pith. sign in

arxiv: 2604.15708 · v1 · submitted 2026-04-17 · 💻 cs.CV

APC: Transferable and Efficient Adversarial Point Counterattack for Robust 3D Point Cloud Recognition

Geunyoung Jung , Soohong Kim , Inseok Kong , Jiyoung Jung This is my paper

Pith reviewed 2026-05-10 08:54 UTC · model grok-4.3

classification 💻 cs.CV
keywords adversarial defense3D point cloudstransferable robustnessinput purificationpoint cloud recognitionadversarial attacksrobustness
0
0 comments X

The pith

APC is a lightweight input-level module that generates per-point counter-perturbations to neutralize adversarial attacks on 3D point cloud models while transferring directly to unseen architectures.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents Adversarial Point Counterattack as a purification defense for 3D point cloud recognition systems. APC processes each input point cloud to produce instance-specific counter-perturbations that restore geometric structure in data space and semantic alignment in feature space. Training draws on clean-adversarial pairs collected from several different attack methods to promote generalization. Because the module modifies only the input points and leaves the downstream classifier untouched, it applies to new models without any retraining step. Experiments on standard benchmarks show that this approach reaches top defense accuracy and maintains performance under cross-model transfer.

Core claim

APC shows that an input-level purification module can neutralize adversarial perturbations on point clouds by learning to output counter-perturbations for each point, trained through geometric consistency in data space and semantic consistency in feature space on clean-adversarial pairs drawn from multiple attack types.

What carries the argument

Adversarial Point Counterattack (APC), an input-level module that computes instance-specific counter-perturbations to enforce geometric and semantic consistency on clean-adversarial point cloud pairs.

If this is right

  • APC reaches state-of-the-art defense performance on two 3D point cloud recognition benchmarks.
  • APC exhibits superior transferability when evaluated across different model architectures without retraining.
  • APC adds only a single forward pass with negligible extra time and parameter cost at inference.
  • Hybrid training on multiple attack types improves the module's ability to handle diverse perturbations.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The input-only design could allow APC to serve as a plug-in defense layer in deployed 3D systems such as autonomous navigation without changing the underlying recognition network.
  • The hybrid training strategy indicates that exposing the purifier to attack diversity during learning may help against future unknown threats in other data modalities.
  • Because APC operates before any model-specific processing, it could be stacked with existing model-level defenses to create layered protection for point cloud pipelines.

Load-bearing premise

Enforcing geometric consistency in data space and semantic consistency in feature space using clean-adversarial pairs from multiple attack types will generalize to unseen attacks and models.

What would settle it

A cross-model test in which APC-purified point clouds from a previously unseen attack type produce classification accuracy no higher than the raw adversarial inputs on a held-out 3D recognition architecture.

Figures

Figures reproduced from arXiv: 2604.15708 by Geunyoung Jung, Inseok Kong, Jiyoung Jung, Soohong Kim.

Figure 1
Figure 1. Figure 1: Overall pipeline of APC training and inference. Given an adversarial point cloud [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Adversarial accuracies of IAPC on in-attack and out [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Visualization of clean, adversarial, and purified exam [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗
read the original abstract

The advent of deep neural networks has led to remarkable progress in 3D point cloud recognition, but they remain vulnerable to adversarial attacks. Although various defense methods have been studied, they suffer from a trade-off between robustness and transferability. We propose Adversarial Point Counterattack (APC) to achieve both simultaneously. APC is a lightweight input-level purification module that generates instance-specific counter-perturbations for each point, effectively neutralizing attacks. Leveraging clean-adversarial pairs, APC enforces geometric consistency in data space and semantic consistency in feature space. To improve generalizability across diverse attacks, we adopt a hybrid training strategy using adversarial point clouds from multiple attack types. Since APC operates purely on input point clouds, it directly transfers to unseen models and defends against attacks targeting them without retraining. At inference, a single APC forward pass provides purified point clouds with negligible time and parameter overhead. Extensive experiments on two 3D recognition benchmarks demonstrate that the APC achieves state-of-the-art defense performance. Furthermore, cross-model evaluations validate its superior transferability. The code is available at https://github.com/gyjung975/APC.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper proposes Adversarial Point Counterattack (APC), a lightweight input-level purification module for 3D point cloud recognition models. APC generates instance-specific counter-perturbations on adversarial inputs by training on clean-adversarial pairs, enforcing geometric consistency in data space and semantic consistency in feature space. A hybrid training strategy incorporates adversarial examples from multiple attack types to improve generalizability. Because APC operates solely on the input point cloud, it transfers directly to unseen models and attacks without retraining or model modification. Experiments on two 3D benchmarks claim state-of-the-art defense performance and superior cross-model transferability, with negligible parameter and runtime overhead. Code is provided.

