CN115134168A - Method and system for detecting cloud platform hidden channel based on convolutional neural network - Google Patents

Abstract

The invention discloses a method and a system for detecting a cloud platform hidden channel based on a convolutional neural network, which comprises a cloud platform flow sample acquisition step, a sample preprocessing step, a deep learning model construction step, a feature set selection step, a detection evaluation step and a visualization step.

Description

Method and system for detecting cloud platform hidden channel based on convolutional neural network

Technical Field

The invention relates to the technical field of software development and network and information security, in particular to a cloud platform hidden channel detection method and system based on a convolutional neural network.

Background

In recent years, the market scale of cloud computing is in a explosive growth trend, and the application of a cloud platform in daily life of people is more and more extensive. However, in a cloud computing environment, security threats are still rampant because networks of different data information owners are not physically separated in a practical sense. The storage type hidden channel is one of the hazards faced by the cloud platform.

Covert channel refers to the transmission of information in a confidential manner over a communication channel that is not used for communication and that violates a security policy. Covert channels are of a wide variety, and storage-type covert channels are not only used by hackers to transmit and reveal information, but also by trusted parties to share keys. In addition, the method is also used for bypassing network authentication, is a technical means violating the network system security, and hackers use the technical means to carry out diffusion attack and information leakage, thereby causing great threats to the cloud platform security.

Based on this, a feasible, novel and more reliable cloud platform covert channel detection system is needed.

Disclosure of Invention

In order to solve the problems, the invention provides a method and a system for detecting the hidden channel of the cloud platform based on the convolutional neural network, which have the capability of quickly and accurately identifying the hidden channel of the cloud platform.

The technical scheme adopted by the invention is as follows: the cloud platform hidden channel detection method based on the convolutional neural network comprises the following steps:

obtaining cloud platform traffic samples, including: acquiring a network traffic sample containing normal network traffic of a cloud platform and network traffic of a hidden channel of the cloud platform, and constructing a black-white mixed data set;

preprocessing the cloud platform traffic sample, including: carrying out format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file with a readable model, carrying out digital operation on non-digital characteristics in the cloud platform flow sample to convert the non-digital characteristics into digital characteristics, carrying out normalization processing on all the digital characteristics, and converting all the digital characteristics into a binary expression form;

constructing a deep learning model, comprising: selecting a convolutional neural network model as a learning model, initializing a hyper-parameter, and performing learning training and prediction on the black-white mixed data set;

selecting a feature set comprising: under the guidance of the deep learning model, selecting a feature from a feature set of original network flow and bringing the feature into the selected feature set;

detection and evaluation, comprising: training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample, and acquiring an evaluation index;

and forming a detection report according to the evaluation index and the additional information.

In a further aspect of the present invention,

the convolutional neural network model comprises a 2D convolutional layer, a pooling layer, a Dropout layer and a full-connection layer which are sequentially connected;

the 2D convolutional layer comprises 3 layers of 2D convolutional layers which are connected in sequence;

the output of the 3-layer 2D convolutional layer is connected with a pooling layer, and the pooling layer completes maximum pooling on non-overlapping subregions through a maximum filter;

the output of the pooling layer is connected with a Dropout layer, the Dropout layer is used for preventing overfitting, the probability of keep _ prob is set to be 0.75 to reserve input vectors, the Dropout layer does not contain trainable and updated parameters in the process of model training, and the dimension number of the residual dimension non-zero vectors is scaled according to the reciprocal proportion of keep _ prob;

the keep _ prob represents the proportion of the retention result to the total result, when keep _ prob =1, 100% retention result, i.e. Dropout, is not effective;

the Dropout layer output is connected with a fully-connected layer, each neuron in the fully-connected layer receives the output from the previous network layer, the convolutional neural network model changes the data dimension by using the fully-connected layer, the fully-connected layer changes a calculation original matrix of the dimension by using matrix multiplication, and all parameters in the calculation original matrix are updated in real time as trainable parameters along with the increase of the network training iteration number.

