Fooling deep learning systems with adversarial input have revel a surprising vulnerability of the systems in multiple domains. Many studies on deep neural networks have shown very promising results for most image recognition tasks. However, these networks can often be fooled by adversarial examples that simply add small but powerful distortions to the original input. Recent works have demonstrated the vulnerability of deep learning systems to adversarial examples. Therefore, how to defend the adversarial attacks and how to develop a more robust attacks are become an iterative game. In this thesis, I design two attack methods and one defense method for image recognition domain and speech recognition domain. Our first work propose a robust adversarial image attack to fool image classifier in the physical world. We find that although some existing works proposed an Expectation Over Transformation (EoT) based algorithm to achieve physical attack, they can only achieve the physical attacks for a specified classifier. Besides, due to the high sample collection pressure of the EoT method, how to utilize them more efficiently requires more research efforts. In this thesis, to alleviate the sample collection pressure, we first propose an Adversarial Fast Autoaugmentation (AFA) method, which efficiently simplifies the collection process of training samples. Then we propose the AFA-based multi-sample ensemble method (AFA-MSEM) and AFA-based most-likely ensemble method (AFA-MLEM) to craft robust AEs that effectively fool the image classifier in both the digital and physical worlds. Additionally, we proposed an adaptive norm algorithm, which can speed up the AE generation and further minimize the perturbation size during the attack process. Moreover, we extend the proposed AFA-MLEM to combine with a weighted objective function to craft transferable physical AEs that can achieve multiple image classifiers (Inception-v3, Inception-v4, Resnet-v2, Ince-res-v2) misclassification in the real world. For the second work, we propose a robust adversarial patch attack for targeting the Automatic Speech Recognition (ASR) systems. Existing methods that generate audio adversarial examples targeting ASR models cannot achieve successful robust attacks against defense methods. In this thesis, we propose a novel framework for robust audio patch attacks using Physical Sample Simulation (PSS) and Adversarial Patch Noise Generation (APNG). First, the proposed PSS simulated real-audio with selected room impulse response for training the adversarial patches. Second, the proposed APNG generates the imperceptible audio adversarial patch examples using the voice activity detector to hide the adversarial patch noise into the non-silent locations of the input audio. Furthermore, the design Sounds Pressure Level-based adaptive noise minimization algorithm helps us further degrade the perturbation during the attack. Finally, for ASR systems, the advanced detection methods against adversarial attacks mainly focus on pre-processing the input audio to alleviate the threat of adversarial noise. Although these methods could detect some simplex adversarial attacks, they fail to handle robust complex attacks especially when the attacker knows the detection details. In this thesis, we develop our defense to tackle the adversarial examples, those who can not achieve transferability attacks. This thiese proposes an adaptive defense framework for detecting adaptive audio adversarial examples, which consists of two mechanisms: 1) an unified pre-processing mechanism is designed to destroy the continuity and transferability; 2) an adaptive automatic speech recognition (ASR) transcribing strategy is proposed to further enhance the robustness of our defense framework. Particularly, our proposed framework is easily embedded into any ASR system without requiring additional retraining or modification.