Table 4 Classification accuracy on the MNIST test dataset under the gray-box attack
From: Secure machine learning against adversarial samples at test time
Attack | FGSM | C&W | BIM | DeepFool |
|---|---|---|---|---|
Original | 11% | 9% | 4% | 44% |
Adversarial training (ART) | 98% | 99% | 98% | 99% |
Robust classifier | 99% | 99% | 99% | 99% |