Further, in the above-mentioned case,

selecting one characteristic from the characteristic set of the original network flow as a standard for measuring the normal network flow of the platform and the network flow of the hidden channel of the cloud platform, wherein the characteristic comprises the following steps: the number of responses, the DNS request length, the data packet sender length, the data packet response length, the coded DNS query name length, the special character ratio and the information entropy provided in the traffic response are obtained to be used for measuring the normal network traffic of the platform and the hidden channel network traffic of the cloud platform.

Further, in the above-mentioned case,

the evaluation indexes comprise Accuracy (Accuracy), Precision (Precision), Recall (Recall), comprehensive classification F1 score (F1-score) and a characteristic curve ROC curve of the operation of the testees;

wherein, the accuracy rate represents the ratio of the number of samples of the detected pair, the higher the accuracy rate is, the better the detection model is, and the expression is:

the method comprises the following steps that TP represents the number of positive samples of a model predicted to be a positive class, TN represents the number of negative samples of the model predicted to be a negative class, FP represents the number of negative samples of the model predicted to be the positive class, and FN represents the number of positive samples of the model predicted to be the negative class;

the accuracy rate represents the proportion of the normal flow sample divided into the normal flow samples, and the expression is as follows:

the recall ratio represents the proportion of the number of the samples classified as normal flow in the total number of the normal samples, the larger the numerical value is, the higher the detection rate is, and the expression is as follows:

the comprehensive classification rate represents the comprehensive measurement of accuracy and detection rate, the higher the F1 value is, the better the model is, and the expression is as follows:

the ROC curve is used for further evaluating the performance of the detection model, the ROC curve focuses on two indexes of Recall and FPR, the FPR represents the probability of misclassifying a negative case into a positive case, and the FPR expression is as follows:

in the ROC curve, the abscissa of each point is FPR and the ordinate is Recall.

Further, in the above-mentioned case,

the additional information includes time and session information.

Further, in the above-mentioned case,

the forming of the detection report according to the evaluation index and the additional information includes: the method comprises the steps of obtaining a detection result of a hidden channel of the cloud platform, obtaining relevant information of a data packet according to the detection result, and forming a detection report according to the relevant information of the data packet.

In a further aspect of the present invention,

the related information of the data packet comprises: IP address, port number, packet length, and packet transmission time.

Further, in the above-mentioned case,

the types of the cloud platform hidden channel network traffic sample comprise DNS2TCP, DNSCAPY, DNSCAT2, IODINE and OZYMAN.

According to the method for detecting the cloud platform hidden channel based on the convolutional neural network, the invention also claims to protect a cloud platform hidden channel detection system based on the convolutional neural network, which comprises the following steps:

the cloud platform traffic sample acquisition module is used for acquiring a network traffic sample containing the normal network traffic of the cloud platform and the network traffic of the cloud platform hidden channel and constructing a black and white mixed data set;

the data preprocessing module is used for performing format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file with a readable model, performing digital operation on non-digital features in the cloud platform flow sample to convert the non-digital features into digital features, performing normalization processing on all the digital features, and converting all the digital features into a binary expression form;

the deep learning model construction module is used for selecting a convolutional neural network model as a learning model, initializing a hyper-parameter, and performing learning training and prediction on the black and white mixed data set;

the characteristic set selection module is used for selecting one characteristic from the characteristic set of the original network flow under the guidance of the deep learning model and bringing the characteristic into the selected characteristic set;

the detection evaluation module is used for training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample and acquiring an evaluation index;

and the visualization module is used for forming a detection report according to the evaluation index and the additional information.

The invention has the beneficial effects that:

the method adopts a convolutional neural network algorithm in deep learning, selects high-discrimination flow characteristics from a cloud platform original flow characteristic set through a deep learning model, uses the selected characteristics in cloud platform hidden channel flow detector training based on a deep learning method, and finally realizes high-precision and high-response detection on the cloud platform hidden channel flow.