Significance. If the empirical claims hold, APC offers a practical, model-agnostic defense that simultaneously improves robustness and transferability for 3D point clouds—an area where prior methods often trade one for the other. The input-level design and low overhead make it deployable on existing pipelines. Releasing code supports reproducibility and follow-up work on consistency-based purification.

major comments (3)
  1. [§3.3] §3.3 (hybrid training): The claim that training on multiple attack types yields generalization to unseen attacks is central to the transferability results, yet no ablation isolates the contribution of each attack type or quantifies performance drop when one type is removed; this leaves the generalizability argument under-supported.
  2. [§4.3] §4.3 (cross-model transfer): The transferability evaluation reports superior performance, but does not specify whether the source attacks used to generate the clean-adversarial pairs are white-box or black-box with respect to the target models; without this, it is unclear whether the reported gains reflect true unseen-model transfer or partial leakage.
  3. [Table 2] Table 2 (defense accuracy): The SOTA claim rests on these numbers, but the paper does not report standard deviations across random seeds or statistical tests against the strongest baseline; small margins could be within noise and would weaken the performance conclusion.
minor comments (2)
  1. [Abstract] The abstract states results on “two 3D recognition benchmarks” without naming them; adding the dataset names (e.g., ModelNet40, ShapeNet) would improve immediate clarity.
  2. [§3.2] Notation for the geometric and semantic consistency losses is introduced in §3.2 but the precise weighting hyper-parameters and their sensitivity are only mentioned in passing; a short table of default values would aid reproduction.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback. We address each major comment below with clarifications and proposed changes to strengthen the manuscript.

read point-by-point responses

  1. Referee: [§3.3] §3.3 (hybrid training): The claim that training on multiple attack types yields generalization to unseen attacks is central to the transferability results, yet no ablation isolates the contribution of each attack type or quantifies performance drop when one type is removed; this leaves the generalizability argument under-supported.

    Authors: We agree that an explicit ablation would better substantiate the role of hybrid training. In the revised manuscript we will add an ablation study that trains APC on single attack types and on all-but-one subsets, reporting the resulting drop in defense accuracy on held-out attack types. This will quantify the incremental benefit of each attack type and directly support the generalizability claim. revision: yes

  2. Referee: [§4.3] §4.3 (cross-model transfer): The transferability evaluation reports superior performance, but does not specify whether the source attacks used to generate the clean-adversarial pairs are white-box or black-box with respect to the target models; without this, it is unclear whether the reported gains reflect true unseen-model transfer or partial leakage.

    Authors: We thank the referee for highlighting this ambiguity. The clean-adversarial pairs are generated by white-box attacks (PGD, FGSM, etc.) on the source model used to train APC. Because the target models in the cross-model experiments are completely disjoint and unseen during APC training, the same attacks are black-box with respect to every target model. We will add an explicit statement of this setup in the revised §4.3 to confirm that the transfer results reflect genuine cross-model generalization. revision: yes

  3. Referee: [Table 2] Table 2 (defense accuracy): The SOTA claim rests on these numbers, but the paper does not report standard deviations across random seeds or statistical tests against the strongest baseline; small margins could be within noise and would weaken the performance conclusion.

    Authors: We acknowledge that reporting variability and statistical significance would strengthen the empirical claims. In the revision we will recompute all entries in Table 2 over multiple random seeds and include standard deviations. We will also add paired statistical tests (e.g., t-tests) against the strongest baseline to verify that the observed margins are statistically significant. revision: yes

Circularity Check

0 steps flagged

No circularity: APC is a trained purification module with independent empirical validation

full rationale

The derivation chain consists of defining a new lightweight input-level module APC, training it on clean-adversarial pairs to enforce geometric and semantic consistency, and using hybrid training across attack types for generalizability. These steps are presented as design choices and training procedures, not as predictions or results that reduce by construction to the inputs. No self-definitional equations, fitted parameters renamed as predictions, or load-bearing self-citations appear in the provided abstract or description. The transferability claim is supported by cross-model evaluations rather than imported uniqueness theorems. The method remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Since only the abstract is available, no specific free parameters, axioms, or invented entities can be identified from the text.

pith-pipeline@v0.9.0 · 5509 in / 1047 out tokens · 29066 ms · 2026-05-10T08:54:15.520127+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages

  1. [1]

