PointCert: Point Cloud Classification with Deterministic Certified Robustness Guarantees
This work addresses security-critical applications such as autonomous driving and augmented reality by offering a more reliable defense against adversarial attacks on point cloud classification.
The authors tackled the vulnerability of point cloud classifiers to adversarial perturbations by proposing PointCert, a framework that provides deterministic certified robustness guarantees, and demonstrated that it substantially outperforms state-of-the-art probabilistic certified defenses on benchmark datasets like ModelNet and ScanObjectNN.
Point cloud classification is an essential component in many security-critical applications such as autonomous driving and augmented reality. However, point cloud classifiers are vulnerable to adversarially perturbed point clouds. Existing certified defenses against adversarial point clouds suffer from a key limitation: their certified robustness guarantees are probabilistic, i.e., they produce an incorrect certified robustness guarantee with some probability. In this work, we propose a general framework, namely PointCert, that can transform an arbitrary point cloud classifier to be certifiably robust against adversarial point clouds with deterministic guarantees. PointCert certifiably predicts the same label for a point cloud when the number of arbitrarily added, deleted, and/or modified points is less than a threshold. Moreover, we propose multiple methods to optimize the certified robustness guarantees of PointCert in three application scenarios. We systematically evaluate PointCert on ModelNet and ScanObjectNN benchmark datasets. Our results show that PointCert substantially outperforms state-of-the-art certified defenses even though their robustness guarantees are probabilistic.