Skip to main content

Table 2 Classification error (%) on the first 1000 test samples (CIFAR-10) for the gray-box PGD transferability attacks from a single-channel model to a multi-channel model with randomly selected channels (the average results over 10 runs)

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeAttackedTransferabilityTransferability KDA 
 vanillavanilla# channels · # classifiers 
   3579
VGG 16   
Original10.711.711.69.99.59
PGD16.115.214.2512.1611.7511
ResNet 18   
Original9.510.611.79.38.88.1
PGD17.914.914.711.2910.679.7