    Point convolutional neural networks by extension operators.ACM Trans

    Matan Atzmon, Haggai Maron, and Yaron Lipman. Point convolutional neural networks by extension operators.ACM Trans. Graph., 37(4), 2018. 2

    work page 2018

  2. [2]

    Towards evaluating the robustness of neural networks

    Nicholas Carlini and David Wagner. Towards evaluating the robustness of neural networks. In2017 IEEE Symposium on Security and Privacy (SP), pages 39–57, 2017. 2

    work page 2017

  3. [3]

    Certified adversarial robustness via randomized smoothing

    Jeremy Cohen, Elan Rosenfeld, and Zico Kolter. Certified adversarial robustness via randomized smoothing. InPro- ceedings of the 36th International Conference on Machine Learning, pages 1310–1320. PMLR, 2019. 1

    work page 2019

  4. [4]

    Iterativepfn: True it- erative point cloud filtering

    Dasith de Silva Edirimuni, Xuequan Lu, Zhiwen Shao, Gang Li, Antonio Robles-Kelly, and Ying He. Iterativepfn: True it- erative point cloud filtering. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 13530–13539, 2023. 3

    work page 2023

  5. [5]

    Self-robust 3d point recognition via gather-vector guidance

    Xiaoyi Dong, Dongdong Chen, Hang Zhou, Gang Hua, Weiming Zhang, and Nenghai Yu. Self-robust 3d point recognition via gather-vector guidance. InIEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2020. 1

    work page 2020

  6. [6]

    Haoqiang Fan, Hao Su, and Leonidas J. Guibas. A point set generation network for 3d object reconstruction from a single image. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2017. 4

    work page 2017

  7. [7]

    Goodfellow, Jonathon Shlens, and Christian Szegedy

    Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples, 2015. 2

    work page 2015

  8. [8]

    Advpc: Transferable adversarial perturbations on 3d point clouds

    Abdullah Hamdi, Sara Rojas, Ali Thabet, and Bernard Ghanem. Advpc: Transferable adversarial perturbations on 3d point clouds. InEuropean Conference on Computer Vi- sion (ECCV), pages 241–257, 2020. 2, 6

    work page 2020

  9. [9]

    Shape-invariant 3d adver- sarial point clouds

    Qidong Huang, Xiaoyi Dong, Dongdong Chen, Hang Zhou, Weiming Zhang, and Nenghai Yu. Shape-invariant 3d adver- sarial point clouds. InProceedings of the IEEE/CVF Confer- ence on Computer Vision and Pattern Recognition (CVPR), pages 15335–15344, 2022. 1, 2, 6

    work page 2022

  10. [10]

    Causalpc: Improving the robustness of point cloud classification by causal effect iden- tification

    Yuanmin Huang, Mi Zhang, Daizong Ding, Erling Jiang, Zhaoxiang Wang, and Min Yang. Causalpc: Improving the robustness of point cloud classification by causal effect iden- tification. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 19779–19789, 2024. 1, 3, 6

    work page 2024

  11. [11]

    Benchmarking and analyzing robust point cloud recognition: Bag of tricks for defending adver- sarial examples

    Qiufan Ji, Lin Wang, Cong Shi, Shengshan Hu, Yingying Chen, and Lichao Sun. Benchmarking and analyzing robust point cloud recognition: Bag of tricks for defending adver- sarial examples. InProceedings of the IEEE/CVF Interna- tional Conference on Computer Vision (ICCV), pages 4295– 4304, 2023. 1, 2, 3, 5, 6

    work page 2023

  12. [12]

    Minimal adversarial examples for deep learning on 3d point clouds

    Jaeyeon Kim, Binh-Son Hua, Thanh Nguyen, and Sai-Kit Yeung. Minimal adversarial examples for deep learning on 3d point clouds. InProceedings of the IEEE/CVF Interna- tional Conference on Computer Vision (ICCV), pages 7797– 7806, 2021. 1, 2

    work page 2021

  13. [13]

    Pointcnn: Convolution on x-transformed points

    Yangyan Li, Rui Bu, Mingchao Sun, Wei Wu, Xinhan Di, and Baoquan Chen. Pointcnn: Convolution on x-transformed points. InAdvances in Neural Information Processing Sys- tems, 2018. 2

    work page 2018

  14. [14]

    Extending adversarial attacks and defenses to deep 3d point cloud classifiers

    Daniel Liu, Ronald Yu, and Hao Su. Extending adversarial attacks and defenses to deep 3d point cloud classifiers. In 2019 IEEE International Conference on Image Processing (ICIP), pages 2279–2283, 2019. 1, 2, 3, 6

    work page 2019

  15. [15]

