The attack.py file only generates the adversarial samples as mentioned in the paper. What is the difference in generating adversarial samples using attack.py file and directly generating using foolbox? Also, is there a script which can be used to evaluate the adversarial images?
The attack.py file only generates the adversarial samples as mentioned in the paper. What is the difference in generating adversarial samples using attack.py file and directly generating using foolbox? Also, is there a script which can be used to evaluate the adversarial images?