Existing adversarial training methods rely on static, single-type attacks, rendering them inadequate against dynamically evolving attack strategies and resulting in insufficient long-term robustness. To address this, we propose a Sustainable Self-Evolving Adversarial Training (SSEAT) framework that enables continual, multi-stage learning to progressively enhance model defense capabilities over time. We introduce an adversarial data replay mechanism to mitigate catastrophic forgetting and incorporate cross-stage consistency regularization to preserve historical robust knowledge. SSEAT establishes the first “self-evolving” adversarial training paradigm, seamlessly integrating continual learning, adversarial generation, and knowledge consolidation. Extensive experiments across multiple benchmarks demonstrate significant improvements over state-of-the-art methods: SSEAT maintains high clean accuracy while substantially boosting generalization robustness against both known and unseen attacks.

With the wide application of deep neural network models in various computer vision tasks, there has been a proliferation of adversarial example generation strategies aimed at deeply exploring model security. However, existing adversarial training defense models, which rely on single or limited types of attacks under a one-time learning process, struggle to adapt to the dynamic and evolving nature of attack methods. Therefore, to achieve defense performance improvements for models in long-term applications, we propose a novel Sustainable Self-Evolution Adversarial Training (SSEAT) framework. Specifically, we introduce a continual adversarial defense pipeline to realize learning from various kinds of adversarial examples across multiple stages. Additionally, to address the issue of model catastrophic forgetting caused by continual learning from ongoing novel attacks, we propose an adversarial data replay module to better select more diverse and key relearning data. Furthermore, we design a consistency regularization strategy to encourage current defense models to learn more from previously trained ones, guiding them to retain more past knowledge and maintain accuracy on clean samples. Extensive experiments have been conducted to verify the efficacy of the proposed SSEAT defense method, which demonstrates superior defense performance and classification accuracy compared to competitors.