CN108471428B - DDoS attack active defense technology and equipment applied to CDN system - Google Patents
DDoS attack active defense technology and equipment applied to CDN system Download PDFInfo
- Publication number
- CN108471428B CN108471428B CN201810679868.7A CN201810679868A CN108471428B CN 108471428 B CN108471428 B CN 108471428B CN 201810679868 A CN201810679868 A CN 201810679868A CN 108471428 B CN108471428 B CN 108471428B
- Authority
- CN
- China
- Prior art keywords
- attack
- network
- nodes
- defense
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention relates to the technical field of system defense, in particular to a DDoS attack active defense technology and equipment applied to a CDN system. The invention divides the network into different areas, thus improving the pertinence of attack resistance; an active defense technology is provided, and the initiative of resisting DDoS attack is improved by depending on an active notification mechanism of the security state among nodes. The method has a very good prevention effect on DDoS attack aiming at the CDN system and has very strong creativity.
Description
Technical Field
The invention relates to the technical field of system defense, in particular to DDoS attack active defense technology and equipment applied to a CDN system.
Background
Distributed denial of service attacks (DDoS attacks) refer to the launch of DDoS attacks on one or more targets by combining multiple computers as an attack platform with the help of client/server technology, thereby exponentially increasing the power of denial of service attacks. Typically, an attacker installs a DDoS master on a computer using a stolen account number, and at a set time the master will communicate with a number of agents that have been installed on many computers on the network. The agent, upon receiving the instruction, launches an attack. With client/server technology, the host can activate hundreds or thousands of runs of agents in a few seconds.
At present, various defense technologies and related equipment exist for DDoS attack, and a certain defense and cleaning effect can be achieved for DDoS attack. The prevention technologies have a common characteristic that the network is treated as a whole, and the region attribute of the whole network is not organically subdivided, so that certain influence is caused on the performance influence and the prevention effect of the DDoS equipment. The CDN system serves as a distributed server cluster, and is composed of a plurality of node clusters, which form individual network regions. The invention provides a new defense mechanism for a CDN system, under the mechanism, each node in a network is detected, the whole network is divided into three areas of trust (safety), distrust, attack and the like, and then a defense packet is utilized to carry defense codes and repair security loopholes. The method has the advantages that the network is divided into different areas, so that the pertinence of attack resistance is improved; and secondly, an active defense technology is provided, and the initiative of resisting DDoS attack is improved by depending on an active report mechanism of the security state among all nodes. The method has a very good prevention effect on DDoS attack aiming at the CDN system.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses a DDoS attack active defense technology and equipment applied to a CDN system.
The invention is realized by the following technical scheme:
the utility model provides a DDoS attacks initiative defense technique and equipment for in CDN system which characterized in that: the active defense network module comprises an analysis module, a defense attack module and an area module, wherein the active defense network module comprises an active defense network module, an active defense mechanism and detection of unknown attacks, a network management node issues a specific defense packet to all sub-network nodes, each node checks whether the node is attacked or transmits the attack packet according to the attribute of a specific attack record after receiving a defense code, each node in the sub-network domain receives the defense packet after the network management node issues the detection packet of the unknown attacks, and whether the network node is attacked or not and whether the attack packet is transmitted or not are sequentially confirmed.
Preferably, the analysis module has a function of traffic collection and protocol analysis, and first collects traffic statistics of network nodes and application program usage conditions, and continuously monitors the usage degree of system resources, and the analysis module can also communicate with a network management center to receive specific patch packages issued by the network management center, and the patch packages record DDoS attack characteristics, namely an attack feature library. When the suspected attack phenomenon occurs, the analysis module analyzes the suspected attack flow according to the content of the patch packet, and judges and filters out possible attack packets according to the attributes recorded by the attack.
Preferably, the attribute includes information such as:
(1) a network address;
(2) the sub-network domain to which the attack packet belongs;
(3) the network protocol used;
(4) a standard value for the same packet received per unit time and a standard value for the same traffic received per unit time.
