Existing adversarial purification methods predominantly employ uniform noise injection, indiscriminately perturbing all frequency components—thereby degrading semantic structure and limiting robustness gains. This work is the first to empirically reveal that adversarial perturbations exhibit a non-uniform distribution in the frequency domain. Motivated by this insight, we propose an amplitude-adaptive noise injection framework: it identifies high-frequency vulnerable regions via input magnitude spectra and selectively suppresses adversarial perturbations therein, while preserving semantically critical low-frequency components. Our method synergistically integrates diffusion models with spectral analysis, designing a frequency-sensitive heterogeneous noise injection strategy for fine-grained adversarial purification. Evaluated on CIFAR-10 and ImageNet-1K, it achieves ≤0.59% clean accuracy drop and +2.15% robust accuracy improvement, establishing new state-of-the-art performance on RobustBench.

Adversarial purification with diffusion models has emerged as a promising defense strategy, but existing methods typically rely on uniform noise injection, which indiscriminately perturbs all frequencies, corrupting semantic structures and undermining robustness. Our empirical study reveals that adversarial perturbations are not uniformly distributed: they are predominantly concentrated in high-frequency regions, with heterogeneous magnitude intensity patterns that vary across frequencies and attack types. Motivated by this observation, we introduce MANI-Pure, a magnitude-adaptive purification framework that leverages the magnitude spectrum of inputs to guide the purification process. Instead of injecting homogeneous noise, MANI-Pure adaptively applies heterogeneous, frequency-targeted noise, effectively suppressing adversarial perturbations in fragile high-frequency, low-magnitude bands while preserving semantically critical low-frequency content. Extensive experiments on CIFAR-10 and ImageNet-1K validate the effectiveness of MANI-Pure. It narrows the clean accuracy gap to within 0.59 of the original classifier, while boosting robust accuracy by 2.15, and achieves the top-1 robust accuracy on the RobustBench leaderboard, surpassing the previous state-of-the-art method.