This paper proposes a randomization-based method to mitigate adversarial effects in convolutional neural networks (CNNs). Adversarial examples, which are imperceptible perturbations to clean images, can cause CNNs to misclassify images. The proposed method introduces two randomization operations at inference time: random resizing and random padding. These operations randomly alter the input image size and padding, making it difficult for adversarial perturbations to transfer across different transformations. The method is effective against both single-step and iterative adversarial attacks, and it requires no additional training or fine-tuning, making it easy to implement. The proposed method is combined with an adversarially trained model to achieve a normalized score of 0.924 in the NIPS 2017 adversarial examples defense challenge, ranking second among 107 defense teams. This is significantly better than using adversarial training alone, which achieved a normalized score of 0.773. The method is compatible with various network structures and adversarial defense methods, and it performs well on both clean and adversarial images. The randomization layers introduce minimal computational overhead and do not significantly affect the performance of the network on clean images. The paper also evaluates the effectiveness of the randomization method against different attack scenarios, including vanilla, single-pattern, and ensemble-pattern attacks. The results show that the randomization method significantly mitigates adversarial effects, especially for iterative attacks. Additionally, the paper compares the proposed method with other randomization techniques, such as random brightness, saturation, hue, and contrast, and finds that the proposed method is more effective in defending against adversarial examples. The randomization method is also tested with smaller input sizes, and it is found to be slightly less effective than using larger input sizes. However, it still performs well in mitigating adversarial effects. The paper also evaluates the effect of the number of iterations on the performance of the defense model, finding that increasing the number of iterations can slightly improve the accuracy on clean images and adversarial examples generated under certain attack scenarios. Overall, the proposed randomization method is a simple and effective way to defend against adversarial examples in CNNs.This paper proposes a randomization-based method to mitigate adversarial effects in convolutional neural networks (CNNs). Adversarial examples, which are imperceptible perturbations to clean images, can cause CNNs to misclassify images. The proposed method introduces two randomization operations at inference time: random resizing and random padding. These operations randomly alter the input image size and padding, making it difficult for adversarial perturbations to transfer across different transformations. The method is effective against both single-step and iterative adversarial attacks, and it requires no additional training or fine-tuning, making it easy to implement. The proposed method is combined with an adversarially trained model to achieve a normalized score of 0.924 in the NIPS 2017 adversarial examples defense challenge, ranking second among 107 defense teams. This is significantly better than using adversarial training alone, which achieved a normalized score of 0.773. The method is compatible with various network structures and adversarial defense methods, and it performs well on both clean and adversarial images. The randomization layers introduce minimal computational overhead and do not significantly affect the performance of the network on clean images. The paper also evaluates the effectiveness of the randomization method against different attack scenarios, including vanilla, single-pattern, and ensemble-pattern attacks. The results show that the randomization method significantly mitigates adversarial effects, especially for iterative attacks. Additionally, the paper compares the proposed method with other randomization techniques, such as random brightness, saturation, hue, and contrast, and finds that the proposed method is more effective in defending against adversarial examples. The randomization method is also tested with smaller input sizes, and it is found to be slightly less effective than using larger input sizes. However, it still performs well in mitigating adversarial effects. The paper also evaluates the effect of the number of iterations on the performance of the defense model, finding that increasing the number of iterations can slightly improve the accuracy on clean images and adversarial examples generated under certain attack scenarios. Overall, the proposed randomization method is a simple and effective way to defend against adversarial examples in CNNs.