To address the vulnerability of deep neural network (DNN) models to unauthorized use and the difficulty of verifying model ownership, this paper proposes a white-box watermarking framework. It generates a sensitive parameter sequence via Logistic chaotic mapping and embeds ownership information into intermediate-layer weights—without altering the network architecture and incurring less than 0.3% accuracy degradation. Innovatively, the method integrates chaotic dynamics with a genetic algorithm: chaos ensures unpredictability and robustness of embedding, while the genetic algorithm enables reversible watermark parameter recovery and cryptographically verifiable falsification detection. The framework supports dual-mode verification—numerical validation and weight-density visualization—to reliably distinguish original, watermarked, and tampered models. Experiments on MNIST and CIFAR-10 demonstrate strong robustness against fine-tuning attacks, achieving a balanced trade-off among security, transparency, and practicality.

The rapid proliferation of deep neural networks (DNNs) across several domains has led to increasing concerns regarding intellectual property (IP) protection and model misuse. Trained DNNs represent valuable assets, often developed through significant investments. However, the ease with which models can be copied, redistributed, or repurposed highlights the urgent need for effective mechanisms to assert and verify model ownership. In this work, we propose an efficient and resilient white-box watermarking framework that embeds ownership information into the internal parameters of a DNN using chaotic sequences. The watermark is generated using a logistic map, a well-known chaotic function, producing a sequence that is sensitive to its initialization parameters. This sequence is injected into the weights of a chosen intermediate layer without requiring structural modifications to the model or degradation in predictive performance. To validate ownership, we introduce a verification process based on a genetic algorithm that recovers the original chaotic parameters by optimizing the similarity between the extracted and regenerated sequences. The effectiveness of the proposed approach is demonstrated through extensive experiments on image classification tasks using MNIST and CIFAR-10 datasets. The results show that the embedded watermark remains detectable after fine-tuning, with negligible loss in model accuracy. In addition to numerical recovery of the watermark, we perform visual analyses using weight density plots and construct activation-based classifiers to distinguish between original, watermarked, and tampered models. Overall, the proposed method offers a flexible and scalable solution for embedding and verifying model ownership in white-box settings well-suited for real-world scenarios where IP protection is critical.