Skip to main content

Table 1 Classification error (%) on the first 1000 test samples for the gray-box C&W transferability attacks from a single-channel model to a multi-channel model

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data type

Attacked

Transferability

Transferability KDA

 

vanilla

vanilla

# channels · # classifiers

   

3

6

9

MNIST

  

Original

1

0.9

0.5

0.5

0.5

C&W 2

100

6.69

4.69

4.81

4.02

C&W0

100

14.2

7.27

7.51

6.78

C&W

99.99

4.77

2.73

2.28

2.08

Fashion-MNIST

  

Original

7.5

7.5

8.1

7.4

7.6

C&W2

100

11.2

9.26

8.68

8.9

C&W0

100

11.82

10.41

9.97

10

C&W

99.9

11.59

9.19

8.52

8.79

CIFAR-10

  

Original

21

20.6

21.2

19.6

19.5

C&W2

100

25.09

22.42

21.3

21.04

C&W0

100

30.71

24.58

23.52

23.03

C&W

100

25.42

22.8

21.39

21.21