Preferably, the defending attack module, while executing blocking attack, must check whether the network node is invaded by a malicious attacker and transplant a trojan horse program, and after blocking attack, must send a packet to record the detected attack attribute and send an alarm to the previous network node, which is the source of the attack packet, and includes the following functions:
(1) processing the information sent by the analysis module, filtering the data packet of the specific network address, and closing the specific domain or service;
(2) and limiting the flow of the source causing network congestion, and ensuring the safety of the defense node.
Preferably, the function of the region module is as follows:
(1) the module defines the regions as a trust region, an untrusted region and an attack region, and is responsible for recording the security condition of each node in a sub-network region where the defense network is located, namely judging whether the node is in a security region or an attack region;
(2) receiving regional security information sent by other nodes;
(3) the region module maintains a list, and the content comprises a trust region, an untrusted region and network nodes contained in an attack region;
(4) the area module sends the security status of the point to other network nodes at regular time. If the security condition of some network nodes is not received within a period of time, directly adding the nodes into the attack area until the point responds to the security condition, and taking a sub-network domain as an execution unit.
Preferably, the active defense mechanism runs as follows:
firstly, checking whether the point is attacked or not or forwarding an attack packet:
(1) if not, the point sends a packet to all nodes to record that the point is in a safe state, and other nodes are requested to add the point into the safe region;
(2) if so, the node further checks the services needed to defend the attack;
secondly, detecting whether the attack can be stopped:
(1) if the attack event can be stopped, the node sends out a packet to all nodes to record that the node is in a safe state, other nodes are requested to add the node into a trust area, and the source router of the attack packet is informed of needing antivirus;
(2) if the attack event can not be stopped, the node sends out a packet to all nodes to inform that the node is in an attacked state, and other nodes are requested to join the node into an attack area; if the point has no capability of sending the packet, all the nodes add the point into the attack area after a certain waiting time.
Preferably, the system further comprises a hardware device, wherein the hardware device comprises an analysis module, a defense attack module, a region module, a communication interface sub-module and a communication bus.
Preferably, the analysis module performs protocol analysis on traffic and finishes protocol implementation of the traffic, the defense filters a specific network address data packet and limits attack traffic, the area module divides an area of the whole network and records a security state of a network node, the communication interface sub-module is responsible for performing data communication among the modules through an interface, the communication bus completes communication among the analysis module, the defense attack module and the area module, and the equipment communicates with a network management center through a communication bus and downloads a specific patch packet.
The invention has the beneficial effects that:
the network is divided into different areas, so that the pertinence of attack resistance is improved; an active defense technology is provided, and the initiative of resisting DDoS attack is improved by depending on an active notification mechanism of the security state among nodes. The mode has a very good precaution effect on DDoS attack of the CDN system, and the active defense technology provided by the invention releases specific defense packages to each node through the network management node, receives the health state feedback of each node and grasps the health state of each node in real time. The specific network address data packet is filtered through the defense attack module, and the attack flow is limited, so that the safety of each node is effectively guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of the network area division principle of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The mechanism related by the invention comprises an active defense network module, an active defense mechanism operation flow and a detection flow of unknown attacks:
active defense network module
1. The analysis module has the functions of traffic collection and protocol analysis, collects traffic statistics of network nodes and application program use conditions at first, and continuously monitors the use degree of system resources. The analysis module can also communicate with the network management center to receive specific patch packages issued by the network management center, and the patch packages record the characteristics of DDoS attack, namely an attack characteristic library. When the suspected attack phenomenon occurs, the analysis module analyzes the suspected attack flow according to the content of the patch packet, and judges and filters out possible attack packets according to the attributes recorded by the attack. Wherein, the attribute comprises the following information:
(1) a network address (IPv4 or IPv 6);
(2) the sub-network domain to which the attack packet belongs;
(3) the network protocol used;
(4) a standard value for the same packet received per unit time, a standard value for the same traffic received per unit time, and the like.
2. And a defense attack module. The module mainly has the following functions:
(1) processing the information sent by the analysis module, filtering the data packet of the specific network address, and closing the specific domain or service;
(2) and limiting the flow of the source causing network congestion, and ensuring the safety of the defense node.
