From: Secure machine learning against adversarial samples at test time
Attack
FGSM
C&W
BIM
DeepFool
Original
29%
7%
Adversarial training (ART)
98%
49%
42%
Robust classifier
100%
99%