Point cloud classification is an essential component in many security-critical applications such as autonomous driving and augmented reality. However, point cloud classifiers are vulnerable to adversarially perturbed point clouds. Existing certified defenses against adversarial point clouds suffer from a key limitation: their certified robustness guarantees are probabilistic, i.e., they produce an incorrect certified robustness guarantee with some probability. In this work, we propose a general framework, namely PointCert, that can transform an arbitrary point cloud classifier to be certifiably robust against adversarial point clouds with deterministic guarantees. PointCert certifiably predicts the same label for a point cloud when the number of arbitrarily added, deleted, and/or modified points is less than a threshold. Moreover, we propose multiple methods to optimize the certified robustness guarantees of PointCert in three application scenarios. We systematically evaluate PointCert on ModelNet and ScanObjectNN benchmark datasets. Our results show that PointCert substantially outperforms state-of-the-art certified defenses even though their robustness guarantees are probabilistic.

翻译：点云分类是自动驾驶、增强现实等众多安全关键应用中的重要组成部分。然而，点云分类器易受对抗性点云攻击的影响。现有的针对对抗性点云的认证防御存在一个关键局限性：其认证鲁棒性保证是概率性的，即它们会以一定概率产生错误的认证鲁棒性保证。本文提出一个通用框架PointCert，该框架能将任意点云分类器转化为具有确定性认证鲁棒性保证的鲁棒分类器，能够抵御对抗性点云攻击。当任意添加、删除和/或修改的点数小于阈值时，PointCert能够认证性地对同一标签进行预测。此外，我们针对三种应用场景提出了多种优化PointCert认证鲁棒性保证的方法。我们在ModelNet和ScanObjectNN基准数据集上对PointCert进行了系统评估。结果表明，即使现有最先进的认证防御方法的鲁棒性保证是概率性的，PointCert仍显著优于它们。