The defending attack executes the blocking attack, and simultaneously, whether the network node is invaded by a malicious attacker or not must be checked, and the trojan horse program is transplanted. In addition, after blocking the attack, a packet is sent to record the detected attack attribute and to warn the source (previous network node) of the attack packet.
3. And (5) a region module. The area module mainly has the following functions:
(1) as shown in fig. 1, the module defines the regions as a trusted region (a secure region), an untrusted region, and an attack region, and is responsible for recording the security status of each node in the subnet where the defense network is located, that is, determining that the node is in the secure region or the attack region.
(2) And receiving the regional security information sent by other nodes.
(3) The region module will maintain a list of network nodes that include trusted regions, untrusted regions, and attack regions.
(4) In addition, the zone module sends the security status of the point to other network nodes at regular time as shown in fig. 1. If the security condition of some network nodes is not received within a period of time, directly adding the nodes into the attack area until the point responds to the security condition, and taking a sub-network domain as an execution unit.
Each sub-network domain is executed in advance by the network management node and confirms the effectiveness of the defense package, and a standby network management node is established in advance to prevent the original network management node from being poisoned and being incapable of releasing the active package; the standby network management node will be placed on the border router that borders the subnet domain. The network management node firstly issues a specific attack defense package to nodes of all sub-network domains, when each network node receives the defense package, the situation that an adjacent node which has a package transfer behavior with the network node is not detected is firstly confirmed, and then detection work is carried out to obtain different defense methods for different types of attacks.
For example, ICMP flood attack can establish how many request/echo packets are to the highest value of a fixed starting point or end point in a period of time, and an attack is determined if the highest value is exceeded; however, the TCP flood attack can be determined to be an attack by determining the SYN packet, for example, if there are too many SYN packets to the same server for a certain period of time, or if there are too many SYN + ACK packets to respond to the server for a certain period of time. These different attacks may all use different defense mechanisms to launch the attack analysis module.
Secondly, an active defense mechanism operation process:
the network management node issues a specific defense packet (feature library) to all the sub-network nodes, and after each node receives the defense code, the node checks whether the node is attacked or transmits the attack packet according to the attribute of the specific attack record.
1. If not, the point sends a packet to all nodes to record that the point is in a safe state, and other nodes are requested to add the point into the safe region;
2. the node further checks the services, if any, that need to be used to defend against the attack.
Next, whether the attack can be stopped is detected:
1. if the attack event can be stopped, the node sends out a packet to all nodes to record that the node is in a safe state, other nodes are requested to add the node into a trust area, and the source router of the attack packet is informed of needing antivirus;
2. if the attack event can not be stopped, the node sends out a packet to all nodes to inform that the node is in an attacked state, and other nodes are requested to join the node into an attack area; if the point has no capability of sending the packet, all the nodes add the point into the attack area after a certain waiting time.
Thirdly, the flow of detecting the unknown attack is that after the network management node issues the detection packet of the unknown attack, each node in the subnet domain starts to receive the defense packet and sequentially confirms whether the network node is attacked or not and whether the attack packet is transferred or not.
Firstly, each node confirms the system resource of the node and sets the threshold value of the system resource, when the CPU utilization rate of the network node exceeds 80 percent and 80 percent of the CPU utilization is continuously processing the network packets with the same attribute for five minutes, the node is determined to be attacked, and the network packets with the most CPU time are suspended in sequence until the CPU utilization rate does not exceed the threshold value.
And then detecting nodes through which the network packet using the CPU most time passes, and further sending a defense packet to a user of an upstream router for tracing the source. If the network packets can not be stopped, the packets are sent out to all the nodes to indicate that the network node is an attack area, otherwise, the network node is added into a safe area.
The invention also discloses a hardware device, which mainly comprises the following subsystem functional modules:
1. an analysis module: and carrying out protocol analysis on the flow and finishing the protocol implementation of the flow.
2. A defense attack module: filtering the data packet with specific network address and limiting the attack flow.
3. A region module: and dividing the area of the whole network and recording the safety state of the network nodes.
4. The communication interface sub-module: and the data communication among the modules is carried out through the interface.
