Skip to main content

Table 5 Classification error (%) on the first 1000 test samples for the gray-box C&W transferability attacks from a single-channel model to a multi-channel model with randomly selected channels (the average results over 10 runs)

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeTransferability KDA
 # channels · # classifiers
 357
MNIST
Original0.60.50.6
C&W25.064.774.44
C&W07.777.37.12
C&W3.413.122.77
Fashion-MNIST
Original8.28.28.1
C&W29.49.18.84
C&W010.5810.5210.27
C&W9.339.098.83
CIFAR-10
Original21.220.519.9
C&W222.9221.2221.1
C&W027.8225.4624.33
C&W24.5722.3321.86