Skip to main content

Table 3 Classification error (%) on the first 1000 test samples (CIFAR-10) for the gray-box OnePixel transferability attacks from a multi-channel model to a multi-channel model under different keys

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeKDA with different keys
 # channels · # classifiers
 369
VGG16
Original12.611.210.5
OnePixel p=113.0710.9810.4
OnePixel p=312.7211.3710.3
OnePixel p=512.611.3510.8
ResNet18
Original9.958.47.7
OnePixel p=19.758.177.8
OnePixel p=3108.357.8
OnePixel p=510.388.398.1