Communication bus: the analysis module, the defense attack module and the area module complete mutual communication through a communication bus. Meanwhile, the equipment communicates with a network management center through a communication bus to download the specific patch package.
The network is divided into different areas, so that the pertinence of attack resistance is improved; an active defense technology is provided, and the initiative of resisting DDoS attack is improved by depending on an active notification mechanism of the security state among nodes. The method has a very good prevention effect on DDoS attack aiming at the CDN system.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (4)
1. A DDoS attack active defense method applied in a CDN system is characterized in that a defense system comprises an active defense network module, an active defense mechanism and detection of unknown attack, wherein the active defense network module comprises an analysis module, a defense attack module and a region module, the active defense mechanism issues specific defense packets to all sub-network nodes by network management nodes, each node checks whether the node is attacked or transfers the attack packet according to the attribute of a specific attack record after receiving a defense code carried by the defense packet, each node in the sub-network domain starts to receive the defense packet after the network management nodes issue the detection packet of the unknown attack, and sequentially confirms whether the network node is attacked or not and whether the attack packet is transferred or not; the analysis module has the functions of flow collection and protocol analysis, firstly collects flow statistics of network nodes and the use condition of an application program, continuously monitors the use degree of system resources, can also communicate with a network management center, receives specific patch packages issued by the network management center, and records the characteristics of DDoS attack, namely an attack feature library, when a suspected attack phenomenon occurs, the analysis module analyzes the suspected attack flow according to the content of the patch packages, and judges and filters out possible attack packages according to the recorded attributes of the attack; the information included in the attributes is:
(1) a network address;
(2) the sub-network domain to which the attack packet belongs;
(3) the network protocol used;
(4) a standard value of the same packet received in unit time and a standard value for the same traffic received in unit time;
the defending attack module executes and blocks the attack, at the same time, must check whether the network node is invaded by the malicious attacker and transplant the Trojan horse program, after blocking the attack, must send a packet to record the attack attribute detected, send out the warning to the source of the attack packet, namely the previous network node, it includes the following function:
(1) processing the information sent by the analysis module, filtering the data packet of the specific network address, and closing the specific domain or service;
(2) limiting the flow of a source causing network congestion, and ensuring the safety of the network node;
the area module functions as follows:
(1) the module defines the regions as a trust region, an untrusted region and an attack region, and is responsible for recording the security condition of each node in a sub-network region where the defense network is located, namely judging whether the node is in a security region or an attack region;
(2) receiving regional security information sent by other nodes;
(3) the region module maintains a list, and the content comprises a trust region, an untrusted region and network nodes contained in an attack region;
(4) the area module sends the security status of the sub-network node to other network nodes at regular time, if the security status of some network nodes is not received within a period of time, the nodes are directly added into the attack area until the sub-network node responds to the security status, and one sub-network domain is used as an execution unit.
2. The active defense method for DDoS attack applied in CDN system of claim 1, wherein: the active defense mechanism has the following operation flow:
firstly, checking whether the sub-network node is attacked or not or forwarding an attack packet:
(1) if not, the sub-network node sends a packet to all nodes to record that the sub-network node is in a safe state, and other nodes are requested to join the sub-network node into the safe region;
(2) if so, the node further checks the services needed to be used for defending against the attack;
secondly, detecting whether the attack can be stopped:
(1) if the attack event can be stopped, the sub-network node sends out a packet to all nodes to record that the sub-network node is in a safe state, other nodes are requested to add the sub-network node into a trust area, and the source router of the attack packet is informed of needing antivirus;
(2) if the attack event can not be stopped, the sub-network node sends out packets to all nodes to inform the nodes that the sub-network node is in the attacked state, and other nodes are requested to join the sub-network node in the attack area; if the sub-network node has no capability of sending the packet, all the nodes are added into the attack area after a period of waiting time.
3. The active defense method for DDoS attack applied in CDN system of claim 1, wherein: the defense system further comprises hardware equipment, and the hardware equipment comprises an analysis module, a defense attack module, an area module, a communication interface submodule and a communication bus.
