CN103957205A - Trojan horse detection method based on terminal traffic - Google Patents
Trojan horse detection method based on terminal traffic Download PDFInfo
- Publication number
- CN103957205A CN103957205A CN201410169874.XA CN201410169874A CN103957205A CN 103957205 A CN103957205 A CN 103957205A CN 201410169874 A CN201410169874 A CN 201410169874A CN 103957205 A CN103957205 A CN 103957205A
- Authority
- CN
- China
- Prior art keywords
- traffic
- data
- terminal
- trojan
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a trojan horse detection method based on terminal traffic. The method comprises the steps of capturing data traffic information, analyzing time period traffic, analyzing uplink data traffic and downlink data traffic of a terminal, conducting approval matching between the data traffic which is analyzed intelligently and communication white list data, and detecting the correctness of a terminal traffic data packet. According to the trojan horse detection method based on the terminal traffic, the situation that when a conventional trojan horse detection means according to existing feature codes, samples, malicious codes and the like in the prior art is used, trojan horses which are highly hidden, incapable of being killed, capable of conducting irregular communication and being injected through system program files and the like can not be found or killed in time is changed; by means of the trojan horse detection method based on the terminal traffic, the terminal data traffic can be monitored in real time, whether traffic data generated by a program are abnormal is determined through a multi-dimensional detection model, deep detection of variant trojan horses or advanced trojan horses or residual trojan horses is achieved, the safety of a computer is improved, the false alarm rate is lowered, and the accuracy of trojan horse positioning is improved.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of Trojan detecting method based on terminal flow.
Background technology
Wooden horse is that one of network security threatens greatly, along with network technology is maked rapid progress, antivirus software has stoped the propagation of multiple computer virus, being subject to interests orders about, trojan horse program is also constantly being upgraded and is being improved oneself, trojan horse program producer also adopts multiple technologies means to optimize trojan horse program, and relevant trojan horse program is carried out to processing free to kill, automatically hides, closed safe securing software, adopts the detection of the technology such as bounce-back or fault-tolerant time and technology the evades fail-safe software such as the external world communicates by letter; The technology such as following wooden horse will more be focused on hiding, bottom communication, the utilization of 0day leak carry out resisting with killing instrument.
Tradition wooden horse killing technology is based on program behavior behavior, condition code or pointed killing instrument are main, can not identify fast trojan horse program up-to-date or that upgraded, whether computer user cannot diagnositc decision program be wooden horse or plant wooden horse, and also overflow in network diffusion sowing of viral wooden horse, thought in the past cause propagate approach be USB flash disk carry out multimachine device use cause, push away the viral wooden horse killing of place for USB flash disk thereupon, the destruction of the propagation of viral wooden horse is not still controlled in terminal killing and USB flash disk killing, consider that viral wooden horse propagates by network, formulate again the viral wooden horse detection means of flow Network Based, reduce the possibility of terminal kind virus wooden horse, outside network layer improves for viral wooden horse detectability, can also effectively stop traditional viral wooden horse in network, to propagate infection, can or could not effectively strangle the propagation of viral wooden horse, still there is destruction and the leakage information event of viral wooden horse.
In sum, take the means such as terminal killing, USB flash disk killing and the detection of network traffics wooden horse, still can not control the propagation of viral wooden horse, most current virus wooden horse is walked around above-mentioned preventive means, still exists and is controlled or the threat such as data message leakage.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides a kind of Trojan detecting method based on terminal flow, resolve by carrying out upper and lower flow detection, process communication Data Detection and data on flows bag correctness, realize terminal flow wooden horse and detect.
In order to realize foregoing invention object, the present invention takes following technical scheme:
The invention provides a kind of Trojan detecting method based on terminal flow, said method comprising the steps of:
Step 1: capture-data flow information, and analysis time section flow;
Step 2: terminal up-downgoing data traffic is analyzed;
Step 3: the data traffic by intellectual analysis is checked and approved coupling with the white list data of communicating by letter;
Step 4: terminal data on flows bag correctness detects.
Described step 1 comprises the following steps:
Step 1-1: catch the data traffic information of terminal, the data traffic of all generations is recorded and added up;
Step 1-2: obtain data traffic information in the time period, the data traffic information that real time record produces, according to the data packet analysis of catching, obtain producing source port or the destination interface of data traffic, find the process ID that takies port by source port, finding the entry of this process by process ID;
Step 1-3: if this process entry producing in the time period do not detected, carry out self-built process entry, the length of packet is added in the flow field of entry.
