Backdoor Attacks for 3D Point Clouds
A Backdoor Attack against 3D Point Cloud Classifiers
Vulnerability of 3d point cloud (pc) classifiers has become a grave concern due to the popularity of 3d sensors in safety-critical applications.Here, we propose the first backdoor attack (ba)against 3d point cloud (pc)classifiers.Originally proposed for images, the attacker injects a cluster of points into a pc as a robust backdoor pattern customized for 3d pcs.Such clusters are also consistent with a physical attack (i.e., with a captured object in a scene).We optimize the cluster s location using an independently trained classifier and choose the cluster s local geometry to evade possible possible preprocessing and anomaly detectors (ads).Experimentally, our ba achieves a uniformly high success rate (87%) and shows evasiveness against state-of-the-art pc ads.Vulnerability of 3d point cloud (pc)classifiers has become a grave concern due to the popularity of 3d sensors in safety-critical applications.The vulnerability of 3d point cloud (pc)classifiers has become a grave concern due to the popularity of 3d sensors in safety-critical applications.
