Skip to main content
EURASIP Journal on Information Security

Table 3 Classification error (%) on the first 1000 test samples (CIFAR-10) for the gray-box OnePixel transferability attacks from a multi-channel model to a multi-channel model under different keys

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data type

KDA with different keys

 

# channels · # classifiers

 

3

6

9

VGG16

Original

12.6

11.2

10.5

OnePixel p=1

13.07

10.98

10.4

OnePixel p=3

12.72

11.37

10.3

OnePixel p=5

12.6

11.35

10.8

ResNet18

Original

9.95

8.4

7.7

OnePixel p=1

9.75

8.17

7.8

OnePixel p=3

10

8.35

7.8

OnePixel p=5

10.38

8.39

8.1

Back to article page