CN109120917B - Method and system for detecting cloned CM - Google Patents

Method and system for detecting cloned CM Download PDF

Info

Publication number
CN109120917B
CN109120917B CN201810829684.4A CN201810829684A CN109120917B CN 109120917 B CN109120917 B CN 109120917B CN 201810829684 A CN201810829684 A CN 201810829684A CN 109120917 B CN109120917 B CN 109120917B
Authority
CN
China
Prior art keywords
legal
cloned
characteristic
network environment
feature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810829684.4A
Other languages
Chinese (zh)
Other versions
CN109120917A (en
Inventor
赵健宏
李凯
孟繁家
周刚
黄长震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Branch Of Hubei Radio & Television Inforamtion Network Co ltd
Original Assignee
Wuhan Branch Of Hubei Radio & Television Inforamtion Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Branch Of Hubei Radio & Television Inforamtion Network Co ltd filed Critical Wuhan Branch Of Hubei Radio & Television Inforamtion Network Co ltd
Priority to CN201810829684.4A priority Critical patent/CN109120917B/en
Publication of CN109120917A publication Critical patent/CN109120917A/en
Application granted granted Critical
Publication of CN109120917B publication Critical patent/CN109120917B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N17/00Diagnosis, testing or measuring for television systems or their details
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/10Adaptations for transmission by electrical cable

Abstract

The invention relates to the field of cable television, and provides a method and a system for detecting a cloned CM, wherein the method comprises the following steps: acquiring the characteristics of the CM to be detected by acquiring the information of the CM in the whole network, and acquiring the characteristics of a legal CM through a characteristic database; calculating the similarity of the CM characteristics between the CM to be detected and the legal CM, thereby detecting the cloned CM; the CM characteristics include CM ontology characteristics including one or more of CM vendor information, a number of CM ports, an IP address of DHCP allocated to the CM, and a gateway of DHCP allocated to the CM, and CM terminal network environment characteristics including one or more of a CM up level value, a CM down level value, and a CM down SNR. The method describes the CM characteristics from two dimensions of the body and the terminal network environment, can effectively cope with the situations of individual characteristic factor loss and inaccuracy based on the multidimensional characteristics, has higher robustness, directly collects characteristic attribute information from the CM, and has stronger transportability and maintainability.

