ShapePuri: Shape Guided and Appearance Generalized Adversarial Purification
This addresses the problem of adversarial robustness in visual recognition for AI security, representing a significant advance as the first to exceed 80% robust accuracy on this benchmark.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by introducing ShapePuri, a defense framework that uses shape guidance and appearance debiasing to enhance robustness, achieving 84.06% clean accuracy and 81.64% robust accuracy under AutoAttack, surpassing the 80% threshold.
Deep neural networks demonstrate impressive performance in visual recognition, but they remain vulnerable to adversarial attacks that is imperceptible to the human. Although existing defense strategies such as adversarial training and purification have achieved progress, diffusion-based purification often involves high computational costs and information loss. To address these challenges, we introduce Shape Guided Purification (ShapePuri), a novel defense framework enhances robustness by aligning model representations with stable structural invariants. ShapePuri integrates two components: a Shape Encoding Module (SEM) that provides dense geometric guidance through Signed Distance Functions (SDF), and a Global Appearance Debiasing (GAD) module that mitigates appearance bias via stochastic transformations. In our experiments, ShapePuri achieves $84.06\%$ clean accuracy and $81.64\%$ robust accuracy under the AutoAttack protocol, representing the first defense framework to surpass the $80\%$ threshold on this benchmark. Our approach provides a scalable and efficient adversarial defense that preserves prediction stability during inference without requiring auxiliary modules or additional computational cost.