Towards Robust Training via Gradient-Diversified Backpropagation

Xilin He; Cheng Luo; Qinliang Lin; Weicheng Xie; Muhammad Haris Khan; Siyang Song; Linlin Shen

doi:10.1109/WACV61041.2025.00762

Towards Robust Training via Gradient-Diversified Backpropagation

Xilin He, Cheng Luo, Qinliang Lin, Weicheng Xie, Muhammad Haris Khan, Siyang Song, Linlin Shen

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

Neural networks are prone to be vulnerable to adversarial attacks and domain shifts. Adversarial-driven methods including adversarial training and adversarial augmentation, have been frequently proposed to improve the model's robustness against adversarial attacks and distribution-shifted samples. Nonetheless, recent research on adversarial attacks has cast a spotlight on the robustness lacuna against attacks targeted at deep semantic layers. Our analysis reveals that previous adversarial-driven methods tend to generate overpowering perturbations in deep semantic layers, leading to distortion of the training for these layers. This can be primarily attributed to the exclusive utilization of loss functions on the output layer for adversarial gradient generation. This inherent practice projects an excessive adversarial impact on the deep semantic layers, elevating the difficulty of training such layers. Therefore, from the standing point of relaxing the excessive perturbations in the deep semantic layer and diversifying the adversarial gradients to ensure robust training for deep semantic layers, this paper proposes a novel Stochastic Loss Integration Method (SLIM), which can be instantiated into the existing adversarial-driven methods in a plug-and-play manner. Experimental results across diverse tasks, including classification and segmentation, as well as various areas such as adversarial robustness and domain generalization, validate the effectiveness of our proposed method. Furthermore, we provide an in-depth analysis to offer a comprehensive understanding of layer-wise training involving various loss terms.

Original language	English
Title of host publication	Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	7847-7856
Number of pages	10
ISBN (Electronic)	9798331510831
DOIs	https://doi.org/10.1109/WACV61041.2025.00762
Publication status	Published - 2025
Externally published	Yes
Event	2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025 - Tucson, United States Duration: 28 Feb 2025 → 4 Mar 2025

Publication series

Name	Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025

Conference

Conference	2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025
Country/Territory	United States
City	Tucson
Period	28/02/25 → 4/03/25

Keywords

adversarial training
domain generalization

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications
Computer Vision and Pattern Recognition
Human-Computer Interaction
Modelling and Simulation
Radiology Nuclear Medicine and imaging

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/WACV61041.2025.00762

Cite this

He, X., Luo, C., Lin, Q., Xie, W., Khan, M. H., Song, S., & Shen, L. (2025). Towards Robust Training via Gradient-Diversified Backpropagation. In Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025 (pp. 7847-7856). (Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/WACV61041.2025.00762

@inproceedings{b3db1b7ff9234ea4959073e503e3fcb9,

title = "Towards Robust Training via Gradient-Diversified Backpropagation",

abstract = "Neural networks are prone to be vulnerable to adversarial attacks and domain shifts. Adversarial-driven methods including adversarial training and adversarial augmentation, have been frequently proposed to improve the model's robustness against adversarial attacks and distribution-shifted samples. Nonetheless, recent research on adversarial attacks has cast a spotlight on the robustness lacuna against attacks targeted at deep semantic layers. Our analysis reveals that previous adversarial-driven methods tend to generate overpowering perturbations in deep semantic layers, leading to distortion of the training for these layers. This can be primarily attributed to the exclusive utilization of loss functions on the output layer for adversarial gradient generation. This inherent practice projects an excessive adversarial impact on the deep semantic layers, elevating the difficulty of training such layers. Therefore, from the standing point of relaxing the excessive perturbations in the deep semantic layer and diversifying the adversarial gradients to ensure robust training for deep semantic layers, this paper proposes a novel Stochastic Loss Integration Method (SLIM), which can be instantiated into the existing adversarial-driven methods in a plug-and-play manner. Experimental results across diverse tasks, including classification and segmentation, as well as various areas such as adversarial robustness and domain generalization, validate the effectiveness of our proposed method. Furthermore, we provide an in-depth analysis to offer a comprehensive understanding of layer-wise training involving various loss terms.",

keywords = "adversarial training, domain generalization",

author = "Xilin He and Cheng Luo and Qinliang Lin and Weicheng Xie and Khan, \{Muhammad Haris\} and Siyang Song and Linlin Shen",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025 ; Conference date: 28-02-2025 Through 04-03-2025",

year = "2025",

doi = "10.1109/WACV61041.2025.00762",

language = "English",

series = "Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "7847--7856",

booktitle = "Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025",

address = "United States",

}

He, X, Luo, C, Lin, Q, Xie, W, Khan, MH, Song, S & Shen, L 2025, Towards Robust Training via Gradient-Diversified Backpropagation. in Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025. Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025, Institute of Electrical and Electronics Engineers Inc., pp. 7847-7856, 2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025, Tucson, United States, 28/02/25. https://doi.org/10.1109/WACV61041.2025.00762