Description

Method and system for detecting cloned CM
[ technical field ] A method for producing a semiconductor device
The invention relates to the field of cable television, and provides a method and a system for detecting a cloned CM.
[ background of the invention ]
A Cable Modem Terminal system-Cable Modem (CMTS-CM) networking mode is one of networking modes widely adopted by broadcast television network operators, and the operators usually provide differentiated services such as broadband Access authentication and the like through Media Access Control (MAC) addresses, while many illegal users can steal the services of the operators in various modes, which causes capital loss. The CM cloning technology is one of the main technologies for stealing services, is more difficult to prevent than other technologies for stealing services, and brings hidden troubles to network security audit work. There are three kinds of commonly used CM cloning techniques, one is weak cloning, namely simply changing the MAC address of CM to make it consistent with the MAC address of legal CM; one is strong clone, some D1.0CM are sold before the D1.1 specification is finished, and the operator adopts a D1.0CM self-signed certificate method as a compatibility solution, which brings a multiplier for hacker stealing service and can perform D1.1 clone of self-signed BPI +; yet another is perfect cloning, which is done by copying the MAC address, importing a legal x.509 digital certificate, serial/JTAG programming, and cracking the CM flash chip.
In the existing cloned CM detection technology, there are two commonly used cloned CM detection methods, one is a BPI + technology, and the BPI + technology uses an x.509 digital certificate to realize identification and access control of the cloned CM, which is a commonly used technology for preventing cloned CM in the industry. By opening and configuring the CM BPI + function, the identification and access control of the cloned CM can be realized by using an X.509 digital certificate. The detection method has the following disadvantages: (1) "perfect cloning" cannot be prevented. (2) The device needs to have and open the BPI + function, and an illegal user can disable the BPI + function of the CM or use the CM evasion detection of the old DOCSIS version that does not support the BPI + function. (3) Significantly increasing CMTS performance pressure. The other method is a clone CM detection method based on feature matching, which compares the relevant features of a suspicious CM with the historical feature records of the CM to distinguish the clone CM, but in the method, uplink channel information (CMTS uplink port number and load balancing group) or gateway information corresponding to the CM is usually used as a feature attribute, a single feature matching mode is difficult to deal with situations of fuzzy and missing position identification information and the like, and a feature value is directly or indirectly from the CMTS and requires the system to be in butt joint with a comprehensive network management system and a BOSS system, or realizes feature acquisition by relying on DHCP relay, so that the system coupling degree is high, the deployment operation and maintenance is difficult, and the compatibility and the portability are poor. Meanwhile, the conventional cloned CM detection system has strong coupling, so that the cloned CM detection system of foreign manufacturers is usually sold in a matched manner with related systems, and the price is high.
For example, in US7512969B2, the GIADDR identifier is extracted from the DHCP packet, and the CM with duplicate MAC addresses is identified using the CM MAC address/GIADDR tuple history data record, but the system cannot cope well with the case where the CMTS corresponding to the CM is changed; in patent US7957305B2, network hierarchical regions are divided, and a CMTS, ROC, and NOC tertiary system is used to perform hierarchical iterative identification on cloned CMs, wherein ROC and NOC identify cloned CMs by using CM uplink port number, load balancing group, and CMTS ID as features, but the system needs to configure DHCP relay and DHCP server correspondingly, needs to establish special ROC and NOC server clusters, and needs to establish physical network links between CMTS and ROC and between ROC and NOC, which results in high system cost and difficult deployment, operation and maintenance; the CN105100088A patent uses the address of the user to which the CM belongs as a feature, and its actual features are the upstream port number to which the CM belongs and the ID of the CMTS. The system firstly obtains the CM with the repeated MAC from the comprehensive network management system as a detection object, retrieves the optical node name according to the uplink port identifier of the CM, and then carries out fuzzy matching query on the user information in the BOSS system according to the optical node name to obtain the user address which is used as the identification basis of the cloned CM. The mechanism has the following defects: (1) the condition that the name of the optical node in the current network does not correspond to the address information of the BOSS system user is not a small probability event, and once fuzzy matching fails, the identification accuracy is affected. (2) If the CMTS upstream channel is configured with load balancing, the dynamic changes of the upstream ports will disturb the corresponding relationship between the optical nodes and the upstream ports, and the recognition accuracy will be significantly affected. (3) The characteristic data is obtained from the comprehensive network management system and the BOSS system, and the data integrity is restricted by a third-party system.
In view of the above, it is an urgent problem in the art to overcome the above-mentioned drawbacks of the prior art.
[ summary of the invention ]
The technical problems to be solved by the invention are as follows:
in the existing clone CM detection based on feature matching, a single feature matching mode is difficult to deal with the situations of fuzzy and missing position identification information, and the existing system has strong coupling, needs to be in butt joint with a comprehensive network management system and a BOSS system, and has high requirements on the data normalization of a third-party system.
The invention achieves the above purpose by the following technical scheme:
in a first aspect, the present invention provides a method for detecting a cloned CM, comprising:
acquiring the characteristics of the CM to be detected through the information acquisition of the whole network CM, and extracting legal CM characteristics through a characteristic database;
calculating the similarity of the CM characteristics between the CM to be detected and the legal CM by using a similarity calculation method, thereby detecting the cloned CM;
the MAC addresses of the CM to be tested and the legal CM are the same; the CM characteristics include CM ontology characteristics including one or more of CM vendor information, a number of CM ports, an IP address assigned to the CM by DHCP, and a gateway, and CM terminal network environment characteristics including one or more of a CM uplink value, a CM downlink value, and a CM downlink SNR.
Preferably, the method further comprises the following steps:
a set of same random algorithm is maintained between the server and the legal CM respectively, wherein the random algorithm takes network time as an input parameter, and the calculated random number is converted into a digital sequence, so that the server and the legal CM sort the CM body characteristic and the CM terminal network environment characteristic according to the digital sequence; when verifying that the feature sequences of the CM to be tested are the same as the feature sequences of the legal CM, the server calculates the feature similarity; and if the feature sequences are not the same, determining the corresponding CM to be tested as a clone CM.
Preferably, the method for calculating the similarity of the CM characteristics between the CM to be measured and the legal CM specifically comprises the following steps:
according to the formula
Figure BDA0001743250430000031
Calculating the body characteristics B of the CM to be testedi(V)And legal CM body characteristics A(V)Similarity of body features therebetween
Figure BDA0001743250430000032
According to the formula
Figure BDA0001743250430000033
Terminal network environment characteristic B for calculating CM to be testedi(C)And legal CM terminal network environment characteristic A(c)Similarity of terminal network environment characteristics between them
Figure BDA0001743250430000041
Wherein the content of the first and second substances,
Figure BDA0001743250430000042
terminal network environment characteristic B for CM to be testedi(C)And legal CM terminal network environment characteristic A(c)The Euclidean distance between the two elements, theta is a regulation factor;
according to the formula
Figure BDA0001743250430000043
Calculating CM characteristic B to be measurediSimilarity SIM (B) with legal CM feature AiA); wherein, ω is the proportion of the environmental characteristics of the CM terminal network to the characteristics of the CM.
Preferably, the method for detecting cloned CM specifically comprises:
according to the calculation result of the feature similarity of the CM, one CM with the highest feature similarity with the legal CM in the CM to be tested is reserved, and the rest CM to be tested is determined as a clone CM and added into a clone CM list.
Preferably, the method for acquiring the features of the CM to be detected through the information acquisition of the CM over the whole network and extracting the legal features of the CM through the feature database includes the following steps:
the system polls a DHCP server to obtain basic information of a CM in the whole network; wherein the basic information comprises a MAC address and an IP address;
collecting the characteristics of the whole network CM according to the basic information, and storing the legal CM characteristics into a characteristic database;
and screening the CM to be tested according to the basic information, acquiring the characteristics of the CM to be tested, and extracting the legal CM characteristics from the characteristic database.
Preferably, the step of acquiring the characteristics of the whole network CM according to the basic information and storing the characteristics of the legal CM in the characteristic database includes the following steps:
acquiring the body characteristics of the whole network CM and the network environment characteristics of a CM terminal according to the MAC address and the IP address of the whole network CM;
the body characteristics of the CM in the whole network are quantized to obtain the body characteristics A of the legal CM(V)(ii) a Quantizing the terminal network environment characteristics of the whole network CM to obtain the terminal network environment characteristics A of the legal CM(C)
The obtained body of legal CMCharacteristic A(V)And terminal network environment characteristic A(C)Store to a feature database, A(V)And A(C)Together forming feature a of a legitimate CM.
Preferably, the screening of the CM to be tested and the obtaining of the features of the CM to be tested according to the basic information, and the extraction of the legal CM features from the feature database specifically include the following steps:
screening one or more groups of CMs with the same MAC according to the MAC address of the CM in the whole network, wherein N CMs with the same MAC form a CM group to be tested;
acquiring the body characteristic and the terminal network environment characteristic corresponding to each CM to be detected in the CM group to be detected according to the MAC address and the IP address of the CM to be detected;
and extracting legal CM features with the same MAC from the feature database according to the MAC address of the CM to be detected.
Preferably, after the similarity calculation method is used to calculate the similarity of the CM features between the CM to be tested and the legal CM, so as to detect the cloned CM, the method further includes the following steps: and setting an IP filter of the cloned CM, and realizing service shutdown on the detected cloned CM.
In a second aspect, the present invention further provides a system for detecting a cloned CM, which is used to implement the method for detecting a cloned CM in the first aspect, and the system includes:
the CM characteristic acquisition module is used for acquiring the characteristics of the CM to be detected through the whole-network CM information acquisition and extracting legal CM characteristics through a characteristic database;
the clone CM detection module is used for calculating the similarity of the CM characteristics between the CM to be detected and the legal CM by using a similarity calculation method so as to detect the clone CM;
the MAC addresses of the CM to be tested and the legal CM are the same; the CM characteristics include CM ontology characteristics including one or more of CM vendor information, a number of CM ports, an IP address assigned to the CM by DHCP, and a gateway, and CM terminal network environment characteristics including one or more of a CM uplink value, a CM downlink value, and a CM downlink SNR.
In a third aspect, the present invention further provides an apparatus for detecting a cloned CM, where the apparatus includes at least one processor and a memory, where the at least one processor and the memory are connected through a data bus, and the memory stores instructions executable by the at least one processor, where the instructions are configured to, after being executed by the processor, complete the method for detecting a cloned CM according to the first aspect.
The invention has the beneficial effects that:
in the method and the system for detecting the cloned CM, the CM characteristics are described from two dimensions of the CM body characteristics and the CM terminal network environment characteristics, each dimension comprises a plurality of characteristic attributes, the method and the system for detecting the cloned CM based on the multidimensional characteristics can effectively cope with the situations of individual characteristic factor loss and inaccuracy, have higher robustness, and the characteristic attribute information is directly collected from the CM, and have stronger transportability and maintainability; meanwhile, the detection result of the cloned CM is more accurate by comparing the feature sequences.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flow chart of a method for detecting a cloned CM according to an embodiment of the present invention;
fig. 2 is a flowchart of a CM feature collection process according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for determining a cloned CM according to an embodiment of the present invention;
fig. 4 is a system data flow diagram of a cloned CM detection process according to an embodiment of the present invention;
FIG. 5 is a flow chart of another method for detecting a cloned CM according to an embodiment of the present invention;
fig. 6 is a flowchart of a CM history feature acquisition according to an embodiment of the present invention;
FIG. 7 is a diagram of a system for detecting a cloned CM according to an embodiment of the present invention;
FIG. 8 is a diagram of another embodiment of the present invention showing the components of a system for detecting a cloned CM;
fig. 9 is a schematic diagram illustrating a CM feature acquisition module according to an embodiment of the present invention;
FIG. 10 is a schematic diagram of a cloned CM detection module according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a device for detecting a clone CM according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other. The invention will be described in detail below with reference to the figures and examples.
