Multi-layer protection of deep learning model using dual watermarking and encryption

Himanshu Kumar Singh, Kedar Nath Singh, Amrit Kumar Agrawal, Amit Kumar Singh, Brij B. Gupta,
Multi-layer protection of deep learning model using dual watermarking and encryption,
Applied Soft Computing,
Volume 185, Part B,
2025,
113995,
ISSN 1568-4946,
https://doi.org/10.1016/j.asoc.2025.113995.
(https://www.sciencedirect.com/science/article/pii/S1568494625013080)
Abstract: Deep learning (DL) models have achieved remarkable success across diverse domains, including social media, healthcare, manufacturing, and education. However, their potential misuse introduces critical challenges, such as copyright violations, privacy breaches, and contamination of large-scale datasets with model-generated records, which can adversely affect subsequent model training. Existing watermarking methods typically rely on embedding a single watermark into models, which limits their robustness against adversarial attacks and reduces security performance. To address these limitations, we propose a novel multi-layer protection technique for deep learning models, combining dual watermarking and chaotic encryption. Our method generates two distinct watermarks using a chaotic map and a gold sequence, which are embedded into separate layers of the model to enhance resilience and security. Additionally, chaotic encryption is applied to the model’s weights, providing an extra layer of protection against distortions and unauthorized modifications. Comprehensive experimental evaluations demonstrate the superior performance of our proposed technique. For example, under adversarial attacks, the model maintains over 95 % watermark retrieval accuracy, outperforming existing methods by up to 20 % in robustness metrics. Furthermore, our approach significantly improves resistance to common distortions, including fine-tuning and pruning attacks.
Keywords: Copyright protection; Digital watermarking; Encryption; Deep learning; Attacks