CN108268772B - Method and system for screening malicious samples - Google Patents
Method and system for screening malicious samples Download PDFInfo
- Publication number
- CN108268772B CN108268772B CN201611256407.6A CN201611256407A CN108268772B CN 108268772 B CN108268772 B CN 108268772B CN 201611256407 A CN201611256407 A CN 201611256407A CN 108268772 B CN108268772 B CN 108268772B
- Authority
- CN
- China
- Prior art keywords
- malicious
- similarity
- sample
- screening
- samples
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Abstract
The invention provides a method for screening a malicious sample, which comprises the following steps: and (3) similarity calculation: performing feature extraction on malicious samples in a known malicious sample set, and calculating the similarity between every two malicious samples; calculating a structural hole: calculating structural holes of the malicious samples according to the similarity; screening: and selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement. According to the invention, the thought of the structural hole is introduced into the technical field of malicious code analysis, so that a plurality of malicious samples can be effectively subjected to sample screening, and the efficiency of analyzing the malicious samples is improved.
Description
Technical Field
The invention relates to the technical field of mobile terminal malicious code analysis, in particular to a method and a system for screening a malicious sample.
Background
Professor of robington barton, a human university of oxford, proposed that the human brain could accommodate a stable social network of about 150 people, and once the circle of people exceeds this value, it was difficult to maintain a consolidated social relationship, an upper limit known as the magic spell of toboggan.
Through analysis, the malicious code parts of the mobile terminal have high aggregability, namely, after the highly aggregated samples are subjected to 'de-duplication', the number of the malicious codes of the mobile terminal generated by a single organization or a single individual is limited.
It can be seen that, from the perspective of human brain structures and malicious code manufacturers, the functions and the construction of the malicious code of the mobile terminal are resource-scarce, and the repeated or redundant malicious code not only consumes the strength of security analysis detection, but also enables people to know the trend of the overall malicious code and greatly reduce the scale. When the manufacturing samples of an attacker are all duplicate networks, the information obtained by the attacker is homogeneous, everyone knows the information, and other people in the network know the information, so that people find the same opportunity at the same time, and the whole network is low in efficiency.
In addition, because the number of malicious codes is huge, a representative malicious sample tends to be researched intensively in the threat situation field, and therefore, how to screen out the important malicious sample is a focus of attention.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the method and the system for screening the malicious samples can improve the efficiency of screening the malicious samples.
The technical scheme adopted by the invention for solving the technical problems is as follows: a screening method of a malicious sample comprises the following steps:
and (3) similarity calculation: performing feature extraction on malicious samples in a known malicious sample set, and calculating the similarity between every two malicious samples;
calculating a structural hole: calculating structural holes of the malicious samples according to the similarity;
screening: and selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement.
According to the method, the screening comprises the following steps: when a certain malicious sample needs to be traced, and the path of the malicious sample cannot be known, the malicious sample with the smallest structural hole with the malicious sample is inquired as a homologous malicious sample, and the homologous malicious sample is traced.
According to the method, the screening comprises the following steps: and setting a structural hole threshold, and only analyzing and judging the malicious samples with structural holes larger than a preset maximum threshold.
According to the method, the analysis and screening further comprises the following steps: when a new malicious sample appears, respectively carrying out structure hole calculation on each new malicious sample; if the structure hole is larger than the new malicious sample with the preset structure hole threshold value, only the new malicious sample with the structure hole larger than the preset maximum threshold value is analyzed and judged.
According to the method, the specific method for calculating the structural hole is as follows: let i, j, q all be the malicious samples in the sample set,
definition PiqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqPhases of i and qSimilarity; dijSimilarity of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j and q, djmIs the similarity of j to m,represents the maximum of all the similarities of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
a screening system of malicious samples comprises a similarity calculation module, a structure hole calculation module and a screening module, wherein:
the similarity calculation module is used for extracting the characteristics of malicious samples in a known malicious sample set and calculating the similarity between every two malicious samples;
the structure hole calculation module is used for calculating the structure holes of the malicious samples according to the similarity;
and the screening module is used for selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement.
According to the system, the screening module comprises a source tracing screening module, and the source tracing screening module is used for querying a malicious sample with the smallest structural hole with the malicious sample as a homologous malicious sample when a certain malicious sample needs to be traced, and the path of the malicious sample cannot be known, and tracing the homologous malicious sample.
