Skip to main content

Table 4 Classification error (%) on the first 1000 CIFAR-10 test samples for the direct black-box OnePixel attacks

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data type

Attacked

Attacked KDA

 

vanilla

# channels · # classifiers

  

3

6

9

VGG16

 

Original

10.7

11

9.2

8.9

OnePixel p=1

58.04

11

9.5

8.7

OnePixel p=3

72.13

10.9

8.9

8.3

OnePixel p=5

79.02

12.1

9.3

9.1

ResNet18

 

Original

9.5

11.1

9.1

7.8

OnePixel p=1

36.96

11.5

9

7.7

OnePixel p=3

49.85

11.5

9.1

7.8

OnePixel p=5

59.74

11.7

9.2

7.8