The invention constructs a cloud platform hidden channel detection system, and improves the detection accuracy of the cloud platform hidden channel. By means of feature set selection, feature set vectors are constructed from multiple angles such as domain name length, special character proportion, information entropy and the like, the depth and the breadth of detection of the cloud platform covert channel are increased, and the accuracy of detection of the cloud platform covert channel is improved. Compared with other cloud platform hidden channel flow detection systems, the method is easier to realize and does not need to manually select flow characteristics; according to the abnormal network traffic detector generation method based on deep learning, for different traffic data sets and different initial traffic characteristics, high-discrimination traffic characteristics can be automatically and effectively selected, and finally a high-performance cloud platform hidden channel traffic detector is generated; the generated detector is light enough, has the capability of quickly and accurately identifying the hidden channel traffic of the cloud platform, and has high accuracy and F1 score.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

FIG. 1 is a cloud platform covert channel detection system based on a convolutional neural network;

FIG. 2 is a process diagram for obtaining cloud platform covert channel traffic;

FIG. 3 is a basic flow diagram of data pre-processing;

FIG. 4 is a graph of feature set generation during convolutional neural network training;

FIG. 5 is a network hierarchy diagram employed by a convolutional neural network;

fig. 6 is an evaluation index matrix diagram of the convolutional neural network model.

Detailed Description

First, it is stated that the term "and/or" appearing herein is merely one type of associative relationship that describes an associated object, meaning that three types of relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.

In order to make the method of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described and reproduced below with reference to fig. 1 to 6 in the embodiments of the present invention.

Example one

As a most basic implementation scheme of the present invention, the method for detecting a cloud platform hidden channel based on a convolutional neural network provided in this embodiment includes a cloud platform flow sample acquisition step, a sample preprocessing step, a deep learning model construction step, a feature set selection step, a detection evaluation step, and a visualization step, and a deep learning algorithm is adopted to select a high-resolution flow feature from a cloud platform original flow feature set through a deep learning model, and the selected feature is used for training a cloud platform hidden channel flow detector based on a deep learning method, so as to finally realize high-precision and high-response detection on the cloud platform hidden channel flow.

The method comprises the following specific steps:

s1: obtaining cloud platform traffic samples, including: and acquiring a network traffic sample containing the normal network traffic of the cloud platform and the network traffic of the hidden channel of the cloud platform, and constructing a black and white mixed data set.

The types of the cloud platform hidden channel network traffic sample include DNS2TCP, DNSCAPY, DNSCAT2, IODINE, OZYMAN, and the like.

S2: preprocessing the cloud platform flow sample, including: performing format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file which can be read by a model, performing digital operation on non-digital characteristics in the cloud platform flow sample to convert the non-digital characteristics into digital characteristics, performing normalization processing on all the digital characteristics, and converting all the digital characteristics into a binary expression form;

s3: constructing a deep learning model, comprising: selecting a convolutional neural network model as a learning model, initializing a hyper-parameter, and performing learning training and prediction on the black-white mixed data set;

the convolutional neural network model comprises a 2D convolutional layer, a pooling layer, a Dropout layer and a full-connection layer which are sequentially connected;

the 2D convolutional layer comprises 3 layers of 2D convolutional layers which are connected in sequence;

the output of the 3-layer 2D convolutional layer is connected with a pooling layer, and the pooling layer completes maximum pooling on non-overlapping subregions through a maximum filter;

the output of the pooling layer is connected with a Dropot layer, the Dropot layer sets the dimension of the input vector to be 0.75 according to the probability of keep _ prob, the Dropot layer does not contain trainable and updated parameters in the model training process, and the dimension number of the residual dimension non-zero vectors is scaled according to the inverse proportion of keep _ prob;

the Dropout layer output is connected with a fully-connected layer, each neuron in the fully-connected layer receives the output from the previous network layer, the convolutional neural network model uses the fully-connected layer to change the data dimension, the fully-connected layer uses matrix multiplication to change a calculation original matrix of the dimension, and all parameters in the calculation original matrix are updated in real time as trainable parameters as the number of network training iterations increases.

S4: selecting a feature set comprising: under the guidance of the deep learning model, one feature is selected from the feature set of the original network flow and is included in the selected feature set.

