Skip to main content

Table 6 Classification error (%) on the first 1000 test samples (CIFAR-10) for the multi-channel system against the direct black-box OnePixel attacks with randomly selected channels (the average results over 10 runs)

From: Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

Data typeAttacked KDA
 # channels · # classifiers
 357
VGG16
Original11.79.59.3
OnePixel p=111.39.69
OnePixel p=311.59.88.9
OnePixel p=51210.69.4
ResNet18
Original11.19.78.8
OnePixel p=111.19.28.9
OnePixel p=311.49.68.8
OnePixel p=510.99.89.1