4. The active defense method for DDoS attack applied in CDN system according to claim 3 is characterized in that: the analysis module of the hardware equipment of the defense system analyzes the protocol of the flow and finishes the protocol implementation of the flow, the defense system filters a specific network address data packet and limits attack flow, the area module divides the area of the whole network and records the safety state of network nodes, the communication interface sub-module is responsible for data communication among all the modules through interfaces, the communication bus completes the communication among the analysis module, the defense attack module and the area module, and the equipment communicates with a network management center through the communication bus and downloads a specific patch packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810679868.7A CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810679868.7A CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108471428A CN108471428A (en) | 2018-08-31 |
| CN108471428B true CN108471428B (en) | 2021-05-28 |
Family
ID=63259806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810679868.7A Active CN108471428B (en) | 2018-06-27 | 2018-06-27 | DDoS attack active defense technology and equipment applied to CDN system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108471428B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116709338B (en) * | 2023-08-09 | 2023-11-03 | 深圳市南方硅谷半导体股份有限公司 | Wi-Fi access point capable of defending middleman MitM attack |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
| CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
| CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
| CN107528904A (en) * | 2017-09-01 | 2017-12-29 | 星环信息科技(上海)有限公司 | Method and apparatus for data distribution formula abnormality detection |
| CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4545647B2 (en) * | 2005-06-17 | 2010-09-15 | 富士通株式会社 | Attack detection / protection system |
-
2018
- 2018-06-27 CN CN201810679868.7A patent/CN108471428B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
| CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
| CN105897674A (en) * | 2015-11-25 | 2016-08-24 | 乐视云计算有限公司 | DDoS attack protection method applied to CDN server group and system |
| CN107528904A (en) * | 2017-09-01 | 2017-12-29 | 星环信息科技(上海)有限公司 | Method and apparatus for data distribution formula abnormality detection |
| CN108182581A (en) * | 2017-12-29 | 2018-06-19 | 北京欧链科技有限公司 | A kind of bookkeeping methods and device of block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108471428A (en) | 2018-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bhushan et al. | Security challenges in cloud computing: state-of-art | |
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| US9325725B2 (en) | Automated deployment of protection agents to devices connected to a distributed computer network | |
| US20160182542A1 (en) | Denial of service and other resource exhaustion defense and mitigation using transition tracking | |
| TWI294726B (en) | ||
| KR100908404B1 (en) | System and method for protecting from distributed denial of service | |
| US20050278779A1 (en) | System and method for identifying the source of a denial-of-service attack | |
| Carlin et al. | Defence for distributed denial of service attacks in cloud computing | |
| US11856008B2 (en) | Facilitating identification of compromised devices by network access control (NAC) or unified threat management (UTM) security services by leveraging context from an endpoint detection and response (EDR) agent | |
| KR101042291B1 (en) | System and method for detecting and blocking to distributed denial of service attack | |
| CN108183884B (en) | Network attack determination method and device | |
| US10462166B2 (en) | System and method for managing tiered blacklists for mitigating network attacks | |
| SHAAR et al. | DDoS attacks and impacts on various cloud computing components | |
| CN108471428B (en) | DDoS attack active defense technology and equipment applied to CDN system | |
| Ono et al. | A design of port scan detection method based on the characteristics of packet-in messages in openflow networks | |
| KR100543664B1 (en) | system for protecting of network and operation method thereof | |
| WO2007122495A2 (en) | A framework for protecting resource-constrained network devices from denial-of-service attacks | |
| EP3595257B1 (en) | Detecting suspicious sources, e.g. for configuring a distributed denial of service mitigation device | |
| WO2020057156A1 (en) | Safety management method and safety management device | |
| Ragupathy et al. | Detecting Denial of Service Attacks by Analysing Network Traffic in Wireless Networks | |
| Nayak et al. | Depth analysis on DoS & DDoS attacks | |
| CN113132361B (en) | SDN network DDos resisting method based on game reward and punishment mechanism | |
| Stojanović et al. | Intrusion Detection Against Denial Of Service Attacks In Manet Environment | |
| Selvaraj et al. | Enhancing intrusion detection system performance using firecol protection services based honeypot system | |
| Orosz et al. | Detection strategies for post-pandemic DDoS profiles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |