Robust Neural Network Compression (NES Group)

While deep neural networks have shown many amazing results in various applications, their large memory footprint hinders their usage on resource-constrained IoT devices.
Recently we saw many efforts on deep model compression for embedded devices. However, these models can be easily fooled by simple tricks and attacks, e.g., adding a small perturbation to a panda image fools the network to classify it as a gibbon.
The goal of this thesis is to secure compressed neural networks, so that they are robust against different types of machine learning hacks, e.g., adversarial attacks.
While working on the topic, you will receive different compressed networks. Your job is to leverage published and open-sourced algorithms to attack these compressed models and bring your own ideas on how to improve model robustness.

Download as PDF

Student Target Groups:

  • Students of ICE/Telematics
  • Students of Computer Science

Thesis Type:

  • Master Thesis

Goals and Tasks:

  • Summarize existing deep neural network attacks: algorithms, applications, and frameworks
  • Design robustness experiments and implement attacks
  • Evaluate compressed neural networks against attacks
  • Integrate robustness into model compression (your ideas are welcome, but you will also get our assistance and guidance)
  • Summarize the results in a written report, open-source the codes, and present your work to our group

Recommended Prior Knowledge:

  • Basic knowledge of Deep Learning
  • Prior experience with Deep Learning frameworks, e.g. Tensorflow, Pytorch
  • Good programming skills in Python


  • As soon as possible