Towards Robust Training via Gradient-Diversified Backpropagation. / He, Xilin; Luo, Cheng; Lin, Qinliang et al.
Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025. Institute of Electrical and Electronics Engineers Inc., 2025. p. 7847-7856 (Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards Robust Training via Gradient-Diversified Backpropagation

AU - He, Xilin

AU - Luo, Cheng

AU - Lin, Qinliang

AU - Xie, Weicheng

AU - Khan, Muhammad Haris

AU - Song, Siyang

AU - Shen, Linlin

PY - 2025

Y1 - 2025

N2 - Neural networks are prone to be vulnerable to adversarial attacks and domain shifts. Adversarial-driven methods including adversarial training and adversarial augmentation, have been frequently proposed to improve the model's robustness against adversarial attacks and distribution-shifted samples. Nonetheless, recent research on adversarial attacks has cast a spotlight on the robustness lacuna against attacks targeted at deep semantic layers. Our analysis reveals that previous adversarial-driven methods tend to generate overpowering perturbations in deep semantic layers, leading to distortion of the training for these layers. This can be primarily attributed to the exclusive utilization of loss functions on the output layer for adversarial gradient generation. This inherent practice projects an excessive adversarial impact on the deep semantic layers, elevating the difficulty of training such layers. Therefore, from the standing point of relaxing the excessive perturbations in the deep semantic layer and diversifying the adversarial gradients to ensure robust training for deep semantic layers, this paper proposes a novel Stochastic Loss Integration Method (SLIM), which can be instantiated into the existing adversarial-driven methods in a plug-and-play manner. Experimental results across diverse tasks, including classification and segmentation, as well as various areas such as adversarial robustness and domain generalization, validate the effectiveness of our proposed method. Furthermore, we provide an in-depth analysis to offer a comprehensive understanding of layer-wise training involving various loss terms.

AB - Neural networks are prone to be vulnerable to adversarial attacks and domain shifts. Adversarial-driven methods including adversarial training and adversarial augmentation, have been frequently proposed to improve the model's robustness against adversarial attacks and distribution-shifted samples. Nonetheless, recent research on adversarial attacks has cast a spotlight on the robustness lacuna against attacks targeted at deep semantic layers. Our analysis reveals that previous adversarial-driven methods tend to generate overpowering perturbations in deep semantic layers, leading to distortion of the training for these layers. This can be primarily attributed to the exclusive utilization of loss functions on the output layer for adversarial gradient generation. This inherent practice projects an excessive adversarial impact on the deep semantic layers, elevating the difficulty of training such layers. Therefore, from the standing point of relaxing the excessive perturbations in the deep semantic layer and diversifying the adversarial gradients to ensure robust training for deep semantic layers, this paper proposes a novel Stochastic Loss Integration Method (SLIM), which can be instantiated into the existing adversarial-driven methods in a plug-and-play manner. Experimental results across diverse tasks, including classification and segmentation, as well as various areas such as adversarial robustness and domain generalization, validate the effectiveness of our proposed method. Furthermore, we provide an in-depth analysis to offer a comprehensive understanding of layer-wise training involving various loss terms.

KW - adversarial training

KW - domain generalization

UR - http://www.scopus.com/inward/record.url?scp=105003641491&partnerID=8YFLogxK

U2 - 10.1109/WACV61041.2025.00762

DO - 10.1109/WACV61041.2025.00762

M3 - Conference contribution

AN - SCOPUS:105003641491

T3 - Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025

SP - 7847

EP - 7856

BT - Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2025 IEEE/CVF Winter Conference on Applications of Computer Vision, WACV 2025

Y2 - 28 February 2025 through 4 March 2025

ER -

He X, Luo C, Lin Q, Xie W, Khan MH, Song S et al. Towards Robust Training via Gradient-Diversified Backpropagation. In Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 7847-7856. (Proceedings - 2025 IEEE Winter Conference on Applications of Computer Vision, WACV 2025). doi: 10.1109/WACV61041.2025.00762

Towards Robust Training via Gradient-Diversified Backpropagation

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this