Specifically, one feature is selected from the feature set of the original network traffic as a standard for measuring the normal network traffic of the platform and the network traffic of the hidden channel of the cloud platform, and the features include: the number of responses, the DNS request length, the data packet sender length, the data packet response length, the coded DNS query name length, the special character ratio and the information entropy provided in the traffic response are obtained to be used for measuring the normal network traffic of the platform and the hidden channel network traffic of the cloud platform.

S5: detection and evaluation, comprising: training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample, and acquiring an evaluation index;

specifically, the evaluation indexes comprise Accuracy (Accuracy), Precision (Precision), Recall (Recall), comprehensive classification rate F1 score (F1-score) and a characteristic curve ROC curve of the operation of the testee;

wherein, the accuracy rate represents the ratio of the number of samples of the detected pair, the higher the accuracy rate is, the better the detection model is, and the expression is:

the accuracy rate represents the proportion of the normal flow sample divided into the normal flow samples, and the expression is as follows:

the recall rate represents the proportion of the number of samples classified as normal flow in the total number of normal samples, the larger the numerical value is, the higher the detection rate is, and the expression is as follows:

the comprehensive classification rate represents the comprehensive measurement of accuracy and detection rate, the higher the F1 value is, the better the model is, and the expression is as follows:

the ROC curve is used for further evaluating the performance of the detection model, the ROC curve focuses on two indexes of Recall and FPR, the FPR represents the probability of misclassifying a negative case into a positive case, and the FPR expression is as follows:

in the ROC curve, the abscissa of each point is FPR and the ordinate is Recall.

S6 forms a detection report based on the evaluation index and the additional information.

The additional information includes time and session information.

The specific steps of forming the detection report comprise: the method comprises the steps of obtaining a detection result of a hidden channel of the cloud platform, obtaining relevant information of a data packet according to the detection result, and forming a detection report according to the relevant information of the data packet.

The related information of the data packet includes: IP address, port number, packet length, and packet transmission time.

Example two

Based on the method for detecting a hidden channel of a cloud platform based on a convolutional neural network in the first embodiment, the embodiment further provides a system for detecting a hidden channel of a cloud platform based on a convolutional neural network, which includes:

the cloud platform flow sample acquisition module is used for acquiring a network flow sample containing the normal network flow of the cloud platform and the network flow of the cloud platform hidden channel and constructing a black-white mixed data set;

the data preprocessing module is used for performing format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file with a readable model, performing digital operation on non-digital features in the cloud platform flow sample to convert the non-digital features into digital features, performing normalization processing on all the digital features, and converting all the digital features into a binary expression form;

the deep learning model construction module is used for selecting a convolutional neural network model as a learning model, initializing a hyper-parameter and carrying out learning training and prediction on the black-white mixed data set;

the characteristic set selection module is used for selecting one characteristic from the characteristic set of the original network flow under the guidance of the deep learning model and incorporating the selected characteristic set;

the detection evaluation module is used for training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample and acquiring an evaluation index;

and the visualization module is used for forming a detection report according to the evaluation index and the additional information.

The convolutional neural network model comprises a 2D convolutional layer, a pooling layer, a Dropout layer and a full-connection layer which are sequentially connected;

the 2D convolutional layers comprise 3 layers of 2D convolutional layers which are connected in sequence;

the output of the 3 layers of 2D convolutional layers is connected with a pooling layer, and the pooling layer completes maximal pooling on non-overlapping subregions through a maximal filter;

the output of the pooling layer is connected with a Dropot layer, the Dropot layer sets the dimension of the input vector to be 0.75 according to the probability of keep _ prob, the Dropot layer does not contain trainable and updated parameters in the model training process, and the dimension number of the residual dimension non-zero vectors is scaled according to the inverse proportion of keep _ prob;

the Dropout layer output is connected with a fully-connected layer, each neuron in the fully-connected layer receives the output from the previous network layer, the convolutional neural network model changes the data dimension by using the fully-connected layer, the fully-connected layer changes a calculation original matrix of the dimension by using matrix multiplication, and all parameters in the calculation original matrix are updated in real time as trainable parameters along with the increase of the network training iteration number.

