I was trying to reproduce the results of the paper. Can you suggest how do I get the results for the CW attack ?

Hi @a7b23,

I did not have time to convert my CW attack implementation from a mess of Jupyter Notebooks into proper code for this repository. I suggest using the Cleverhans repository, which has a very nice, clean implementation of the CW L2 attack. See "CarliniWagnerL2" class here: https://github.com/tensorflow/cleverhans/blob/master/cleverhans/attacks.py

If anyone would like to contribute to this repository and add the Carlini & Wagner L2 attack here, it would be greatly appreciated.

Hi Reuben, nice work here!
My code for ICLR 2018 paper "Characterizing adversarial subspaces using local intrinsic dimensionality", has included the BU, KD measures along with the CW attack (and other attacks). I used your code for BU and KD, and have provided a reference link to this repository. https://github.com/xingjunm/lid_adversarial_subspace_detection

@xingjunm thank you for using our code and for referencing the repository. At the moment, I don't have time to update this repository with your CW attack code, but I appreciate the pointer and may use it in the future. If you'd like to submit a PR, I'd be happy to review.