Described step 2 comprises the following steps:
Step 2-1: set up data traffic detection model, add up uplink traffic and the downlink traffic of all processes;
Step 2-2: carry out the detection of process ID, process title, uplink traffic, downlink traffic, time period, packet keyword, characteristic function and malicious code by data traffic detection model;
Step 2-3: in decision data flow, whether uplink traffic and downlink traffic there are differences, if uplink traffic is greater than downlink traffic, carries out keyword filtration analysis by packet;
Step 2-4: the excessive packet of downlink traffic is carried out to the detection of characteristic function and malicious code;
Step 2-5: if there is characteristic function or malicious code in downlink traffic, there are abnormal flow data in surface, search corresponding program by process ID, self-built process entry is carried out the corresponding process in intellectual analysis coupling location with real-time traffic data record information.
In described step 3, according to wooden horse behavioral trait, build the white list of communicating by letter based on process title, sources traffic port, object IP address and destination interface association, obtaining after data traffic information, find corresponding process by data on flows, according to data packet analysis, search and produce flow process source port and extraneous object IP address and destination interface of communicating by letter, record also contrasts coupling with building the white list of communicating by letter, and takes a decision as to whether trojan horse program.
Terminal data on flows bag correctness detects and comprises that agreement correctness detects and protocol data packet length detects.
Described step 4 specifically comprises the following steps:
Step 4-1: set up agreement correctness detection model based on packet, agreement correctness detection model is contained the feature that field comprises port numbers, agreement, agreement, the data packet length threshold values information of agreement;
Step 4-2: identify corresponding agreement according to uplink traffic destination interface, according to protocol characteristic, packet content is verified;
Step 4-3: detect according to the maximum of uplink traffic protocol data packet length, exceed the maximum data packet length of certain agreement of setting, just belong to suspicious data bag, its transmission program just belongs to suspicious process, completes protocol data packet length and detects.
Compared with prior art, beneficial effect of the present invention is:
Trojan detecting method based on terminal flow provided by the invention, change former with good grounds existing condition code, sample, the conventional wooden horse detection means such as malicious code, height is hidden, free to kill, irregular communication, the wooden horse of the modes such as system program file is pouring-in can not be found or killing in time, by terminal flow Trojan detecting method, can monitor in real time terminal data flow, whether the data on flows producing by various dimensions detection model decision procedure exists extremely, to mutation wooden horse, senior wooden horse or residual wooden horse depth detection, improve computer security, reduce rate of false alarm, improve wooden horse accurate positioning.
Brief description of the drawings
Fig. 1 is the Trojan detecting method flow chart based on terminal flow.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
As Fig. 1, the invention provides a kind of Trojan detecting method based on terminal flow, said method comprising the steps of:
Step 1: capture-data flow information, and analysis time section flow;
Step 2: terminal up-downgoing data traffic is analyzed;
Step 3: the data traffic by intellectual analysis is checked and approved coupling with the white list data of communicating by letter;
Step 4: terminal data on flows bag correctness detects.
Described step 1 comprises the following steps:
Step 1-1: catch the data traffic information of terminal, the data traffic of all generations is recorded and added up;
Step 1-2: obtain data traffic information in the time period, the data traffic information that real time record produces, according to the data packet analysis of catching, obtain producing source port or the destination interface of data traffic, find the process ID that takies port by source port, finding the entry of this process by process ID;
Step 1-3: if this process entry producing in the time period do not detected, carry out self-built process entry, the length of packet is added in the flow field of entry.
Described step 2 comprises the following steps:
Step 2-1: set up data traffic detection model, add up uplink traffic and the downlink traffic of all processes;
Step 2-2: carry out the detection of process ID, process title, uplink traffic, downlink traffic, time period, packet keyword, characteristic function and malicious code by data traffic detection model;
Step 2-3: in decision data flow, whether uplink traffic and downlink traffic there are differences, if uplink traffic is greater than downlink traffic, carries out keyword filtration analysis by packet;
Step 2-4: the excessive packet of downlink traffic is carried out to the detection of characteristic function and malicious code;
Step 2-5: if there is characteristic function or malicious code in downlink traffic, there are abnormal flow data in surface, search corresponding program by process ID, self-built process entry is carried out the corresponding process in intellectual analysis coupling location with real-time traffic data record information.
In described step 3, according to wooden horse behavioral trait, build the white list of communicating by letter based on process title, sources traffic port, object IP address and destination interface association, obtaining after data traffic information, find corresponding process by data on flows, according to data packet analysis, search and produce flow process source port and extraneous object IP address and destination interface of communicating by letter, record also contrasts coupling with building the white list of communicating by letter, and takes a decision as to whether trojan horse program.
Terminal data on flows bag correctness detects and comprises that agreement correctness detects and protocol data packet length detects.
Described step 4 specifically comprises the following steps:
Step 4-1: set up agreement correctness detection model based on packet, agreement correctness detection model is contained the feature that field comprises port numbers, agreement, agreement, the data packet length threshold values information of agreement;
Step 4-2: identify corresponding agreement according to uplink traffic destination interface, according to protocol characteristic, packet content is verified;
Step 4-3: detect according to the maximum of uplink traffic protocol data packet length, exceed the maximum data packet length of certain agreement of setting, just belong to suspicious data bag, its transmission program just belongs to suspicious process, completes protocol data packet length and detects.
The present invention is by carrying out collection analysis to terminal data flow, adopt time period flow collection statistics, design is a kind of carries out analytical model based on terminal up-downgoing data traffic, record produces the process of flow program, building process communication data model detects, check and approve coupling by intellectual analysis data traffic with the known white list data of communicating by letter, finally carrying out the detection of terminal flow protocol correctness and protocol data packet length detects, whether the data on flows producing by various dimensions detection model decision procedure exists extremely, to mutation wooden horse, senior wooden horse or residual wooden horse depth detection, improve computer security, reduce rate of false alarm, improve wooden horse accurate positioning.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although the present invention is had been described in detail with reference to above-described embodiment, those of ordinary skill in the field are to be understood that: still can modify or be equal to replacement the specific embodiment of the present invention, and do not depart from any amendment of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of claim scope of the present invention.
Claims (6)
1. the Trojan detecting method based on terminal flow, is characterized in that: said method comprising the steps of:
Step 1: capture-data flow information, and analysis time section flow;
Step 2: terminal up-downgoing data traffic is analyzed;
Step 3: the data traffic by intellectual analysis is checked and approved coupling with the white list data of communicating by letter;
Step 4: terminal data on flows bag correctness detects.
2. the Trojan detecting method based on terminal flow according to claim 1, is characterized in that: described step 1 comprises the following steps:
Step 1-1: catch the data traffic information of terminal, the data traffic of all generations is recorded and added up;
Step 1-2: obtain data traffic information in the time period, the data traffic information that real time record produces, according to the data packet analysis of catching, obtain producing source port or the destination interface of data traffic, find the process ID that takies port by source port, finding the entry of this process by process ID;
Step 1-3: if this process entry producing in the time period do not detected, carry out self-built process entry, the length of packet is added in the flow field of entry.
3. the Trojan detecting method based on terminal flow according to claim 1, is characterized in that: described step 2 comprises the following steps:
Step 2-1: set up data traffic detection model, add up uplink traffic and the downlink traffic of all processes;
Step 2-2: carry out the detection of process ID, process title, uplink traffic, downlink traffic, time period, packet keyword, characteristic function and malicious code by data traffic detection model;
Step 2-3: in decision data flow, whether uplink traffic and downlink traffic there are differences, if uplink traffic is greater than downlink traffic, carries out keyword filtration analysis by packet;
Step 2-4: the excessive packet of downlink traffic is carried out to the detection of characteristic function and malicious code;
Step 2-5: if there is characteristic function or malicious code in downlink traffic, there are abnormal flow data in surface, search corresponding program by process ID, self-built process entry is carried out the corresponding process in intellectual analysis coupling location with real-time traffic data record information.
4. the Trojan detecting method based on terminal flow according to claim 1, it is characterized in that: in described step 3, according to wooden horse behavioral trait, build the white list of communicating by letter based on process title, sources traffic port, object IP address and destination interface association, obtaining after data traffic information, find corresponding process by data on flows, according to data packet analysis, search and produce flow process source port and extraneous object IP address and destination interface of communicating by letter, record also contrasts coupling with building the white list of communicating by letter, and takes a decision as to whether trojan horse program.
5. the Trojan detecting method based on terminal flow according to claim 1, is characterized in that: terminal data on flows bag correctness detects and comprises that agreement correctness detects and protocol data packet length detects.
