Despite the success of graph neural networks (GNNs), their vulnerability to adversarial attacks poses tremendous challenges for practical applications. Existing defense methods suffer from severe performance decline under unseen attacks, due to either limited observed adversarial examples or pre-defined heuristics. To address these limitations, we analyze the causalities in graph adversarial attacks and conclude that causal features are key to achieve graph adversarial robustness, owing to their determinedness for labels and invariance across attacks. To learn these causal features, we innovatively propose an Invariant causal DEfense method against adversarial Attacks (IDEA). We derive node-based and structure-based invariance objectives from an information-theoretic perspective. IDEA ensures strong predictability for labels and invariant predictability across attacks, which is provably a causally invariant defense across various attacks. Extensive experiments demonstrate that IDEA attains state-of-the-art defense performance under all five attacks on all five datasets. The implementation of IDEA is available at https://anonymous.4open.science/r/IDEA.

翻译：中文摘要：尽管图神经网络取得了成功，但其对对抗攻击的脆弱性为实际应用带来了巨大挑战。现有防御方法因受限于有限的对抗样本观测或预定义启发式规则，在应对未知攻击时性能严重下降。为突破这些局限，我们分析了图对抗攻击中的因果关系，并得出结论：因果特征因其对标签的确定性以及跨攻击的不变性，是实现图对抗鲁棒性的关键。为学习这些因果特征，我们创新性地提出了一种基于不变因果关系的对抗攻击防御方法（IDEA）。我们从信息论视角推导出节点级与结构级不变性目标函数。IDEA同时确保了对标签的强预测性以及跨攻击的预测不变性，这被证明是一种跨多种攻击的因果不变性防御方法。大量实验表明，IDEA在所有五个数据集上针对全部五种攻击均取得了最优的防御性能。IDEA的实现代码已开源在https://anonymous.4open.science/r/IDEA。