Abstract: Adversarial defense algorithms are mainly used to defend against attack examples from humans and reduce the risk of attack on the system. Generally, robust accuracy is used as an indicator of the model's ability to resist attacks. However, the current state of research on the robustness features that are contained in the training data is only conceptually explained and lacks a more intuitive understanding. In order to better understand the robustness, GAN-Separator model that can separate the robust data is proposed. The use of separated data to realize the adversarial training could enhance the stability of the model. The separated robust data results show that the source of robustness mainly comes from the object contour, key parts and its color, which is roughly consistent with the way human vision judges objects. The experimental results provide a guidance for the improvement direction of adversarial defense, and can improve the robustness of AI system.