The widespread deployment of Deep Neural Networks (DNNs) for 3D point cloud processing starkly contrasts with their susceptibility to security breaches, notably backdoor attacks. These attacks hijack DNNs during training, embedding triggers in the data that, once activated, cause the network to make predetermined errors while maintaining normal performance on unaltered data. This vulnerability poses significant risks, especially given the insufficient research on robust defense mechanisms for 3D point cloud networks against such sophisticated threats. Existing attacks either struggle to resist basic point cloud pre-processing methods, or rely on delicate manual design. Exploring simple, effective, imperceptible, and difficult-to-defend triggers in 3D point clouds is still challenging.To address these challenges, we introduce MirrorAttack, a novel effective 3D backdoor attack method, which implants the trigger by simply reconstructing a clean point cloud with an auto-encoder. The data-driven nature of the MirrorAttack obviates the need for complex manual design. Minimizing the reconstruction loss automatically improves imperceptibility. Simultaneously, the reconstruction network endows the trigger with pronounced nonlinearity and sample specificity, rendering traditional preprocessing techniques ineffective in eliminating it. A trigger smoothing module based on spherical harmonic transformation is also attached to regulate the intensity of the attack.Both quantitive and qualitative results verify the effectiveness of our method. We achieve state-of-the-art ASR on different types of victim models with the intervention of defensive techniques. Moreover, the minimal perturbation introduced by our trigger, as assessed by various metrics, attests to the method's stealth, ensuring its imperceptibility.

翻译：深度神经网络（DNN）在3D点云处理中的广泛应用与它们易受安全漏洞（尤其是后门攻击）的脆弱性形成了鲜明对比。后门攻击在训练过程中劫持DNN，向数据中植入触发器，一旦激活便会导致网络产生预设错误，同时保持对未修改数据的正常性能。这一漏洞带来了重大风险，尤其考虑到针对此类复杂威胁的3D点云网络鲁棒防御机制的研究仍不充分。现有攻击要么难以抵抗基本的点云预处理方法，要么依赖精细的手动设计。探索3D点云中简单、有效、隐蔽且难以防御的触发器仍具挑战性。为此，我们提出MirrorAttack——一种新型高效的3D后门攻击方法，通过使用自编码器简单重构干净点云来植入触发器。其数据驱动的特性避免了复杂的手动设计，最小化重构损失自动提升了隐蔽性。同时，重构网络赋予触发器显著的非线性和样本特异性，使传统预处理技术难以消除。我们还附加了基于球谐变换的触发器平滑模块，以调控攻击强度。定量与定性结果均验证了本方法的有效性。在防御技术干预下，我们在不同类型的受害模型上取得了最先进的攻击成功率（ASR）。此外，通过多种指标评估，我们的触发器引入的微小扰动证明了该方法的隐蔽性，确保了其难以察觉的特性。