According to the method and the system for detecting the cloud platform hidden channel based on the convolutional neural network, for different flow data sets and different initial flow characteristics, the flow characteristics with high discrimination can be automatically and effectively selected, and finally a high-performance cloud platform hidden channel flow detector is generated; the generated detector is light enough, has the capability of quickly and accurately identifying the flow of the hidden channel of the cloud platform, and has lower false alarm rate and false alarm rate.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A cloud platform hidden channel detection method based on a convolutional neural network is characterized by comprising the following steps:

obtaining cloud platform traffic samples, including: acquiring a network traffic sample containing normal network traffic of a cloud platform and network traffic of a hidden channel of the cloud platform, and constructing a black-white mixed data set;

preprocessing the cloud platform traffic sample, including: carrying out format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file with a readable model, carrying out digital operation on non-digital characteristics in the cloud platform flow sample to convert the non-digital characteristics into digital characteristics, carrying out normalization processing on all the digital characteristics, and converting all the digital characteristics into a binary expression form;

constructing a deep learning model, comprising: selecting a convolutional neural network model as a learning model, initializing a hyper-parameter, and performing learning training and prediction on the black-white mixed data set;

selecting a feature set comprising: under the guidance of the deep learning model, selecting a feature from a feature set of original network flow and bringing the feature into the selected feature set;

detection and evaluation, comprising: training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample, and acquiring an evaluation index;

and forming a detection report according to the evaluation index and the additional information.

2. The convolutional neural network-based cloud platform hidden channel detection method of claim 1, characterized in that:

the convolutional neural network model comprises a 2D convolutional layer, a pooling layer, a Dropout layer and a full-connection layer which are sequentially connected;

the 2D convolutional layer comprises 3 layers of 2D convolutional layers which are connected in sequence;

the output of the 3-layer 2D convolutional layer is connected with a pooling layer, and the pooling layer completes maximum pooling on non-overlapping subregions through a maximum filter;

the output of the pooling layer is connected with a Dropout layer, the Dropout layer sets the dimension of an input vector to be 0.75 according to the probability of keep _ prob, the Dropout layer does not contain trainable and updated parameters in the model training process, and the dimension number of the residual dimension non-zero vector is scaled according to the inverse proportion of keep _ prob;

the Dropout layer output is connected with a fully-connected layer, each neuron in the fully-connected layer receives the output from the previous network layer, the convolutional neural network model uses the fully-connected layer to change the data dimension, the fully-connected layer uses matrix multiplication to change a calculation original matrix of the dimension, and all parameters in the calculation original matrix are updated in real time as trainable parameters as the number of network training iterations increases.

3. The convolutional neural network-based cloud platform hidden channel detection method of claim 1, characterized in that:

selecting one characteristic from the characteristic set of the original network flow as a standard for measuring the normal network flow of the platform and the network flow of the hidden channel of the cloud platform, wherein the characteristic comprises the following steps: the number of responses, the DNS request length, the data packet sender length, the data packet response length, the coded DNS query name length, the special character ratio and the information entropy provided in the traffic response are obtained to be used for measuring the normal network traffic of the platform and the hidden channel network traffic of the cloud platform.

4. The convolutional neural network-based cloud platform hidden channel detection method of claim 1, characterized in that:

the evaluation indexes comprise Accuracy, Precision, Recall, comprehensive classification rate F1 score F1-score and a receiver operating characteristic curve ROC curve;

wherein, the accuracy rate represents the ratio of the number of samples of the detected pair, the higher the accuracy rate is, the better the detection model is, and the expression is:

the method comprises the following steps that TP represents the number of positive samples of a model predicted to be a positive class, TN represents the number of negative samples of the model predicted to be a negative class, FP represents the number of negative samples of the model predicted to be the positive class, and FN represents the number of positive samples of the model predicted to be the negative class;

the accuracy rate represents the proportion of the normal flow sample divided into the normal flow samples, and the expression is as follows:

the recall ratio represents the proportion of the number of the samples classified as normal flow in the total number of the normal samples, the larger the numerical value is, the higher the detection rate is, and the expression is as follows:

the comprehensive classification rate represents the comprehensive measurement of the accuracy and the detection rate, the higher the F1 value is, the better the model is, and the expression is as follows:

the ROC curve is used for further evaluating the performance of the detection model, the ROC curve focuses on two indexes of Recall and FPR, the FPR represents the probability of misclassifying a negative case into a positive case, and the FPR expression is as follows:

in the ROC curve, the abscissa of each point is FPR and the ordinate is Recall.

