add simple spatial transform attack

[MasanoriYamada]

A simple spatial transform attack was proposed at ICML2019.

This is a simple attack that creates an adversarial example of image rotation and translation with a grid search (or random).

The advertorch already has a spatial transform attack ICLR2018 is implemented, but the simpler ICML I think adding 2019 would be useful.

If possible, I am willing to contribute to this repository and share my implementation of the method compatible with your interface later.

However, I only checked the accuracy compared with the paper using mnist. Because I only tried a random attack due to memory capacity issues, and this attack relies on random numbers

If I were to contribute, I would check for accuracy with an error bar.

[gwding]

Hi @MasanoriYamada Thanks for the suggestion. It would be really nice if you could contribute your implementation. As long as contribution contains a benchmark report like this https://github.com/BorealisAI/advertorch/blob/master/advertorch_examples/attack_benchmarks/benchmark_fast_adaptive_boundary.py it'll be useful for the community. and an error bar would be even better, which we can also incorporate into the common practice of advertorch.

[MasanoriYamada]

OK! My experiment did not replicate the accuracy of the paper in cifar10. If I can check that the values match the author's implementation of tensorflow in cifar10, I will contribute. Please wait a while longer.

[MasanoriYamada]

Just made a PR for a simple spatial transform attack! #82