Frequency-based methods for improving the imperceptibility and transferability of adversarial examples

Requirements

Generate adversarial examples

Using FSD_MIM.py to generate highly transferable adversarial examples, you can run this attack as following
```
CUDA_VISIBLE_DEVICES=gpuid python FSD_MIM.py --output_dir outputs
```
where gpuid can be set to any free GPU ID in your machine. And adversarial examples will be generated in directory ./outputs.
Evaluations on normally trained models

Running verify.py to evaluate the attack success rate
```
CUDA_VISIBLE_DEVICES=gpuid python verify.py
```

Number of augmented copies is set to 5 for each iteration.