To address the high computational cost and poor scalability of adversarial robustness evaluation and enhancement for deep neural networks (DNNs), this paper proposes an efficient red-blue adversarial framework. The red team localizes vulnerabilities in seconds via gradient-sensitivity pruning and adaptive-step PGD approximation; the blue team enables lightweight, real-time defense updates through robustness-aware knowledge distillation and low-rank Jacobian compression. With near-linear time complexity, our method achieves, for the first time on ImageNet-scale models, a 47× speedup in robustness evaluation and a 23× acceleration in adversarial training, while improving Top-1 robust accuracy by 8.2% without sacrificing standard accuracy. The core contribution lies in a scalable, co-designed evaluation–enhancement paradigm that jointly optimizes efficiency and robustness.

With deep neural networks (DNNs) increasingly embedded in modern society, ensuring their safety has become a critical and urgent issue. In response, substantial efforts have been dedicated to the red-blue adversarial framework, where the red team focuses on identifying vulnerabilities in DNNs and the blue team on mitigating them. However, existing approaches from both teams remain computationally intensive, constraining their applicability to large-scale models. To overcome this limitation, this thesis endeavours to provide time-efficient methods for the evaluation and enhancement of adversarial robustness in DNNs.