Existing defense methods exhibit insufficient robustness against physically realizable patch- and texture-based adversarial attacks, particularly under adaptive threat models. This work proposes Adversarial Spectral Defense (ASD), which introduces multi-resolution spectral analysis into adversarial defense for the first time. ASD leverages discrete wavelet transform to decompose inputs into multi-scale spectral components, jointly capturing high-frequency detail perturbations and low-frequency global distortions. By integrating this spectral representation with adversarial training (AT), ASD establishes a comprehensive defense framework. Under strong adaptive attacks, the combined ASD+AT approach substantially enhances model robustness, achieving an average accuracy improvement of 21.73% over current state-of-the-art methods and establishing a new performance benchmark.

Adversarial examples present significant challenges to the security of Deep Neural Network (DNN) applications. Specifically, there are patch-based and texture-based attacks that are usually used to craft physical-world adversarial examples, posing real threats to security-critical applications such as person detection in surveillance and autonomous systems, because those attacks are physically realizable. Existing defense mechanisms face challenges in the adaptive attack setting, i.e., the attacks are specifically designed against them. In this paper, we propose Adversarial Spectrum Defense (ASD), a defense mechanism that leverages spectral decomposition via Discrete Wavelet Transform (DWT) to analyze adversarial patterns across multiple frequency scales. The multi-resolution and localization capability of DWT enables ASD to capture both high-frequency (fine-grained) and low-frequency (spatially pervasive) perturbations. By integrating this spectral analysis with the off-the-shelf Adversarial Training (AT) model, ASD provides a comprehensive defense strategy against both patch-based and texture-based adversarial attacks. Extensive experiments demonstrate that ASD+AT achieved state-of-the-art (SOTA) performance against various attacks, outperforming the APs of previous defense methods by 21.73%, in the face of strong adaptive adversaries specifically designed against ASD. Code available at https://github.com/weiz0823/adv-spectral-defense .