Graph Neural Networks (GNNs) are highly vulnerable to small perturbations and adversarial attacks; existing defense methods often rely on heuristic metrics, suffer from poor generalizability, and incur high computational overhead. To address these limitations, we propose KCES—a training-free, model-agnostic defense framework. KCES introduces Graph Kernel Complexity (GKC) as the first theoretically grounded edge importance metric, quantifying each edge’s impact on generalization performance. Leveraging unsupervised pruning, KCES automatically removes adversarial edges with high GKC. The method is plug-and-play, requires no retraining, and provides provable generalization error bounds. Extensive experiments on multiple benchmark datasets demonstrate that KCES significantly outperforms state-of-the-art defenses in both robustness and efficiency. Moreover, KCES is compatible with and enhances existing defense strategies, offering a principled, scalable, and theoretically justified solution for securing GNNs against structural adversarial perturbations.

Graph Neural Networks (GNNs) have achieved impressive success across a wide range of graph-based tasks, yet they remain highly vulnerable to small, imperceptible perturbations and adversarial attacks. Although numerous defense methods have been proposed to address these vulnerabilities, many rely on heuristic metrics, overfit to specific attack patterns, and suffer from high computational complexity. In this paper, we propose Kernel Complexity-Based Edge Sanitization (KCES), a training-free, model-agnostic defense framework. KCES leverages Graph Kernel Complexity (GKC), a novel metric derived from the graph's Gram matrix that characterizes GNN generalization via its test error bound. Building on GKC, we define a KC score for each edge, measuring the change in GKC when the edge is removed. Edges with high KC scores, typically introduced by adversarial perturbations, are pruned to mitigate their harmful effects, thereby enhancing GNNs' robustness. KCES can also be seamlessly integrated with existing defense strategies as a plug-and-play module without requiring training. Theoretical analysis and extensive experiments demonstrate that KCES consistently enhances GNN robustness, outperforms state-of-the-art baselines, and amplifies the effectiveness of existing defenses, offering a principled and efficient solution for securing GNNs.