Mitigating Adversarial Attacks for Deep Neural Networks by Input Deformation and Augmentation.