Skip to main content

Table 1 Classification error (%) on the first 1000 test samples for the gray-box C&W transferability attacks from a single-channel model to a multi-channel model

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeAttackedTransferabilityTransferability KDA
 vanillavanilla# channels · # classifiers
   369
MNIST  
Original10.90.50.50.5
C&W 21006.694.694.814.02
C&W010014.27.277.516.78
C&W99.994.772.732.282.08
Fashion-MNIST  
Original7.57.58.17.47.6
C&W210011.29.268.688.9
C&W010011.8210.419.9710
C&W99.911.599.198.528.79
CIFAR-10  
Original2120.621.219.619.5
C&W210025.0922.4221.321.04
C&W010030.7124.5823.5223.03
C&W10025.4222.821.3921.21