According to the system, the screening module comprises an analysis screening module which is used for setting a structural hole threshold value and only analyzing and judging the malicious samples with structural holes larger than a preset maximum threshold value.
According to the system, the analysis screening module is also used for respectively calculating the structural hole of each new malicious sample when the new malicious sample appears; if the structure hole is larger than the new malicious sample with the preset structure hole threshold value, only the new malicious sample with the structure hole larger than the preset maximum threshold value is analyzed and judged.
According to the system, the structural hole calculation module is used for calculating according to the following formula: let i, j, q all be the malicious samples in the sample set,
definition PiqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqSimilarity of i and q; dijSimilarity of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j and q, djmIs the similarity of j to m,represents the maximum of all the similarities of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
the invention has the beneficial effects that:
1. the thought of the structural hole is introduced into the technical field of malicious code analysis, the relationship between malicious samples is further deeply depicted, the samples can be effectively screened for numerous malicious samples, and the efficiency of screening the malicious samples is improved.
2. Aiming at different actual requirements, selecting malicious samples corresponding to structural holes with different sizes, and selecting the malicious samples with the structural holes larger than the structural hole threshold value when analyzing and judging the malicious samples; when the malicious sample needs to be subjected to route-opening tracing, for the condition that the tracing capability of a certain malicious sample is insufficient, the route-opening is performed by using other related samples, and the purpose of tracing is finally achieved.
Drawings
FIG. 1 is a schematic diagram of structure hole calculation according to an embodiment of the present invention.
FIG. 2 is a flowchart of a method according to an embodiment of the present invention.
FIG. 3 is a system block diagram of an embodiment of the present invention.
Fig. 4 is a schematic diagram of the structure of an embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following specific examples and figures.
The invention provides a screening method of a malicious sample, as shown in fig. 2, the method comprises the following steps:
s01, similarity calculation: and (4) carrying out feature extraction on malicious samples in a known sample set, and calculating the similarity between every two malicious samples.
The method for calculating the similarity of the samples comprises cosine similarity, Euclidean distance, Manhattan distance and the like. Of course, the chinese patent application CN105975852A can also be referred to, and the similarity is calculated according to the requirement and the multi-dimensional extraction features of each index.
S02, structural hole calculation: and calculating the structural holes of the malicious samples according to the similarity.
The invention relates to the field of malicious sample analysis by introducing the concept of structural holes.
Structural hole: a non-duplicate relationship between two relationship samples in a network. Non-repetitive relational samples are related by a structural hole.
The structural holes have the following meanings: 1) the more structural holes of a sample, the more sparse the network structure of similar samples of the sample; 2) the larger the structural hole is, the larger the network scale formed by the indirect samples is; 3) the heterogeneity level of the obtained information of a sample is measured by the size of the structural hole of the sample, and the larger the structural hole is, the higher the heterogeneity level is; 4) the sample with large structural holes has higher utilization efficiency and more effective analysis and traceability than the sample network with small structural holes.
Assuming that for a certain mobile malicious sample i, there are n similar samples at the time scale t, and there are m sides in total between these n +1 samples (defined as set U), it is now necessary to evaluate the sample network centered on i (defined as set E,) Redundancy or efficiency case. The edge is the similarity and is a numerical value between 0 and 1.
As shown in FIG. 1, to measure the redundancy centered at i, the redundancy of the edges of i-j and other relational samples is defined. The path for i to get information through j becomes redundant in the following cases: a) i pay more time and effort on another relationship sample q; b) j and q are strongly correlated.
Definition of piqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqSimilarity of i to q; dijIs the similarity of i to j.
Defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j to q, djmIs the similarity of j to m and,represents the maximum of all the similarities of j.
By bringing all similar samples into the accumulation, the redundant relationship of i to j can be measured as the ratio of i to the sum of all other primary relationships:
subtracting the redundancy ratio by 1 is the non-redundancy ratio in the relationship. The sum of all non-redundant relationships of i is the magnitude of the non-redundant relationship sample of i, or the effective scale of the network with i as the center, namely the structural hole of i:
it can be understood that, in the specific calculation, the structural hole calculation may be performed according to the attribute of the sample itself (e.g., the sample class name, the method name, etc.), or the index construction may be performed according to the remaining information of the malicious sample (e.g., the source, the user, etc.), and then the structural hole calculation is performed.