Example 1:
embodiment 1 of the present invention provides a method for detecting a cloned CM, as shown in fig. 1, the method including:
step 201, acquiring the characteristics of the CM to be detected by acquiring the information of the CM in the whole network, and extracting legal CM characteristics through a characteristic database;
step 202, calculating the similarity of the CM features between the CM to be detected and the legal CM by using a similarity calculation method, thereby detecting a cloned CM;
the MAC addresses of the CM to be tested and the legal CM are the same; the CM characteristics comprise CM ontology characteristics and CM terminal network environment characteristics, the CM ontology characteristics comprise one or more of CM manufacturer information, CM port number, IP address allocated to the CM by DHCP and gateway, and the CM manufacturer information comprises one or more of CM type, firmware version and software version; the CM terminal network environment characteristics include one or more of a CM uplink level value, a CM downlink level value, and a CM downlink SNR.
The CM ontology features are selected according to the following: the network sniffing technology is utilized to acquire MAC and copy 'weak clone' and 'strong clone' of forged self-signed certificate, which are difficult to copy CM manufacturer information and port quantity value, and the two characteristics can be used for detecting the clone CM; if the CM shutdown time length is less than the DHCP IP address lease, the CM IP address will not be changed, so the CMIP can be used as the feature mark CM; the gateway address identifies the CM headend device, and may be characterized as having a meaning that describes the physical location of the CM.
The CM terminal network environment characteristics are selected according to the following steps: because network environments of different CM clients have differences, link attenuation, signal quality and configuration of head-end equipment are different, so that network signals of the CM clients also have differences, and the network environment of the same CM terminal is relatively stable in a staged period, so that network environment related indexes can be used for identifying the CM. The characteristic attributes, the acquisition mode and the description of the features of the CM are shown in the following table 1:
TABLE 1 characteristic attributes, Collection methods and descriptions of CM features
Figure BDA0001743250430000081
In the method for detecting the cloned CM provided by the invention, the CM characteristics are described from two dimensions of the CM body characteristics and the CM terminal network environment characteristics, each dimension comprises a plurality of characteristic attributes, the method for detecting the cloned CM based on the multidimensional characteristics can effectively cope with the situations of individual characteristic factor loss and inaccuracy, has higher robustness, and the characteristic attribute information is directly collected from the CM, thus having stronger transportability and maintainability.
In step 201, acquiring the characteristics of the CM to be detected by acquiring the information of the CM in the whole network, and extracting legal CM characteristics through a characteristic database; this step mainly performs feature acquisition in advance for the CM to be tested and the legitimate CM that need to be feature-matched in step 202, and the whole acquisition process is shown in fig. 2, and specifically includes the following steps:
step 2011, the system polls the DHCP server to obtain basic information of the CM of the whole network; wherein the basic information comprises a MAC address and an IP address;
step 2012, the characteristics of the whole network CM are collected according to the basic information, and the legal CM characteristics are stored in a characteristic database. Ontology features of legal CM with A(V)Indicating, terminal network environment characteristics of legal CM as A(C)It is shown that, if m kinds of ontology characteristic attributes and n kinds of terminal network environment characteristic attributes are selected to perform characteristic description on the CM in the embodiment of the present invention, there are some
Figure BDA0001743250430000091
Then the feature a of the legitimate CM is { a ═ a(V),A(C)};
And 2013, screening the CM to be detected according to the basic information, acquiring the characteristics of the CM to be detected, and extracting the legal CM characteristics from the characteristic database. Assuming that the current CM group to be tested contains n CMs to be tested, and B represents the CM group to be tested, B ═ B1,B2,...BnIndicates one of CM and B to be measuredi∈B。
In step 202, calculating the similarity of the CM features between the CM to be tested and the legal CM by using a similarity calculation method, thereby detecting a clone CM; in the embodiment of the present invention, the CM feature is described from two dimensions of an ontology and a terminal network environment, and therefore, when calculating the feature similarity, multiple feature attributes in the two dimensions need to be considered comprehensively, as shown in fig. 3, step 202 specifically includes the following two steps:
step 2021, calculating the similarity of the body characteristics and the similarity of the terminal network environment characteristics between the CM to be tested and the legal CM according to a formula, and comprehensively obtaining the similarity of the characteristics of the CM to be tested and the legal CM; the process of specifically calculating the similarity is as follows:
firstly, according to the formula
Figure BDA0001743250430000092
Calculating the ontology features B of each CM to be testedi(V)And legal CM body characteristics A(V)Similarity of body features therebetween
Figure BDA0001743250430000093
In the ontology feature collection process of the legal CM in step 2012, noise data needs to be removed, which easily causes the sparsity of feature value data to increase, and the formula selected here can be used for comparing the similarity and difference between limited sample sets, and is particularly suitable for Boolean data and data with excessively high sparsity, wherein in the formula, the symbol "∩" indicates that two sets take intersection, the symbol "∪" indicates that two sets take union, the symbol "|" indicates the size of the sets, i.e., the number of elements included in the sets, and the meaning of the whole formula is the ratio of the intersection size of the two sets to the size of the union.
Secondly, according to the formula
Figure BDA0001743250430000101
Calculating terminal network environment characteristics B of each CM to be testedi(C)And legal CM terminal network environment characteristic A(c)Similarity of terminal network environment characteristics between them
Figure BDA0001743250430000102
Wherein the content of the first and second substances,
Figure BDA0001743250430000103
terminal network environment characteristic B for CM to be testedi(C)And legal CM terminal network environment characteristic A(c)The Euclidean distance between the two elements, theta is a regulation factor.
The Euclidean distance d can be widely applied to similarity calculation between level signals, for example, the interference degree of noise to a signal source can be judged by calculating the Euclidean distance between the noise signal and the signal source; by adopting a similar method, the embodiment of the invention calculates the similarity of the terminal network environment characteristics between the CM to be measured and the legal CM based on the Euclidean distance d, and because the measurement units and the measurement scales of the characteristic attributes in the CM terminal network environment characteristics are different, the difference of the measurement units and the measurement scales of the characteristic attributes is balanced by adopting a weighted Euclidean distance method, and the terminal network environment characteristics B of the CM to be measured, which are obtained by the weighting method, are usedi(C)Special for legal CM terminal network environmentSymbol A(c)The Euclidean distance between them is recorded as
Figure BDA0001743250430000104
The calculation method is
Figure BDA0001743250430000105
Wherein k isjRepresenting the weight coefficient corresponding to a certain characteristic j;
the formula for calculating the similarity according to the Euclidean distance is
Figure BDA0001743250430000106
In the stage period, the environmental characteristics of the CM terminal network fluctuate, which can affect the reliability and the validity of the similarity calculation result, so that a regulation factor theta is introduced to reduce the influence caused by fluctuation; the method for obtaining the regulatory factor theta comprises the following steps: sampling the network environment characteristics of the CM terminal of the existing network, performing nonlinear regression processing, and regulating and controlling factors
Figure BDA0001743250430000107
Wherein α is an exponential coefficient obtained by nonlinear regression, SjIs { y1,j,y2,j,...,yp,jThe sum of the variances of; regulatory factors
Figure BDA0001743250430000108
Substituting into formula
Figure BDA0001743250430000109
Equation 4, get
Figure BDA00017432504300001010
Thereby calculating the similarity of the terminal network environment characteristics between the CM to be tested and the legal CM.
Finally, according to the formula
Figure BDA00017432504300001011
Calculating the characteristic B of each CM to be measurediSimilarity SIM (B) with legal CM feature AiA); wherein, ω is the proportion of the environmental characteristics of the CM terminal network to the characteristics of the CM. This is achieved byAnd integrating the results of the similarity of the body characteristic and the similarity of the terminal network environment characteristic, wherein omega can be obtained through multiple experiences or supervised learning.
Step 2022, according to the calculation result of the feature similarity of the CMs, one CM with the highest feature similarity to the legal CM in the CMs to be tested is retained, and the remaining CMs to be tested are determined to be cloned CMs and added to the cloned CM list. Generally speaking, at most one of the n current CMs to be tested is legal, and the others are illegal cloned CMs, then one of the CMs to be tested having the highest similarity with the legal feature is reserved, the reserved CM is legal, the remaining CMs to be tested are added into a cloned CM list, wherein the cloned CM list can be represented by a set Clone,
Figure BDA0001743250430000111
generally, in a complete set of cloned CM detection methods, after the detection of cloned CM, it is necessary to process detected illegal cloned CM, as shown in fig. 1, the method further includes step 203: and setting an IP filter of the cloned CM, realizing service shutdown on the detected cloned CM, and recording a log. The method for terminating the service of the cloned CM after the cloned CM is detected by the conventional cloned CM detection system generally adopts a mode of operating a CMTS to command an offline CM or remotely restarting the CM through SNMP, and the success of the processing mode depends on the frequency of the offline operation. In the embodiment of the invention, the service shutdown is realized by adopting the IP filter for setting the cloned CM, the shutdown effect can be effective in the restarting period of the CM, the processing is more concise and effective, and the configuration of the IP filter is shown in the following table 2.
TABLE 2 IP FILTER SPECIFIC CONFIGURATION TABLE
Figure BDA0001743250430000112
Figure BDA0001743250430000121
In the whole testing process of the cloned CM, the system data flow is as shown in FIG. 4, from which the complete flow of CM feature collection, cloned CM testing and cloned CM processing can be understood more intuitively.
In combination with the embodiment of the present invention, there is also a preferred implementation scheme, as shown in fig. 5, before performing the feature similarity calculation, the following steps may be added: the server verifies the feature sequence of the CM to be tested and the legal CM, and if the feature sequences are the same, the feature similarity is calculated; if the feature sequences are different, the feature similarity calculation step can be directly skipped, and the corresponding CM to be tested is judged to be the clone CM. A set of same random algorithm is maintained between the server and the legal CM respectively, wherein the random algorithm takes network time as an input parameter, and the calculated random number is converted into a digital sequence, so that the server and the legal CM sort the CM body characteristic and the CM terminal network environment characteristic according to the digital sequence; for example, if the random number generated by the system is 54610941873, the corresponding feature arrangement preferably arranges the numerical feature appearing first, the repeated data neglects replenishment, and the remaining data is sequentially replenished; thus, the above random number corresponds to a number sequence of 546198732. If the number of the characteristic items is far more than 10 bits which can be represented by a single random number, the function of the random number representation object is further expanded; that is, for a set of random numbers, the data that appears repeatedly for the first time is characterized by a tens digit (the data that appears repeatedly for the second time is characterized by a twenty digit and so on), for example: 54610941873123, wherein the sequence is characterized by "5", "4", "6", "1", "9", "14", "11", "8", "7", "3", "21", "2" and "13". Where 0 is not counted and if the number of tokens in the characterized data sequence exceeds the number of feature items, it is directly ignored as in the 0 process.
The method for increasing the feature sorting alignment is particularly suitable for the following two cases: one is that the feature similarity of at least two CM to be tested and legal CM in the current CM group to be tested is the highest, and it is difficult to determine which of the at least two CM to be tested with the highest similarity is legal; the other is that the current CM group to be tested does not include a legal CM, for example, the legal CM caused by sudden power failure is not online at present, and the CM with the highest similarity obtained by calculation is still a cloned CM and needs to be added into a cloned CM list. Under the two conditions, the detection result of the cloned CM can be more accurate by adding the step of comparing the feature ordering, and meanwhile, the CM to be detected with different feature ordering is directly judged as the cloned CM in advance, so that a part of calculation process is saved, and the calculation pressure of the server is reduced.
Example 2:
for the CM feature acquisition and processing described in step 201 of embodiment 1, embodiment 2 of the present invention provides a specific implementation method.
Step 2011, the system polls the DHCP server to obtain basic information of the CM of the whole network; wherein the basic information comprises a MAC address and an IP address;
step 2012, the characteristics of the whole network CM are collected according to the basic information, and the legal CM characteristics are stored in a characteristic database. The following method is specifically adopted for the collection, arrangement and storage of the CM characteristics in the step:
firstly, according to the MAC address and the IP address of the whole network CM, the body characteristic and the CM terminal network environment characteristic of the whole network CM are collected. In the embodiment of the invention, the CM characteristics are collected through the SNMP, most of the online CMs can collect the characteristic information when the SNMP overtime time is set to 700 milliseconds, but if the SNMP overtime time is uniformly set, the offline CM and the CM with an excessively long requirement on the SNMP overtime time can obviously slow down the whole collection process. Therefore, to increase the feature acquisition speed, the following approach is adopted, as shown in fig. 6: firstly, setting the SNMP timeout time to 700 milliseconds, quantitatively storing the collected CM characteristic information, judging whether the CM is online or not for the CM which cannot collect the characteristic information, if so, setting the SNMP timeout time to a larger value, for example, to 8000 milliseconds in the embodiment, and quantitatively storing the collected CM characteristic information. Tests show that the characteristic acquisition method can obviously shorten the acquisition time.
Secondly, the body characteristics of the CM in the whole network are quantized to obtain the body characteristics A of the legal CM(V)(ii) a Quantizing the terminal network environment characteristics of the whole network CM to obtain the terminal network environment characteristics A of the legal CM(C). Suppose that m types of entities are selected in the embodiment of the present inventionIf the CM is characterized by the characteristic attribute and the n terminal network environment characteristic attributes, the body characteristic of the legal CM is obtained
Figure BDA0001743250430000141
A(V)jRepresenting the terminal network environment characteristics of a legal CM (CM) in a certain ontology characteristic attribute
Figure BDA0001743250430000142
Indicating some terminal network environment characteristic attribute.
The body characteristics are character type data, and the processing on the CM body characteristics specifically comprises the following steps: the historical ontology feature records of the CM which are p times in total for v times every day in the last u days can be selected, wherein p is u x v, p data are recorded corresponding to each ontology feature attribute of the CM, m ontology feature attributes are selected by the CM, and the historical ontology feature records of the CM form a data set
Figure BDA0001743250430000143
The historical ontology feature data usually contains noise data, the noise data can influence the arrangement of legal CM features and further influence the detection of cloned CM, and the noise data is mainly generated by the following two reasons: firstly, the characteristics of a legal CM body are changed, such as the change of a CM physical position, the change of a head end CMTS device, the upgrade of a CM version number, the change of a DHCP lease expiration IP address and the like; and secondly, the historical ontology feature data comprises feature data information of the cloned CM. Noise data in the ontology feature data are usually difficult to distinguish, so a mode that attribute factors are abandoned when the noise data are found is adopted, namely for a certain ontology feature attribute, when attribute values acquired for multiple times are inconsistent, the attribute factors are abandoned; when the attribute values acquired p times are consistent, the characteristic factor is reserved and used, the corresponding characteristic record value is recorded as a legal CM characteristic, specifically as formula 1, and each body characteristic attribute A can be calculated according to formula 1(V)jCorresponding legal characteristic value to obtain the body characteristic A of legal CM(V)
Figure BDA0001743250430000151
Since there is a possibility that the CM ontology feature is cloned, for example, a perfect clone can copy an ontology feature value such as CM vendor information, the embodiment introduces a CM terminal network environment feature to describe the CM in combination with the CM ontology feature, so as to improve the accuracy of detecting the cloned CM. The environmental characteristics of the terminal network are numerical data, and when the historical characteristic data quantity has a certain scale, the influence of noise data can be weakened in an average mode. The processing of the CM terminal network environment characteristics specifically includes selecting historical CM terminal network environment characteristic records of p times of v times per day in the latest u days, where p is u × v, p data are recorded corresponding to each terminal network environment characteristic attribute of the CM, the CM selects n terminal network environment characteristic attributes, and the historical terminal network environment characteristic records of the CM form a data set
Figure BDA0001743250430000152
According to formula 2, the network environment characteristic attribute A of each terminal can be calculated(C)jCorresponding legal characteristic value, and further obtaining terminal network environment characteristic A of legal CM(C)
Figure BDA0001743250430000153
Finally, the obtained ontology feature A of the legal CM(V)And terminal network environment characteristic A(C)Store to a feature database, A(V)And A(C)Features a that together form a legitimate CM; wherein A ═ { A ═ A(V),A(C)}。
And 2013, screening the CM to be detected according to the basic information, acquiring the characteristics of the CM to be detected, and extracting the legal CM characteristics from the characteristic database. The method is realized by the following steps:
firstly, screening out one or more groups of CMs with the same MAC according to the MAC address of the CM in the whole network, wherein N CMs with the same MAC form a CM group to be tested: therefore, one or more CM groups to be tested can be screened out, and if the current CM group to be tested contains n CM groups to be tested and B represents the CM group to be tested, B is ═ B1,B2,...Bn},BiIndicates one of CM, B to be measuredi∈B。
Secondly, according to the MAC address and the IP address of the CM to be detected, acquiring the body characteristic and the terminal network environment characteristic corresponding to each CM to be detected in the CM group to be detected: in step 2012, the characteristics of the CM in the whole network are collected, and the body characteristics and the terminal network environment characteristics of each CM to be tested may be obtained according to the MAC and IP basic information corresponding to the current CM group to be tested.
And finally, extracting legal CM features with the same MAC from the feature database according to the MAC address of the CM to be detected: and if the CM to be detected for feature matching and the legal CM have the same MAC address, extracting corresponding legal CM features from the feature database according to the MAC address of the CM to be detected after the CM to be detected is screened and determined, namely the features corresponding to the legal CM with the same MAC.
Example 3:
on the basis of the embodiment 1 and the embodiment 2, the present invention further provides a system for detecting a cloned CM, which is used for implementing the method for detecting a cloned CM described in the embodiment 1 and the embodiment 2, as shown in fig. 7, the embodiment 2 of the present invention provides a system for detecting a cloned CM, which includes a CM feature acquisition module and a cloned CM detection module:
the CM characteristic acquisition module is used for acquiring the characteristics of the CM to be detected through the whole-network CM information acquisition and extracting legal CM characteristics through a characteristic database;
the cloned CM detection module is used for calculating the similarity of the CM characteristics between the CM to be detected and the legal CM by using a similarity calculation method so as to detect the cloned CM;
the MAC addresses of the CM to be tested and the legal CM are the same; the CM characteristics include CM ontology characteristics including one or more of CM vendor information, a number of CM ports, an IP address assigned to the CM by DHCP, and a gateway, and CM terminal network environment characteristics including one or more of a CM uplink value, a CM downlink value, and a CM downlink SNR.
In the embodiment of the present invention, a complete system for detecting cloned CMs further includes a module for shutting down cloned CMs, as shown in fig. 7, where the module for shutting down cloned CMs is disposed behind the module for detecting cloned CMs, and is configured to set an IP filter of the cloned CMs to shut down detected cloned CMs.
In combination with the embodiment of the present invention, there is also a preferred implementation scheme, and the detection system further includes a sorting and comparing module, as shown in fig. 8, the sorting and comparing module may be disposed before the clone CM detection module. A set of same random algorithm is maintained between the server and the legal CM respectively, wherein the random algorithm takes network time as an input parameter, and the calculated random number is converted into a digital sequence, so that the server and the legal CM sort the CM body characteristic and the CM terminal network environment characteristic according to the digital sequence; the sequencing comparison module is used for verifying whether the characteristic sequencing of the CM to be tested is the same as that of the legal CM by the server, and if the characteristic sequencing of the CM to be tested is the same as that of the legal CM, the cloned CM detection module calculates the characteristic similarity; if the feature sequences are different, the cloned CM detection module can be directly skipped, and the corresponding CM to be detected is directly judged to be the cloned CM and the service is shut down.
As shown in fig. 9, the CM feature acquisition module includes:
the basic information acquisition module is used for polling a DHCP server by a system to acquire basic information of the CM in the whole network; wherein the basic information comprises a MAC address and an IP address;
the characteristic acquisition quantization processing module is used for acquiring the characteristics of the whole network CM according to the basic information and storing the legal CM characteristics to a characteristic database; firstly, acquiring the body characteristics of the whole network CM and the network environment characteristics of a CM terminal according to the MAC address and the IP address of the whole network CM; secondly, the body characteristics of the CM in the whole network are quantized to obtain the body characteristics A of the legal CM(V)Quantizing the terminal network environment characteristics of the whole network CM to obtain the terminal network environment characteristics A of the legal CM(C)(ii) a Finally, the obtained ontology feature A of the legal CM(V)And terminal network environment characteristic A(C)Store to a feature database, A(V)And A(C)Together forming feature a of a legitimate CM.
And the characteristic extraction module is used for screening the CM to be detected according to the basic information, acquiring the characteristics of the CM to be detected and extracting the legal CM characteristics from the characteristic database. Firstly, screening one or more groups of CMs with the same MAC according to the MAC address of the CM in the whole network, wherein N CMs with the same MAC form a CM group to be tested; secondly, acquiring the body characteristic and the terminal network environment characteristic corresponding to each CM to be detected in the CM group to be detected according to the MAC address and the IP address of the CM to be detected; and finally, extracting legal CM features with the same MAC from the feature database according to the MAC address of the CM to be detected.
As shown in fig. 10, the clone CM detection module comprises:
the similarity calculation module is used for calculating the similarity of the body characteristics and the similarity of the terminal network environment characteristics between the CM to be detected and the legal CM according to a formula and comprehensively obtaining the characteristic similarity of the CM to be detected and the legal CM; specifically, first, according to the formula
Figure BDA0001743250430000171
Calculating the body characteristics B of the CM to be testedi(V)And legal CM body characteristics A(V)Similarity of body features therebetween
Figure BDA0001743250430000181
Secondly, according to the formula
Figure BDA0001743250430000182
Terminal network environment characteristic B for calculating CM to be testedi(C)And legal CM terminal network environment characteristic A(c)Similarity of terminal network environment characteristics between them
Figure BDA0001743250430000183
Wherein the content of the first and second substances,
Figure BDA0001743250430000184
terminal network environment characteristic B for CM to be testedi(C)And legal CM terminal network environment characteristic A(c)The Euclidean distance between the two elements, theta is a regulation factor; finally, according to the formula
Figure BDA0001743250430000185
Calculate wait forMeasuring CM characteristic BiSimilarity SIM (B) with legal CM feature AiA); wherein, ω is the proportion of the environmental characteristics of the CM terminal network to the characteristics of the CM.
And the judging module is used for reserving one CM with the highest characteristic similarity with the legal CM in the CM to be tested according to the calculation result of the characteristic similarity of the CM, judging the rest CM to be tested as a clone CM, and adding the clone CM into a clone CM list.
In the detection system of the cloned CM provided by the invention, the CM characteristics are described from two dimensions of the CM body characteristics and the CM terminal network environment characteristics, each dimension also comprises a plurality of characteristic attributes, the clone CM detection system based on the multidimensional characteristics can effectively cope with the situations of individual characteristic factor loss and inaccuracy, has higher robustness, and the characteristic attribute information is directly collected from the CM, and has stronger transportability and maintainability; meanwhile, the detection result of the cloned CM is more accurate by comparing the feature sequences.
Example 4:
after embodiments 1 and 2 provide a method for detecting a cloned CM, embodiment 4 of the present invention further provides a device for detecting a cloned CM by using the above method, as shown in fig. 11, which is a schematic structural diagram of the device according to the embodiments of the present invention. The apparatus for clone CM detection of the present embodiment includes one or more processors 21 and a memory 22. In fig. 11, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 8 illustrates the connection by a bus as an example.
The memory 22, which is a non-volatile computer-readable storage medium of a method and apparatus for detecting a cloned CM, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as the method for detecting a cloned CM in embodiment 1. The processor 21 executes various functional applications and data processing of the device for cloned CM detection, that is, implements the detection method of cloned CM of embodiment 1, by running nonvolatile software programs, instructions, and modules stored in the memory 22.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22 and, when executed by the one or more processors 21, perform the method of detecting a cloned CM in embodiments 1 and 2 described above, for example, perform the steps illustrated in fig. 1, 2, 3, and 5 described above.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (8)

