Deep neural networks are the most widely used technology in many fields, but they are vulnerable to adversarial attacks which can manipulate their outputs by adding imperceptible perturbation to images. In this paper, we introduce the theory of adversarial examples and the well-known defense methods at present. Then, we propose a universal defense strategy based on weakly supervised object localization and regions recombination. We analyze the distribution of adversarial perturbations, finding that there are more perturbations in the foreground region. Therefore, we first propose a weighted heatmap extraction method based on weakly supervised object localization to label foreground region and background region. Then, we propose a boundary exploration method to separate these two regions. After that, we eliminate the adversarial perturbations in the foreground by bicubic interpolation filtering. Finally, we recombine regions to highlight the rectified foreground region and weaken the background region to get the rectification of adversarial examples which can be correctly classified. We perform comprehensive experiments indicating the proposed method provides better protection than other defense methods, and the average rectification rate is up to 92%.

深度神经网络是许多领域中使用最广泛的技术，但它们很容易受到对抗性攻击，这些对抗性攻击可以通过向图像添加难以察觉的扰动来操纵其输出。在本文中，我们介绍了对抗样本的理论和目前众所周知的防御方法。然后，我们提出了一种基于弱监督目标定位和区域重组的通用防御策略。我们分析了对抗性扰动的分布，发现前景区域存在更多的扰动。因此，我们首先提出了一种基于弱监督目标定位的加权热图提取方法来标记前景区域和背景区域。然后，我们提出了一种边界探索方法来分离这两个区域。在那之后，我们通过双三次插值滤波消除了前景中的对抗性扰动。最后，我们重新组合区域以突出校正后的前景区域并弱化背景区域以获得可以正确分类的对抗样本的校正。我们进行了综合实验，表明该方法提供了比其他防御方法更好的保护，平均整改率高达 92%。