Skip to main content

Table 4 Classification error (%) on the first 1000 CIFAR-10 test samples for the direct black-box OnePixel attacks

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeAttackedAttacked KDA
 vanilla# channels · # classifiers
  369
VGG16 
Original10.7119.28.9
OnePixel p=158.04119.58.7
OnePixel p=372.1310.98.98.3
OnePixel p=579.0212.19.39.1
ResNet18 
Original9.511.19.17.8
OnePixel p=136.9611.597.7
OnePixel p=349.8511.59.17.8
OnePixel p=559.7411.79.27.8