Deep neural networks are vulnerable to adversarial attacks, limiting their deployment in safety-critical applications. To address this, we propose a two-stage robustification method that synergistically leverages spatial and frequency domains. First, discrete wavelet transform (DWT) decomposes input images into multi-scale frequency components, enabling explicit identification and localization of high-frequency adversarial perturbations. Second, we design a Transformer-based frequency-aware denoising network, jointly optimized with the classifier to suppress adversarial noise while preserving discriminative features. Our approach innovatively integrates DWT’s interpretable frequency decomposition with the Transformer’s long-range dependency modeling, facilitating adaptive fusion of spatial and frequency-domain representations. Extensive experiments on MNIST, CIFAR-10, and Fashion-MNIST demonstrate that our method significantly improves robust accuracy under diverse strong adversarial attacks—including PGD, AutoAttack, and Square—outperforming state-of-the-art denoising and adversarial training baselines.

In recent times, deep neural networks (DNNs) have been successfully adopted for various applications. Despite their notable achievements, it has become evident that DNNs are vulnerable to sophisticated adversarial attacks, restricting their applications in security-critical systems. In this paper, we present two-phase training methods to tackle the attack: first, training the denoising network, and second, the deep classifier model. We propose a novel denoising strategy that integrates both spatial and frequency domain approaches to defend against adversarial attacks on images. Our analysis reveals that high-frequency components of attacked images are more severely corrupted compared to their lower-frequency counterparts. To address this, we leverage Discrete Wavelet Transform (DWT) for frequency analysis and develop a denoising network that combines spatial image features with wavelets through a transformer layer. Next, we retrain the classifier using the denoised images, which enhances the classifier's robustness against adversarial attacks. Experimental results across the MNIST, CIFAR-10, and Fashion-MNIST datasets reveal that the proposed method remarkably elevates classification accuracy, substantially exceeding the performance by utilizing a denoising network and adversarial training approaches. The code is available at https://github.com/Mayank94/Trans-Defense.