Add a wrapper for evasion attacks from foolbox library

Foolbox is a Python library that implements different adversarial attacks. We can include a wrapper to use their classes in our framework.

They recently released version 3 of the library, named foolbox native, which "has been rewritten from scratch using EagerPy instead of NumPy to achieve native performance on models developed in PyTorch, TensorFlow and JAX, all with one code base.". We should evaluate if this could create any conflict with our dependencies.

The minimal list of attacks to support:

• CAttackEvasionFGSM (Fast Gradient Sign Method)
• CAttackEvasionCarliniWagnerL2

Implementation plan (to be completed)

• Add foolbox as an extra dependency
• Set up a new package adv.attacks.evasion.foolbox
• Create a new CAttackEvasionFoolbox class that inherits from CAttackEvasion
• Create a specific class CAttackEvasionXXX for each implementation
• Create tests for each wrapped attack (e.g., compare advx computed using foolbox with and without wrapper).

Checklist of missing tasks

• Define tests
• Test the wrapper on GPU
• Handle optional dependencies (PyTorch and Foolbox)
• Add other attacks for which we can define the optimization function (FGM, BIM, Deepfool, EAD, BB)
• Define a tutorial notebook for users
• Remove duplicated code where possible
• Fix f_opt taking the last point instead of the best
• Uniform order for input params
• Add docstrings to all attacks
• Code and docstrings cleanup
• Add docstrings to Secml Autograd modules

REFS

• https://github.com/bethgelab/foolbox
• https://foolbox.readthedocs.io/en/stable/index.html