Existing diffusion-based adversarial purification methods suffer from high computational overhead and significant information loss, making it challenging to balance robustness and efficiency. This work proposes an efficient adversarial purification framework that, for the first time, integrates signed distance function–driven shape encoding with a global appearance debiasing mechanism. The Shape Encoding Module (SEM) provides geometric guidance, while the Global Appearance Debiasing (GAD) module applies stochastic transformations to eliminate appearance bias without incurring additional computational cost. Evaluated under the AutoAttack benchmark, the proposed method achieves 84.06% clean accuracy and 81.64% robust accuracy, marking it as the first defense approach to surpass the 80% robust accuracy threshold.

Deep neural networks demonstrate impressive performance in visual recognition, but they remain vulnerable to adversarial attacks that is imperceptible to the human. Although existing defense strategies such as adversarial training and purification have achieved progress, diffusion-based purification often involves high computational costs and information loss. To address these challenges, we introduce Shape Guided Purification (ShapePuri), a novel defense framework enhances robustness by aligning model representations with stable structural invariants. ShapePuri integrates two components: a Shape Encoding Module (SEM) that provides dense geometric guidance through Signed Distance Functions (SDF), and a Global Appearance Debiasing (GAD) module that mitigates appearance bias via stochastic transformations. In our experiments, ShapePuri achieves $84.06\%$ clean accuracy and $81.64\%$ robust accuracy under the AutoAttack protocol, representing the first defense framework to surpass the $80\%$ threshold on this benchmark. Our approach provides a scalable and efficient adversarial defense that preserves prediction stability during inference without requiring auxiliary modules or additional computational cost.