition [69.01794414018603]
We introduce WaveTransform', that creates adversarial noise corresponding to low-frequency and high-frequency subbands, separately (or in combination) Experiments show that the proposed attack is effective against the defense algorithm and is also transferable across CNNs.
arXiv Detail & Related papers (2020-10-29T17:16:59Z)
Hypergraph Spectral Analysis and Processing in 3D Point Cloud [80.25162983501308]
3D point clouds have become a fundamental data structure to characterize 3D objects and surroundings. To process 3D point clouds efficiently, a suitable model for the underlying structure and outlier noises is always critical. We propose a hypergraph-based new point cloud model that is amenable to efficient analysis and processing.
arXiv Detail & Related papers (2020-01-08T05:30:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.