CN-115167977-B - Target detection method and system based on Docker virtual isolation, device and storage medium

Abstract

The invention discloses a target detection method, a system, equipment and a storage medium based on Docker virtual isolation, wherein the method obtains a plurality of target detection models through training, integrates the plurality of models into an integrated model and constructs a Docker mirror image, enables all sub-models to be respectively positioned in different containers, then enhances the Docker containers in isolation, and determines the interaction relationship between the containers and between the mirror image when each deep learning model is started, thereby considering the safety, the isolation and the execution speed, finally inputting a multi-layer perception neural network based on the current running state and the detection accuracy requirement of a computer, outputting the container number and the mirror image file number which are expected to start and stop, being applicable to different task application scenes rapidly, needing not to manually frequently adjust the control strategy according to specific tasks, greatly saving the manpower development cost, and being capable of starting the Docker project of the specific scene in a short time and high efficiency.

Inventors

• DENG HANJUN
• ZENG WEIJIE
• HUANG RUI
• SHEN LIMAN
• YANG JING
• Ma Yeqin

Assignees

• 国网湖南省电力有限公司
• 国网湖南省电力有限公司供电服务中心（计量中心）
• 国家电网有限公司

Dates

Publication Date

20260512

Application Date

20220622

Claims (8)

1. 1. The target detection method based on the Docker virtual isolation is characterized by comprising the following steps of: training a plurality of deep learning models for target detection; Integrating a plurality of deep learning models obtained through training into an integrated model; Constructing an integrated model as a Docker mirror image, enabling each deep learning model to be respectively positioned in different containers, and uniquely numbering each container and mirror image file; isolation enhancement is carried out on the Docker containers, and interaction relations among the containers and between the containers and the mirror images when each deep learning model is started are defined; inputting a trained multi-layer perception neural network according to the current running state and detection accuracy requirements of a computer, and outputting a container number and an image file number which are expected to be started; executing a target detection task according to the output result of the multi-layer perception neural network; the process for isolating and enhancing the Docker containers and defining the interaction relationship between the containers and the mirror image when each deep learning model is started comprises the following steps: limiting the mutual access between containers; Limiting the mutual access between the container and the mirror image; access restriction is performed on the shared data volume; The process of restricting the mutual access between containers includes the following: setting mutual access control information between containers in a configuration file; Analyzing the configuration file, initializing various working environments, and entering a container to wait for working; Judging whether the current container has access to the target container or not according to the analyzed mutual access control information, if so, entering the next step, and if not, refusing to access; Identifying the file of the target container, judging whether the file is a host limited file, refusing access if the file is the host limited file, and entering the next step if the file is not the host limited file; and judging whether the file of the target container can be read and written, if so, allowing the current container to access the target container, and if not, refusing to access.
2. 2. The method for detecting an object based on virtual isolation of dock according to claim 1, wherein the process of integrating the trained deep learning models into one integrated model comprises the following steps: And merging the inputs of the multiple deep learning models obtained through training, so that each deep learning model can share the data transmitted by the image acquisition card, and giving an output result after independent operation based on the image data.
3. 3. The method for detecting objects based on virtual isolation of dock of claim 1, wherein the process of restricting mutual access between the container and the image comprises: setting the mutual access control information between the container and the mirror image in the configuration file; Analyzing the configuration file, initializing various working environments, and entering a container to wait for working; judging whether the current container has access to the target mirror image or not according to the analyzed mutual access control information, if so, entering the next step, and if not, refusing to access; And judging whether the current container is authorized to modify the target image file according to the mutual access control information, if so, allowing the current container to perform read-write operation on the target image file, and if not, only allowing the current container to perform read operation on the target image file.
4. 4. The method for detecting objects based on virtual isolation of dock of claim 1, wherein the process of access limiting the shared volume of data comprises: Setting mutual access control information between a container and a file system in a configuration file; Analyzing the configuration file, initializing various working environments, and entering a container to wait for working; judging whether the current container has access to the file system or not according to the analyzed mutual access control information, if so, entering the next step, and if not, refusing to access; identifying the target file, judging whether the target file exists under the shared data volume, if not, refusing to access, and if so, entering the next step; and judging whether the target file can be read or written, if so, allowing the current container to access the target file, and if not, refusing to access.
5. 5. The method for detecting the target based on the virtual isolation of the Docker according to any one of claims 1 to 4, wherein the process of inputting the trained multi-layer sensing neural network with the current running state and the detection accuracy requirement of the computer comprises the following steps: Based on the total amount of the computer memory and the current residual memory, the residual memory is quantized into a numerical value in a range of (0, 1), and the CPU utilization rate, the residual memory quantized value and the task accuracy requirement are input into the trained multi-layer perception neural network.
6. 6. A target detection system based on Docker virtual isolation is characterized by comprising The model training module is used for training a plurality of deep learning models for target detection; the model integration module is used for integrating a plurality of deep learning models obtained through training into an integrated model; The construction module is used for constructing the integrated model into a Docker mirror image, enabling each deep learning model to be respectively located in different containers, and uniquely numbering each container and mirror image file; the isolation enhancement module is used for carrying out isolation enhancement on the Docker containers and determining the interaction relationship between the containers and the mirror images when each deep learning model is started; The classification module is used for inputting the trained multi-layer perception neural network according to the current running state and detection accuracy requirements of the computer and outputting a container number and an image file number which are expected to be started; the execution module is used for executing a target detection task according to the output result of the multi-layer perception neural network; the process for isolating and enhancing the Docker containers and defining the interaction relationship between the containers and the mirror image when each deep learning model is started comprises the following steps: limiting the mutual access between containers; Limiting the mutual access between the container and the mirror image; access restriction is performed on the shared data volume; The process of restricting the mutual access between containers includes the following: setting mutual access control information between containers in a configuration file; Analyzing the configuration file, initializing various working environments, and entering a container to wait for working; Judging whether the current container has access to the target container or not according to the analyzed mutual access control information, if so, entering the next step, and if not, refusing to access; Identifying the file of the target container, judging whether the file is a host limited file, refusing access if the file is the host limited file, and entering the next step if the file is not the host limited file; and judging whether the file of the target container can be read and written, if so, allowing the current container to access the target container, and if not, refusing to access.
7. 7. An electronic device comprising a processor and a memory, wherein the memory has stored therein a computer program, and wherein the processor is configured to perform the steps of the method according to any of claims 1-5 by invoking the computer program stored in the memory.
8. 8. A computer readable storage medium storing a computer program for object detection based on Docker virtual isolation, wherein the computer program when run on a computer performs the steps of the method according to any of claims 1-5.

Description

Target detection method and system based on Docker virtual isolation, device and storage medium Technical Field The present invention relates to the field of target detection technologies, and in particular, to a target detection method and system based on dock virtual isolation, an electronic device, and a computer readable storage medium. Background With the continuous breakthrough of artificial intelligence technology, deep learning models such as target detection, semantic segmentation and target tracking have good anti-interference capability, and are gradually applied to various industrial production sites such as production environments of vending machines, automatic assembly line precision assembly and the like, and successful application of the scenes shows strong deep learning and landing performance. And there are a large amount of air switch state detection scenes in places such as transformer substation, computer lab, traditional manual detection cost is higher, has the potential at the same time, falls to the ground degree of depth study model in these scenes and has very much potential. However, since large computing devices cannot be deployed in industrial production sites, embedded edge computing devices are generally used to run various deep learning models, which requires that the edge computing devices have excellent system virtualization and isolation characteristics. In recent years, the Docker as an operating system level virtualization technology starts to replace the traditional virtualization scheme gradually, and is widely applied to various edge computing scenes, the implementation of the Docker virtualization technology mainly depends on a naming space and a control group provided by a Linux kernel, the security of the Linux kernel directly determines the security of the Docker, and the Docker is widely applied with the advantages of the Docker and also exposes more and more defects, such as poor isolation, complex security reinforcement, easy occurrence of data leakage and the like. In recent years, a security reinforcement scheme SELinux is proposed to enhance security isolation of dockers, and although the isolation method can reduce resources which can be accessed by service processes in a system to the greatest extent, the isolation method can judge user rights on all the resources, wastes a great amount of computing resources and time, is complex in operation and poor in compatibility, and cannot well meet the security isolation and sharing requirements of the Docker containers on shared data files. In addition, appArmor solution is proposed for strengthening forced access of a process, unlike SELinux, which only performs access control on part of resources of a system, although flexible, the exposed file without access control may have leakage phenomenon, and security and isolation are inferior to SELinux. In addition, when performing resource allocation of the Docker mirror image (such as a memory, a CPU, a video capture card, etc.), a conventional control strategy is to control the resource allocation of the Docker mirror image by manually designing a complex if.. In a practical scenario, such a manually designed control strategy needs to be adjusted frequently for specific tasks, and the adjustment process is complex, repetitive and difficult to unify. Disclosure of Invention The invention provides a target detection method and system based on Docker virtual isolation, electronic equipment and a computer readable storage medium, which are used for solving the technical problems that the existing Docker container is poor in safety and isolation, a manual control strategy is required to be frequently adjusted for a specific task when the resource allocation of the Docker mirror image is executed, and the adjustment process is complex and repeated and is difficult to unify. According to one aspect of the present invention, there is provided a target detection method based on Docker virtual isolation, including the following: training a plurality of deep learning models for target detection; Integrating a plurality of deep learning models obtained through training into an integrated model; Constructing an integrated model as a Docker mirror image, enabling each deep learning model to be respectively positioned in different containers, and uniquely numbering each container and mirror image file; isolation enhancement is carried out on the Docker containers, and interaction relations among the containers and between the containers and the mirror images when each deep learning model is started are defined; inputting a trained multi-layer perception neural network according to the current running state and detection accuracy requirements of a computer, and outputting a container number and an image file number which are expected to be started; And executing a target detection task according to the output result of the multi-layer perception neural network. Further, the process