    Adversarial shape per- turbations on 3d point clouds

    Daniel Liu, Ronald Yu, and Hao Su. Adversarial shape per- turbations on 3d point clouds. InEuropean Conference on Computer Vision (ECCV) Workshops, pages 88–104, 2020. 2

    work page 2020

  16. [16]

    Point- guard: Provably robust 3d point cloud classification

    Hongbin Liu, Jinyuan Jia, and Neil Zhenqiang Gong. Point- guard: Provably robust 3d point cloud classification. InPro- ceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 6186–6195, 2021. 1, 3

    work page 2021

  17. [17]

    Towards robust neural networks via random self- ensemble

    Xuanqing Liu, Minhao Cheng, Huan Zhang, and Cho-Jui Hsieh. Towards robust neural networks via random self- ensemble. InComputer Vision – ECCV 2018, pages 381– 397, 2018. 1

    work page 2018

  18. [18]

    Relation-shape convolutional neural network for point cloud analysis

    Yongcheng Liu, Bin Fan, Shiming Xiang, and Chunhong Pan. Relation-shape convolutional neural network for point cloud analysis. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2019. 2

    work page 2019

  19. [19]

    Hide in thicket: Gener- ating imperceptible and rational adversarial perturbations on 3d point clouds

    Tianrui Lou, Xiaojun Jia, Jindong Gu, Li Liu, Siyuan Liang, Bangyan He, and Xiaochun Cao. Hide in thicket: Gener- ating imperceptible and rational adversarial perturbations on 3d point clouds. InProceedings of the IEEE/CVF Confer- ence on Computer Vision and Pattern Recognition (CVPR), pages 24326–24335, 2024. 1, 2, 6

    work page 2024

  20. [20]

    Pointdrop: Improving object detection from sparse point clouds via ad- versarial data augmentation

    Wenxin Ma, Jian Chen, Qing Du, and Wei Jia. Pointdrop: Improving object detection from sparse point clouds via ad- versarial data augmentation. In2020 25th International Con- ference on Pattern Recognition (ICPR), pages 10004–10009,

    work page

  21. [21]

    Denoising point clouds in latent space via graph convolution and in- vertible neural network

    Aihua Mao, Biao Yan, Zijing Ma, and Ying He. Denoising point clouds in latent space via graph convolution and in- vertible neural network. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 5768–5777, 2024. 3

    work page 2024

  22. [22]

    Convolutional occupancy networks

    Songyou Peng, Michael Niemeyer, Lars Mescheder, Marc Pollefeys, and Andreas Geiger. Convolutional occupancy networks. InEuropean Conference on Computer Vision (ECCV), pages 523–540, 2020. 3

    work page 2020

  23. [23]

    Qi, Hao Su, Kaichun Mo, and Leonidas J

    Charles R. Qi, Hao Su, Kaichun Mo, and Leonidas J. Guibas. Pointnet: Deep learning on point sets for 3d classification and segmentation. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 652–660, 2017. 2, 5, 6

    work page 2017

  24. [24]

    Pointnet++: Deep hierarchical feature learning on point sets in a metric space

    Charles Ruizhongtai Qi, Li Yi, Hao Su, and Leonidas J Guibas. Pointnet++: Deep hierarchical feature learning on point sets in a metric space. InAdvances in Neural Informa- tion Processing Systems, 2017. 2, 6

    work page 2017

  25. [25]

    Min- ing point cloud local structures by kernel correlation and graph pooling

    Yiru Shen, Chen Feng, Yaoqing Yang, and Dong Tian. Min- ing point cloud local structures by kernel correlation and graph pooling. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. 2

    work page 2018

  26. [26]

    Dynamic edge- conditioned filters in convolutional neural networks on graphs

    Martin Simonovsky and Nikos Komodakis. Dynamic edge- conditioned filters in convolutional neural networks on graphs. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2017. 2

    work page 2017

  27. [27]

    Intriguing properties of neural networks

    Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks. InProceedings of the International Conference on Learning Representa- tions(ICLR), 2014. 2

    work page 2014

  28. [28]

    Qi, Jean-Emmanuel Deschaud, Beatriz Marcotegui, Francois Goulette, and Leonidas J

    Hugues Thomas, Charles R. Qi, Jean-Emmanuel Deschaud, Beatriz Marcotegui, Francois Goulette, and Leonidas J. Guibas. Kpconv: Flexible and deformable convolution for point clouds. InProceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2019. 2

    work page 2019

  29. [29]