6. the Trojan detecting method based on terminal flow according to claim 5, is characterized in that: described step 4 specifically comprises the following steps:
Step 4-1: set up agreement correctness detection model based on packet, agreement correctness detection model is contained the feature that field comprises port numbers, agreement, agreement, the data packet length threshold values information of agreement;
Step 4-2: identify corresponding agreement according to uplink traffic destination interface, according to protocol characteristic, packet content is verified;
Step 4-3: detect according to the maximum of uplink traffic protocol data packet length, exceed the maximum data packet length of certain agreement of setting, just belong to suspicious data bag, its transmission program just belongs to suspicious process, completes protocol data packet length and detects.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410169874.XA CN103957205A (en) | 2014-04-25 | 2014-04-25 | Trojan horse detection method based on terminal traffic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410169874.XA CN103957205A (en) | 2014-04-25 | 2014-04-25 | Trojan horse detection method based on terminal traffic |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103957205A true CN103957205A (en) | 2014-07-30 |
Family
ID=51334431
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410169874.XA Pending CN103957205A (en) | 2014-04-25 | 2014-04-25 | Trojan horse detection method based on terminal traffic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103957205A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104540161A (en) * | 2014-12-12 | 2015-04-22 | 大唐移动通信设备有限公司 | Node state detection method and device |
| CN105429973A (en) * | 2015-11-10 | 2016-03-23 | 浪潮(北京)电子信息产业有限公司 | Network card flow monitoring method and device |
| CN105488404A (en) * | 2014-12-23 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Method and system for preventing data from being stolen by backdoor |
| WO2016150313A1 (en) * | 2015-03-20 | 2016-09-29 | 阿里巴巴集团控股有限公司 | Method and apparatus for detecting suspicious process |
| CN105991587A (en) * | 2015-02-13 | 2016-10-05 | 中国移动通信集团山西有限公司 | Intrusion detection method and system |
| CN106506527A (en) * | 2016-12-05 | 2017-03-15 | 国云科技股份有限公司 | A kind of method of the defence connectionless flood attacks of UDP |
| CN107683597A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Network behavior data collection and analysis for abnormality detection |
| CN107733873A (en) * | 2017-09-19 | 2018-02-23 | 北京北信源软件股份有限公司 | A kind of viral early warning system and method |
| CN108337216A (en) * | 2017-03-31 | 2018-07-27 | 北京安天网络安全技术有限公司 | A kind of sextuple space traffic security analysis model generation method and system |
| CN108337217A (en) * | 2017-03-31 | 2018-07-27 | 北京安天网络安全技术有限公司 | Wooden horse based on sextuple space flow analysis model returns joint inspection examining system and method |
| CN111130952A (en) * | 2019-12-31 | 2020-05-08 | 南京煌和信息技术有限公司 | Integrated multi-client distributed network monitoring system through SDN network architecture |
| CN111865910A (en) * | 2020-06-09 | 2020-10-30 | 北京邮电大学 | Method for detecting and positioning application malicious code |
| WO2022252609A1 (en) * | 2021-05-31 | 2022-12-08 | 三六零科技集团有限公司 | Plug-in protection method and apparatus, and device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090158430A1 (en) * | 2005-10-21 | 2009-06-18 | Borders Kevin R | Method, system and computer program product for detecting at least one of security threats and undesirable computer files |
| CN101557327A (en) * | 2009-03-20 | 2009-10-14 | 扬州永信计算机有限公司 | Intrusion detection method based on support vector machine (SVM) |
| CN101567884A (en) * | 2009-05-26 | 2009-10-28 | 西北工业大学 | Method for detecting network theft Trojan |
| CN102750482A (en) * | 2012-06-20 | 2012-10-24 | 东南大学 | Detection method for repackage application in android market |
-
2014
- 2014-04-25 CN CN201410169874.XA patent/CN103957205A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090158430A1 (en) * | 2005-10-21 | 2009-06-18 | Borders Kevin R | Method, system and computer program product for detecting at least one of security threats and undesirable computer files |
| CN101557327A (en) * | 2009-03-20 | 2009-10-14 | 扬州永信计算机有限公司 | Intrusion detection method based on support vector machine (SVM) |
| CN101567884A (en) * | 2009-05-26 | 2009-10-28 | 西北工业大学 | Method for detecting network theft Trojan |
| CN102750482A (en) * | 2012-06-20 | 2012-10-24 | 东南大学 | Detection method for repackage application in android market |
Non-Patent Citations (1)
| Title |
|---|
| 彭国军,王泰格,邵玉如,刘梦冷: "基于网络流量特征的未知木马检测技术及其实现", 《信息网络安全》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104540161B (en) * | 2014-12-12 | 2018-01-26 | 大唐移动通信设备有限公司 | A kind of node state detection method and device |
| CN104540161A (en) * | 2014-12-12 | 2015-04-22 | 大唐移动通信设备有限公司 | Node state detection method and device |
| CN105488404B (en) * | 2014-12-23 | 2019-01-15 | 哈尔滨安天科技股份有限公司 | A kind of method and system for preventing data from being stolen by back door |
| CN105488404A (en) * | 2014-12-23 | 2016-04-13 | 哈尔滨安天科技股份有限公司 | Method and system for preventing data from being stolen by backdoor |
| CN105991587A (en) * | 2015-02-13 | 2016-10-05 | 中国移动通信集团山西有限公司 | Intrusion detection method and system |
| CN105991587B (en) * | 2015-02-13 | 2019-10-15 | 中国移动通信集团山西有限公司 | A kind of intrusion detection method and system |
| WO2016150313A1 (en) * | 2015-03-20 | 2016-09-29 | 阿里巴巴集团控股有限公司 | Method and apparatus for detecting suspicious process |
| CN107683597A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Network behavior data collection and analysis for abnormality detection |
| CN105429973A (en) * | 2015-11-10 | 2016-03-23 | 浪潮(北京)电子信息产业有限公司 | Network card flow monitoring method and device |
| CN106506527B (en) * | 2016-12-05 | 2019-06-21 | 国云科技股份有限公司 | A method of the defence connectionless flood attack of UDP |
| CN106506527A (en) * | 2016-12-05 | 2017-03-15 | 国云科技股份有限公司 | A kind of method of the defence connectionless flood attacks of UDP |
| CN108337217A (en) * | 2017-03-31 | 2018-07-27 | 北京安天网络安全技术有限公司 | Wooden horse based on sextuple space flow analysis model returns joint inspection examining system and method |
| CN108337216A (en) * | 2017-03-31 | 2018-07-27 | 北京安天网络安全技术有限公司 | A kind of sextuple space traffic security analysis model generation method and system |
| CN108337216B (en) * | 2017-03-31 | 2020-02-07 | 北京安天网络安全技术有限公司 | Six-dimensional space flow safety analysis model generation method and system |
| CN108337217B (en) * | 2017-03-31 | 2020-04-24 | 北京安天网络安全技术有限公司 | Trojan back-connection detection system and method based on six-dimensional space flow analysis model |
| CN107733873A (en) * | 2017-09-19 | 2018-02-23 | 北京北信源软件股份有限公司 | A kind of viral early warning system and method |
| CN111130952A (en) * | 2019-12-31 | 2020-05-08 | 南京煌和信息技术有限公司 | Integrated multi-client distributed network monitoring system through SDN network architecture |
| CN111865910A (en) * | 2020-06-09 | 2020-10-30 | 北京邮电大学 | Method for detecting and positioning application malicious code |
| WO2022252609A1 (en) * | 2021-05-31 | 2022-12-08 | 三六零科技集团有限公司 | Plug-in protection method and apparatus, and device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| CN104811447B (en) | One kind is based on the associated safety detection method of attack and system | |
| CN103428196B (en) | A kind of WEB application intrusion detection method based on URL white list | |
| CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
| CN105024976B (en) | A kind of advanced constant threat attack recognition method and device | |
| CN103607413B (en) | Method and device for detecting website backdoor program | |
| CN103428183B (en) | Method and device for identifying malicious website | |
| CN102467633A (en) | Method and system for safely browsing webpage | |
| CN104008332A (en) | Intrusion detection system based on Android platform | |
| JP6174520B2 (en) | Malignant communication pattern detection device, malignant communication pattern detection method, and malignant communication pattern detection program | |
| WO2021017318A1 (en) | Cross-site scripting attack protection method and apparatus, device and storage medium | |
| CN108183888A (en) | A kind of social engineering Network Intrusion path detection method based on random forests algorithm | |
| CN105260662A (en) | Detection device and method of unknown application bug threat | |
| CN110392013A (en) | A kind of Malware recognition methods, system and electronic equipment based on net flow assorted | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| CN106549980A (en) | A kind of malice C&C server determines method and device | |
| CN108989294A (en) | A kind of method and system for the malicious user accurately identifying website visiting | |
| CN106357637A (en) | Active defense system in allusion to smart energy terminal data | |
| CN107426159A (en) | APT based on big data analysis monitors defence method | |
| CN103955644B (en) | A kind of static Trojan detecting method based on terminal self-starting | |
| KR101535529B1 (en) | Method for collecting the suspicious file and trace information to analysis the ATP attack | |
| Wang et al. | TextDroid: Semantics-based detection of mobile malware using network flows | |
| Vast et al. | Artificial intelligence based security orchestration, automation and response system | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| CN104978523A (en) | Malicious sample capture method and system based on network hot word recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160425 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute |
|
| CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140730 |
|
| RJ01 | Rejection of invention patent application after publication |