I did some research on the carlini paper which mentions the provably minimal distortion attack, and says that the CW attack is nearly optimal. I consider this to be pretty conclusive proof that the "carlini l2 attack", aka the CW untargeted attack, is pretty close to optimal.
But after talking with Josh Ackerman who specializes in adversarial examples, he mentioned another attack that he said was cutting edge: the "torch attack".
@PatrickNiccolai2 do you think you could look into that attack to see how it might be superior to carlini's attacks?
I did some research on the carlini paper which mentions the provably minimal distortion attack, and says that the CW attack is nearly optimal. I consider this to be pretty conclusive proof that the "carlini l2 attack", aka the CW untargeted attack, is pretty close to optimal.
But after talking with Josh Ackerman who specializes in adversarial examples, he mentioned another attack that he said was cutting edge: the "torch attack".
@PatrickNiccolai2 do you think you could look into that attack to see how it might be superior to carlini's attacks?