    Robust adversarial objects against deep learning models

    Tzungyu Tsai, Kaichen Yang, Tsung-Yi Ho, and Yier Jin. Robust adversarial objects against deep learning models. Proceedings of the AAAI Conference on Artificial Intelli- gence, 34:954–962, 2020. 1, 2, 6

    work page 2020

  30. [30]

    Physically realizable adversarial examples for lidar object detection

    James Tu, Mengye Ren, Sivabalan Manivasagam, Ming Liang, Bin Yang, Richard Du, Frank Cheng, and Raquel Ur- tasun. Physically realizable adversarial examples for lidar object detection. InIEEE/CVF Conference on Computer Vi- sion and Pattern Recognition (CVPR), 2020. 1, 2, 3, 6

    work page 2020

  31. [31]

    Revisiting point cloud classification: A new benchmark dataset and classification model on real-world data

    Mikaela Angelina Uy, Quang-Hieu Pham, Binh-Son Hua, Thanh Nguyen, and Sai-Kit Yeung. Revisiting point cloud classification: A new benchmark dataset and classification model on real-world data. InProceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2019. 6

    work page 2019

  32. [32]

    Sarma, Michael M

    Yue Wang, Yongbin Sun, Ziwei Liu, Sanjay E. Sarma, Michael M. Bronstein, and Justin M. Solomon. Dynamic graph cnn for learning on point clouds.ACM Trans. Graph., 38(5), 2019. 2, 5, 6

    work page 2019

  33. [33]

    Yuxin Wen, Jiehong Lin, Ke Chen, C. L. Philip Chen, and Kui Jia. Geometry-aware generation of adversarial point clouds.IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(6):2984–2999, 2022. 1, 2, 6

    work page 2022

  34. [34]

    Pointconv: Deep convolutional networks on 3d point clouds

    Wenxuan Wu, Zhongang Qi, and Li Fuxin. Pointconv: Deep convolutional networks on 3d point clouds. InProceedings of the IEEE/CVF Conference on Computer Vision and Pat- tern Recognition (CVPR), 2019. 2

    work page 2019

  35. [35]

    3d shapenets: A deep representation for volumetric shapes

    Zhirong Wu, Shuran Song, Aditya Khosla, Fisher Yu, Lin- guang Zhang, Xiaoou Tang, and Jianxiong Xiao. 3d shapenets: A deep representation for volumetric shapes. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2015. 5, 6

    work page 2015

  36. [36]

    Ziyi Wu, Yueqi Duan, He Wang, Qingnan Fan, and Leonidas J. Guibas. If-defense: 3d adversarial point cloud defense via implicit function based restoration, 2021. 1, 3, 6

    work page 2021

  37. [37]

    Qi, and Bo Li

    Chong Xiang, Charles R. Qi, and Bo Li. Generating 3d adversarial point clouds. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2019. 1, 2, 6

    work page 2019

  38. [38]

    Grid-gcn for fast and scalable point cloud learning

    Qiangeng Xu, Xudong Sun, Cho-Ying Wu, Panqu Wang, and Ulrich Neumann. Grid-gcn for fast and scalable point cloud learning. InIEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2020. 2

    work page 2020

  39. [39]

    Pu-net: Point cloud upsampling network

    Lequan Yu, Xianzhi Li, Chi-Wing Fu, Daniel Cohen-Or, and Pheng-Ann Heng. Pu-net: Point cloud upsampling network. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. 3

    work page 2018

  40. [40]

    Pointcloud saliency maps

    Tianhang Zheng, Changyou Chen, Junsong Yuan, Bo Li, and Kui Ren. Pointcloud saliency maps. InProceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2019. 1, 2, 6

    work page 2019

  41. [41]

    Dup-net: Denoiser and up- sampler network for 3d adversarial point clouds defense

    Hang Zhou, Kejiang Chen, Weiming Zhang, Han Fang, Wenbo Zhou, and Nenghai Yu. Dup-net: Denoiser and up- sampler network for 3d adversarial point clouds defense. In Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2019. 1, 3, 6

    work page 2019

  42. [42]

    U-CAN: Unsupervised point cloud denoising with consistency-aware noise2noise match- ing

    Junsheng Zhou, XingYu Shi, Haichuan Song, Yi Fang, Yu- Shen Liu, and Zhizhong Han. U-CAN: Unsupervised point cloud denoising with consistency-aware noise2noise match- ing. InThe Thirty-ninth Annual Conference on Neural Infor- mation Processing Systems, 2025. 3

    work page 2025