Making Deep Learning Robust to Real-World Adversarial Examples

Deep neural networks (DNNs) have achieved state-of-the-art performance in many real-world applications but remain critically vulnerable to adversarial examples—inputs containing imperceptible perturbations that mislead models into making incorrect predictions. This thesis investigates the underlying causes of such vulnerabilities and proposes multi-layered defence strategies to enhance robustness. Three complementary approaches are developed: (1) a Gradient Modelling-Based Neutralisation method that uses the statistical distribution of DNN gradients to suppress adversarial noise; (2) hybrid architectures that integrate wavelet scattering features with deep representations, including a region-of-interest aware 3D ResNet for medical imaging; and (3) the Adversarial Awareness Score, which detects adversarial inputs and guides adaptive regularisation during training. Experimental validation across large-scale natural image datasets and clinical CT/MRI scans demonstrates that the proposed methods improve resilience against a wide spectrum of attacks while maintaining strong accuracy on clean data. The findings advance understanding of adversarial vulnerability and provide practical, reproducible techniques for deploying trustworthy AI in safety-critical domains such as autonomous driving and healthcare.