In continual training scenarios, deep learning models are vulnerable to unauthorized tampering, and their integrity is difficult to verify in real time. Method: This paper proposes a lightweight model integrity verification mechanism based on robust watermarking—extending robust model watermarking techniques to dynamic incremental training environments for the first time. It integrates watermark embedding/extraction, robust feature binding, and hash-based consistency verification to enable low-overhead, high-accuracy integrity detection after model updates. The method is optimized for deployment in Cyber-Physical Systems (CPS), supporting real-time online monitoring. Results: Evaluated across diverse deep learning architectures and complex data distributions, the approach achieves over 98% integrity detection accuracy while reducing verification overhead by two orders of magnitude—significantly outperforming state-of-the-art methods.

In response to the growing popularity of Machine Learning (ML) techniques to solve problems in various industries, various malicious groups have started to target such techniques in their attack plan. However, as ML models are constantly updated with continuous data, it is very hard to monitor the integrity of ML models. One probable solution would be to use hashing techniques. Regardless of how that would mean re-hashing the model each time the model is trained on newer data which is computationally expensive and not a feasible solution for ML models that are trained on continuous data. Therefore, in this paper, we propose a model integrity-checking mechanism that uses model watermarking techniques to monitor the integrity of ML models. We then demonstrate that our proposed technique can monitor the integrity of ML models even when the model is further trained on newer data with a low computational cost. Furthermore, the integrity checking mechanism can be used on Deep Learning models that work on complex data distributions such as Cyber-Physical System applications.