This work addresses the vulnerability of 3D point cloud recognition models to adversarial attacks and the challenge of achieving both robustness and cross-model transferability in existing defenses. The authors propose APC, a lightweight input-level purification module that generates instance-specific anti-perturbations for each point, neutralizing attacks through geometric consistency constraints and semantic alignment in feature space. By incorporating mixed adversarial examples during training, APC enhances generalization without requiring model retraining. Notably, it enables efficient cross-model defense with only a single forward pass and minimal computational overhead. Evaluated on two mainstream 3D recognition benchmarks, APC demonstrates state-of-the-art defensive performance and strong transferability across diverse architectures.

The advent of deep neural networks has led to remarkable progress in 3D point cloud recognition, but they remain vulnerable to adversarial attacks. Although various defense methods have been studied, they suffer from a trade-off between robustness and transferability. We propose Adversarial Point Counterattack (APC) to achieve both simultaneously. APC is a lightweight input-level purification module that generates instance-specific counter-perturbations for each point, effectively neutralizing attacks. Leveraging clean-adversarial pairs, APC enforces geometric consistency in data space and semantic consistency in feature space. To improve generalizability across diverse attacks, we adopt a hybrid training strategy using adversarial point clouds from multiple attack types. Since APC operates purely on input point clouds, it directly transfers to unseen models and defends against attacks targeting them without retraining. At inference, a single APC forward pass provides purified point clouds with negligible time and parameter overhead. Extensive experiments on two 3D recognition benchmarks demonstrate that the APC achieves state-of-the-art defense performance. Furthermore, cross-model evaluations validate its superior transferability. The code is available at https://github.com/gyjung975/APC.