The structural hole described above is constructed assuming 4 malicious samples A, B, C, D (which may be tens of thousands in practice, just for illustration).
1. Extracting class names and method names of the malicious samples, comparing similarity in pairs, and calculating the similarity as follows:
1) assuming that the number of the coincident class name method names of the two samples is 20, and the data of the whole class name method name related to the two samples is 40, the similarity of the two samples is 20/40-0.5.
2) If 4 samples need to calculate similarity for 6 times, the structure diagram is shown in fig. 4:
2. calculating structural holes, e.g. structural hole A
1)PAB=0.6/(0.6+0.7+0.4)=0.353
PAC=0.4/(0.6+0.7+0.4)=0.235
PAD=0.7/(0.6+0.7+0.4)=0.412
2)MDB=0.8/0.9=0.889
MDA=0.7/0.9=0.778
MDC=0.9/0.9=1
3) When j is equal to D
Structural hole Scale of A and DAD=1-0.353*0.889-0.412*0.778-0.235*1=0.130
And so on, when j ═ B and C calculate similarly
Structural hole Scale of AA=ScaleAD+ScaleAB+ScaleAC
S03, screening: and selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement.
The screening comprises tracing screening S301: when a certain malicious sample needs to be traced, and the path of the malicious sample cannot be known, the malicious sample with the smallest structural hole with the malicious sample is inquired as a homologous malicious sample, and the homologous malicious sample is traced.
The screening comprises analytical screening S302: and setting a structural hole threshold, and only analyzing and judging the malicious samples with structural holes larger than a preset maximum threshold. The analytical screening also includes: when a new malicious sample appears, respectively carrying out structure hole calculation on each new malicious sample; if the new malicious samples with the structural holes larger than the preset structural hole threshold value exist, only the new malicious samples with the structural holes larger than the preset maximum threshold value are analyzed, researched and judged. The method can be well applied to the fields of threat information and the like, and can quickly, efficiently and accurately screen out the malicious samples needing important analysis and judgment under the condition of a lot of malicious samples.
According to the method, the structural holes of the known malicious samples are constructed by calculating the similarity between every two malicious samples in the sample set, and the new malicious samples can be screened according to the size of the structural holes and actual requirements. The method applies the structural hole to the malicious sample relational network to evaluate the quality and the condition of the malicious sample in the whole network so as to extract the key malicious sample, can be widely applied to the fields of backtracking of the malicious sample, screening of key samples in the threat information field and the like, and has the characteristics of convenience in realization, high screening efficiency and high accuracy of screening results.
In other embodiments, a system for screening malicious samples is shown in fig. 3, and includes: similarity calculation module 01, structure hole calculation module 02, screening module 03, wherein:
and the similarity calculation module 01 is used for performing feature extraction on malicious samples in a known malicious sample set and calculating the similarity between every two malicious samples in the sample set.
And the structure hole calculation module 02 is used for calculating the structure holes of the malicious samples according to the similarity.
And the screening module 03 is used for selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement.
The screening module comprises a source tracing screening module 301, which is used for querying a malicious sample with the smallest structural hole as a homologous malicious sample to trace the source of the homologous malicious sample when a certain malicious sample needs to be traced and the path of the malicious sample cannot be known.
The screening module comprises an analysis screening module 302, which is used for setting a structural hole threshold value and only analyzing and judging the malicious samples with structural holes larger than a preset maximum threshold value. The analysis screening module is also used for respectively calculating the structural hole of each new malicious sample when the new malicious sample appears; if a new malicious sample with a structural hole larger than a preset structural hole threshold value exists, only the new malicious sample with the structural hole larger than a preset maximum threshold value is analyzed and judged; otherwise, analyzing and judging all new malicious samples.
The structural hole calculation module 02 is used for calculating according to the following formula: let i, j, q all be the malicious samples in the sample set,
definition PiqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqSimilarity of i and q; dijSimilarity of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j and q, djmIs the similarity of j to m,represents the maximum of all the similarities of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
in other embodiments, before calculating the structural hole, a correlation coefficient calculation may be added: setting a similarity threshold, wherein when the similarity is greater than or equal to the similarity threshold, the correlation coefficient between the two malicious samples is 1; otherwise, the correlation coefficient between the two malicious samples is 0. Then, the correlation coefficient is used for replacing the similarity to carry out specific calculation of the structural hole, namely:
definition PiqThe correlation coefficients from i to q account for the sum of all correlation coefficients i, i.e.:
in the formula, biqThe correlation coefficient of i and q; bijThe correlation coefficient of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the correlation coefficient of j and q, djmIs the correlation coefficient of j with m,represents the maximum of all correlation coefficients of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
in the above, the relation number may be understood as a special case where the similarity is only 0 or 1. By adopting the system, when the external tracing product is used, only malicious samples need to be input, and tracing analysis is carried out according to the largest malicious samples close to the structural hole. When threat intelligence data is found, structural hole homology discovery is adopted for solving the problem of insufficient coverage of a single malicious sample, and the same attacker and the same attack mode are supplemented for the malicious sample. The tracing and analysis are only 2 scenes applied to the structural holes, and the malicious samples can form a non-redundant network by using the structural holes, so that the malicious samples can be screened according to the structural holes during various analysis processes, and the analysis efficiency is improved.
The above embodiments are only used for illustrating the design idea and features of the present invention, and the purpose of the present invention is to enable those skilled in the art to understand the content of the present invention and implement the present invention accordingly, and the protection scope of the present invention is not limited to the above embodiments. Therefore, all equivalent changes and modifications made in accordance with the principles and concepts disclosed herein are intended to be included within the scope of the present invention.
Claims (8)
1. A screening method of a malicious sample is characterized in that: the method comprises the following steps:
and (3) similarity calculation: performing feature extraction on malicious samples in a known malicious sample set, and calculating the similarity between every two malicious samples;
calculating a structural hole: calculating structural holes of the malicious samples according to the similarity;
screening: selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement;
the specific method for calculating the structural hole is as follows: let i, j, q all be the malicious samples in the sample set,
definition PiqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqSimilarity of i and q; dijSimilarity of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j and q, djmIs the similarity of j to m,represents the maximum of all the similarities of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
2. the screening method of a malicious sample according to claim 1, wherein: the screening comprises source tracing screening: when a certain malicious sample needs to be traced, and the path of the malicious sample cannot be known, the malicious sample with the smallest structural hole with the malicious sample is inquired as a homologous malicious sample, and the homologous malicious sample is traced.
3. The method for screening a malicious sample according to claim 1 or 2, wherein: the screening comprises the following steps: and setting a structural hole threshold value, and only analyzing and judging the malicious samples with structural holes larger than the preset structural hole threshold value.
4. The screening method of a malicious sample according to claim 3, wherein: the analysis screening further comprises: when a new malicious sample appears, respectively carrying out structure hole calculation on each new malicious sample; if the new malicious samples with the structural holes larger than the preset structural hole threshold value exist, only the new malicious samples with the structural holes larger than the preset structural hole threshold value are analyzed and judged.
5. A system for screening a malicious sample, comprising: including similarity calculation module, structure hole calculation module, screening module, wherein:
the similarity calculation module is used for extracting the characteristics of malicious samples in a known malicious sample set and calculating the similarity between every two malicious samples;
the structure hole calculation module is used for calculating the structure holes of the malicious samples according to the similarity;
the screening module is used for selecting a malicious sample meeting the requirement according to the size of the structural hole and the actual requirement;
the structural hole calculation module is used for calculating according to the following formula: let i, j, q all be the malicious samples in the sample set,
definition PiqThe ratio of the similarity from i to q to the sum of all the similarities of i is:
in the formula (d)iqSimilarity of i and q; dijSimilarity of i and j;
defining marginal strengths m of j to qjqComprises the following steps:
in the formula (d)jqIs the similarity of j and q, djmIs the similarity of j to m,represents the maximum of all the similarities of j;
then, the structural hole Scale of the malicious sample iiComprises the following steps:
6. the system for screening a malicious sample according to claim 5, wherein: the screening module comprises a source tracing screening module, and is used for querying a malicious sample with the smallest structure hole as a homologous malicious sample to trace the source of the homologous malicious sample when a certain malicious sample needs to be traced, and the path of the malicious sample cannot be known.
7. The system for screening a malicious sample according to claim 5 or 6, wherein: the screening module comprises an analysis screening module which is used for setting a structural hole threshold value and only analyzing and judging the malicious samples of which the structural hole is larger than the preset structural hole threshold value.
