Graph Neural Networks (GNNs) have demonstrated state-of-the-art performance in various graph representation learning tasks. Recently, studies revealed their vulnerability to adversarial attacks. In this work, we theoretically define the concept of expected robustness in the context of attributed graphs and relate it to the classical definition of adversarial robustness in the graph representation learning literature. Our definition allows us to derive an upper bound of the expected robustness of Graph Convolutional Networks (GCNs) and Graph Isomorphism Networks subject to node feature attacks. Building on these findings, we connect the expected robustness of GNNs to the orthonormality of their weight matrices and consequently propose an attack-independent, more robust variant of the GCN, called the Graph Convolutional Orthonormal Robust Networks (GCORNs). We further introduce a probabilistic method to estimate the expected robustness, which allows us to evaluate the effectiveness of GCORN on several real-world datasets. Experimental experiments showed that GCORN outperforms available defense methods. Our code is publicly available at: \href{https://github.com/Sennadir/GCORN}{https://github.com/Sennadir/GCORN}.

翻译：图神经网络（GNNs）在多种图表示学习任务中展现了最先进的性能。近期研究表明，它们易受对抗性攻击的影响。本文在属性图背景下从理论上定义了期望鲁棒性的概念，并将其与图表示学习文献中对抗鲁棒性的经典定义相关联。该定义使我们能够推导出图卷积网络（GCNs）和图同构网络在节点特征攻击下期望鲁棒性的上界。基于这些发现，我们将GNNs的期望鲁棒性与其权重矩阵的正交性联系起来，进而提出一种与攻击无关且更具鲁棒性的GCN变体——图卷积正交鲁棒网络（GCORNs）。我们还引入了一种估计期望鲁棒性的概率方法，从而能在多个真实世界数据集上评估GCORN的有效性。实验表明，GCORN优于现有防御方法。我们的代码公开于：\href{https://github.com/Sennadir/GCORN}{https://github.com/Sennadir/GCORN}。