Deep Neural Networks (DNNs) for 3D point cloud recognition are vulnerable to adversarial examples, threatening their practical deployment. Despite the many research endeavors have been made to tackle this issue in recent years, the diversity of adversarial examples on 3D point clouds makes them more challenging to defend against than those on 2D images. For examples, attackers can generate adversarial examples by adding, shifting, or removing points. Consequently, existing defense strategies are hard to counter unseen point cloud adversarial examples. In this paper, we first establish a comprehensive, and rigorous point cloud adversarial robustness benchmark to evaluate adversarial robustness, which can provide a detailed understanding of the effects of the defense and attack methods. We then collect existing defense tricks in point cloud adversarial defenses and then perform extensive and systematic experiments to identify an effective combination of these tricks. Furthermore, we propose a hybrid training augmentation methods that consider various types of point cloud adversarial examples to adversarial training, significantly improving the adversarial robustness. By combining these tricks, we construct a more robust defense framework achieving an average accuracy of 83.45\% against various attacks, demonstrating its capability to enabling robust learners. Our codebase are open-sourced on: \url{https://github.com/qiufan319/benchmark_pc_attack.git}.

翻译：深度神经网络（DNNs）在三维点云识别任务中易受对抗样本攻击，这严重威胁了其实际部署。尽管近年来已有诸多研究致力于解决该问题，但三维点云上对抗样本的多样性（例如攻击者可通过增删或偏移点来生成对抗样本）使得其防御难度远超二维图像。现有防御策略难以应对未见过的点云对抗样本。本文首先构建了一个全面且严谨的点云对抗鲁棒性基准测试框架，用于评估对抗鲁棒性，从而深入理解防御与攻击方法的影响。随后，我们系统梳理了点云对抗防御中的现有技巧，并通过大量系统性实验筛选出这些技巧的有效组合。此外，我们提出了一种混合训练增强方法，将多种类型的点云对抗样本融入对抗训练，显著提升了鲁棒性。通过整合这些技巧，我们构建了一个更鲁棒的防御框架，在多种攻击下平均准确率达到83.45%，验证了其赋能鲁棒学习器的能力。我们的代码库已在\url{https://github.com/qiufan319/benchmark_pc_attack.git}开源。