近年来，深度学习技术在多种任务和实际应用场景中都取得了令人瞩目的进展。然而，在正常环境下表现良好的深度学习模型在对抗环境中却很容易受到攻击。具体来说，对抗攻击者可以构造出对抗样本来欺骗模型，且在人类观察者看来无法明显区分对抗样本与正常的干净样本。随着深度学习技术的应用越来越广泛，探究如何提升模型对抗鲁棒性成为重要的研究课题。 基于这一问题，很多对抗防御策略被提出，旨在抵御潜在的对抗攻击。然而，之前的对抗防御策略中存在一些关键问题。第一，鲁棒学习相比于标准学习需要更高的样本复杂度，即更多的训练样本。第二，在对抗检测方法中，检测指标与模型特征并未很好地匹配，且无法抵御潜在的自适应攻击。第三，现有的对抗防御方法在训练中所采用的基础参数设定非常不统一，导致无法公平快速地比较不同防御策略的优劣。本文着手于解决上述这些关键问题，提出新的鲁棒学习算法以及提供系统性的实验结果。

Deep learning (DL) has obtained unprecedented progress in various tasks and real-world applications. However, a high-accuracy DL model can be vulnerable in the adversarial setting, where human-imperceptible adversarial examples are maliciously generated to mislead the model to output wrong predictions. As DL is becoming ever more prevalent, it is imperative to improve the robustness, especially in safety-critical scenarios.To this end, many adversarial defenses have been proposed against adversarial attacks. However, there exist several critical problems of adversarial defenses to be addressed. First, robust learning requires higher data complexity, or namely, more training data. Second, adversarial detection metrics do not match the feature distribution. Third, existing adversarial defenses apply inconsistent implementation details, making it inconvenient to benchmark them. This thesis addresses these problems by developing robust algorithms and performing comprehensive empirical studies.