8. The system for screening a malicious sample according to claim 7, wherein: the analysis screening module is also used for respectively calculating the structural hole of each new malicious sample when the new malicious sample appears; if the new malicious samples with the structural holes larger than the preset structural hole threshold value exist, only the new malicious samples with the structural holes larger than the preset structural hole threshold value are analyzed and judged.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611256407.6A CN108268772B (en) | 2016-12-30 | 2016-12-30 | Method and system for screening malicious samples |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611256407.6A CN108268772B (en) | 2016-12-30 | 2016-12-30 | Method and system for screening malicious samples |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108268772A CN108268772A (en) | 2018-07-10 |
CN108268772B true CN108268772B (en) | 2021-10-22 |
Family
ID=62754367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611256407.6A Active CN108268772B (en) | 2016-12-30 | 2016-12-30 | Method and system for screening malicious samples |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108268772B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116992449B (en) * | 2023-09-27 | 2024-01-23 | 北京安天网络安全技术有限公司 | Method and device for determining similar sample files, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013114637A (en) * | 2011-12-01 | 2013-06-10 | Mitsubishi Electric Corp | Malware analyzing system |
CN105488408A (en) * | 2014-12-31 | 2016-04-13 | 中国信息安全认证中心 | Identification method and system of malicious sample type on the basis of characteristics |
CN105975852A (en) * | 2015-12-31 | 2016-09-28 | 武汉安天信息技术有限责任公司 | Method and system for detecting sample relevance based on label propagation |
CN105989287A (en) * | 2015-12-30 | 2016-10-05 | 武汉安天信息技术有限责任公司 | Method and system for judging homology of massive malicious samples |
-
2016
- 2016-12-30 CN CN201611256407.6A patent/CN108268772B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013114637A (en) * | 2011-12-01 | 2013-06-10 | Mitsubishi Electric Corp | Malware analyzing system |
CN105488408A (en) * | 2014-12-31 | 2016-04-13 | 中国信息安全认证中心 | Identification method and system of malicious sample type on the basis of characteristics |
CN105989287A (en) * | 2015-12-30 | 2016-10-05 | 武汉安天信息技术有限责任公司 | Method and system for judging homology of massive malicious samples |
CN105975852A (en) * | 2015-12-31 | 2016-09-28 | 武汉安天信息技术有限责任公司 | Method and system for detecting sample relevance based on label propagation |
Also Published As
Publication number | Publication date |
---|---|
CN108268772A (en) | 2018-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yu et al. | PBCNN: packet bytes-based convolutional neural network for network intrusion detection | |
US10324977B2 (en) | Searching method and apparatus | |
US9705761B2 (en) | Opinion information display system and method | |
CN110443378A (en) | Feature correlation analysis method, device and readable storage medium storing program for executing in federation's study | |
CN106713290B (en) | Method for identifying main user account and server | |
CN105550583A (en) | Random forest classification method based detection method for malicious application in Android platform | |
CN105550253B (en) | Method and device for acquiring type relationship | |
CA3152848A1 (en) | User identifying method and device, and computer equipment | |
CN107368592B (en) | Text feature model modeling method and device for network security report | |
CN113221032A (en) | Link risk detection method, device and storage medium | |
CN112148305A (en) | Application detection method and device, computer equipment and readable storage medium | |
CN111400448A (en) | Method and device for analyzing incidence relation of objects | |
CN111553241A (en) | Method, device and equipment for rejecting mismatching points of palm print and storage medium | |
CN115174250A (en) | Network asset safety assessment method and device, electronic equipment and storage medium | |
CN108268772B (en) | Method and system for screening malicious samples | |
US20160292258A1 (en) | Method and apparatus for filtering out low-frequency click, computer program, and computer readable medium | |
CN112613576B (en) | Method, device, electronic equipment and storage medium for determining alarm | |
CN110580304A (en) | Data fusion method and device, computer equipment and computer storage medium | |
CN114386511A (en) | Malicious software family classification method based on multi-dimensional feature fusion and model integration | |
Vogt | Quantifying landscape fragmentation | |
Zhou et al. | An adaptive minimum spanning tree test for detecting irregularly-shaped spatial clusters | |
CN106326746B (en) | A kind of rogue program behavioural characteristic base construction method and device | |
CN115589339B (en) | Network attack type identification method, device, equipment and storage medium | |
CN112732693A (en) | Intelligent internet of things data acquisition method, device, equipment and storage medium | |
CN115632874A (en) | Method, device, equipment and storage medium for detecting threat of entity object |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |