Described herein are embodiments for a feature-scattering-based adversarial training approach for improving model robustness against adversarial attacks. Conventional adversarial training approaches leverage a supervised scheme, either targeted or non-targeted in generating attacks for training, which typically suffer from issues such as label leaking as noted in recent works. Embodiments of the disclosed approach generate adversarial images for training through feature scattering in the latent space, which is unsupervised in nature and avoids label leaking. More importantly, the presented approaches generate perturbed images in a collaborative fashion, taking the inter-sample relationships into consideration. Extensive experiments on different datasets compared with state-of-the-art approaches demonstrate the effectiveness of the presented embodiments.