5. The convolutional neural network-based cloud platform hidden channel detection method of claim 1, characterized in that:

the additional information includes time and session information.

6. The method for detecting the hidden channel of the cloud platform based on the convolutional neural network as claimed in claim 1, characterized in that:

the forming of the detection report according to the evaluation index and the additional information includes: the method comprises the steps of obtaining a detection result of a hidden channel of the cloud platform, obtaining relevant information of a data packet according to the detection result, and forming a detection report according to the relevant information of the data packet.

7. The convolutional neural network-based cloud platform hidden channel detection method of claim 6, wherein:

the related information of the data packet comprises: IP address, port number, packet length, and packet transmission time.

8. The convolutional neural network-based cloud platform hidden channel detection method of claim 1, characterized in that:

the types of the cloud platform hidden channel network traffic sample comprise DNS2TCP, DNSCAPY, DNSCAT2, IODINE and OZYMAN.

9. Cloud platform hidden channel detection system based on convolutional neural network, its characterized in that includes:

the cloud platform flow sample acquisition module is used for acquiring a network flow sample containing the normal network flow of the cloud platform and the network flow of the cloud platform hidden channel and constructing a black-white mixed data set;

the data preprocessing module is used for performing format conversion on the cloud platform flow sample by using a script file, converting the cloud platform flow sample into a metadata file with a readable model, performing digital operation on non-digital features in the cloud platform flow sample to convert the non-digital features into digital features, performing normalization processing on all the digital features, and converting all the digital features into a binary expression form;

the deep learning model construction module is used for selecting a convolutional neural network model as a learning model, initializing a hyper-parameter and carrying out learning training and prediction on the black-white mixed data set;

the characteristic set selection module is used for selecting one characteristic from the characteristic set of the original network flow under the guidance of the deep learning model and bringing the characteristic into the selected characteristic set;

the detection evaluation module is used for training through the deep learning model based on the feature set to generate a candidate cloud platform hidden channel flow detector, testing the candidate cloud platform hidden channel flow detector by using the cloud platform network flow sample and acquiring an evaluation index;

and the visualization module is used for forming a detection report according to the evaluation index and the additional information.

10. The convolutional neural network based cloud platform covert channel detection system of claim 9,

the convolutional neural network model comprises a 2D convolutional layer, a pooling layer, a Dropout layer and a full-connection layer which are sequentially connected;

the 2D convolutional layers comprise 3 layers of 2D convolutional layers which are connected in sequence;

the output of the 3-layer 2D convolutional layer is connected with a pooling layer, and the pooling layer completes maximum pooling on non-overlapping subregions through a maximum filter;

the output of the pooling layer is connected with a Dropout layer, the Dropout layer is used for preventing overfitting, the probability of keep _ prob is set to be 0.75 to reserve input vectors, the Dropout layer does not contain trainable and updated parameters in the process of model training, and the dimension number of the residual dimension non-zero vectors is scaled according to the reciprocal proportion of keep _ prob;

the keep _ prob represents the proportion of the retention result to the total result, when keep _ prob =1, 100% retention result, i.e. Dropout, is not effective;

the Dropout layer output is connected with a fully-connected layer, each neuron in the fully-connected layer receives the output from the previous network layer, the convolutional neural network model uses the fully-connected layer to change the data dimension, the fully-connected layer uses matrix multiplication to change a calculation original matrix of the dimension, and all parameters in the calculation original matrix are updated in real time as trainable parameters as the number of network training iterations increases.

Images