1. A method for detecting a cloned CM, comprising:
acquiring the characteristics of the CM to be detected through the information acquisition of the whole network CM, and extracting legal CM characteristics through a characteristic database;
calculating the similarity of the CM characteristics between the CM to be detected and the legal CM by using a similarity calculation method, thereby detecting the cloned CM;
the MAC addresses of the CM to be tested and the legal CM are the same; the CM characteristics comprise CM body characteristics and CM terminal network environment characteristics, the CM body characteristics comprise one or more of CM manufacturer information, CM port number, IP address allocated to CM by DHCP and gateway, and the CM terminal network environment characteristics comprise one or more of CM uplink level value, CM downlink level value and CM downlink SNR;
further comprising the steps of:
a set of same random algorithm is maintained between the server and the legal CM respectively, wherein the random algorithm takes network time as an input parameter, and the calculated random number is converted into a digital sequence, so that the server and the legal CM sort the CM body characteristic and the CM terminal network environment characteristic according to the digital sequence; when verifying that the feature sequences of the CM to be tested are the same as the feature sequences of the legal CM, the server calculates the feature similarity; and if the feature sequences are not the same, determining the corresponding CM to be tested as a clone CM.
2. The method for detecting cloned CM of claim 1, wherein said method for calculating similarity of CM features between CM to be detected and legal CM is specifically:
according to the formula
Figure FDA0002368048790000011
Calculating the body characteristics B of the CM to be testedi(V)And legal CM body characteristics A(V)Similarity of body features therebetween
Figure FDA0002368048790000012
According to the formula
Figure FDA0002368048790000013
Terminal network environment characteristic B for calculating CM to be testedi(C)And legal CM terminal network environment characteristic A(C)Similarity of terminal network environment characteristics between them
Figure FDA0002368048790000014
Wherein the content of the first and second substances,
Figure FDA0002368048790000015
terminal network environment characteristic B for CM to be testedi(C)And legal CM terminal network environment characteristic A(C)The Euclidean distance between the two elements, theta is a regulation factor;
according to the formula
Figure FDA0002368048790000021
Calculating CM characteristic B to be measurediSimilarity SIM (B) with legal CM feature AiA); wherein, omega is the proportion of the CM terminal network environment characteristic in the CM characteristic;
wherein i represents the label of the CM to be measured, the symbol "∩" represents that the two sets take intersection, the symbol "∪" represents that the two sets take union, and the symbol "|" represents the size of the sets.
3. The method for detecting cloned CM according to claim 1, wherein said method for detecting cloned CM is specifically:
according to the calculation result of the feature similarity of the CM, one CM with the highest feature similarity with the legal CM in the CM to be tested is reserved, and the rest CM to be tested is determined as a clone CM and added into a clone CM list.
4. The method for detecting cloned CM as claimed in claim 1, wherein said method for obtaining CM features to be detected by collecting information of CM over the whole network and extracting legal CM features from the feature database includes the following steps:
the system polls a DHCP server to obtain basic information of a CM in the whole network; wherein the basic information comprises a MAC address and an IP address;
collecting the characteristics of the whole network CM according to the basic information, and storing the legal CM characteristics into a characteristic database;
and screening the CM to be tested according to the basic information, acquiring the characteristics of the CM to be tested, and extracting the legal CM characteristics from the characteristic database.
5. The method for detecting cloned CM as claimed in claim 4, wherein said step of storing legal CM characteristics into a characteristics database according to characteristics of said basic information collected network-wide CM includes the steps of:
acquiring the body characteristics of the whole network CM and the network environment characteristics of a CM terminal according to the MAC address and the IP address of the whole network CM;
the body characteristics of the CM in the whole network are quantized to obtain the body characteristics A of the legal CM(V)(ii) a Quantizing the terminal network environment characteristics of the whole network CM to obtain the terminal network environment characteristics A of the legal CM(C)
The obtained ontology feature A of the legal CM(V)And terminal network environment characteristic A(C)Store to a feature database, A(V)And A(C)Together forming feature a of a legitimate CM.
6. The method for detecting cloned CM as claimed in claim 4, wherein said steps of screening CM to be detected and obtaining the characteristics of CM to be detected according to basic information, and extracting legal CM characteristics from the characteristics database include the following steps:
screening one or more groups of CMs with the same MAC according to the MAC address of the CM in the whole network, wherein N CMs with the same MAC form a CM group to be tested;
acquiring the body characteristic and the terminal network environment characteristic corresponding to each CM to be detected in the CM group to be detected according to the MAC address and the IP address of the CM to be detected;
and extracting legal CM features with the same MAC from the feature database according to the MAC address of the CM to be detected.
7. The method for detecting a cloned CM according to any one of claims 1-6, wherein said method further comprises, after said detecting a cloned CM by calculating the similarity of CM features between a CM to be detected and a legitimate CM by using a similarity calculation method, the following steps: and setting an IP filter of the cloned CM, and realizing service shutdown on the detected cloned CM.
8. A system for detecting a cloned CM, comprising at least one processor and a memory, the at least one processor and the memory being connected by a data bus, the memory storing instructions executable by the at least one processor, the instructions being configured to perform the method for detecting a cloned CM according to any one of claims 1 to 7 after being executed by the processor.
CN201810829684.4A 2018-07-25 2018-07-25 Method and system for detecting cloned CM Active CN109120917B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810829684.4A CN109120917B (en) 2018-07-25 2018-07-25 Method and system for detecting cloned CM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810829684.4A CN109120917B (en) 2018-07-25 2018-07-25 Method and system for detecting cloned CM

Publications (2)

Publication Number Publication Date
CN109120917A CN109120917A (en) 2019-01-01
CN109120917B true CN109120917B (en) 2020-06-05

Family

ID=64863591

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810829684.4A Active CN109120917B (en) 2018-07-25 2018-07-25 Method and system for detecting cloned CM

Country Status (1)

Country Link
CN (1) CN109120917B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7512969B2 (en) * 2003-11-21 2009-03-31 Time Warner Cable, A Division Of Time Warner Entertainment Company, L.P. System and method for detecting and reporting cable network devices with duplicate media access control addresses
US7716468B2 (en) * 2006-03-01 2010-05-11 Cisco Technology, Inc. Method and system for cloned cable modem detection
US20070276943A1 (en) * 2006-03-14 2007-11-29 General Instrument Corporation Prevention of Cloning Attacks in a DOCSIS Network
US7957305B2 (en) * 2006-08-16 2011-06-07 Cisco Technology, Inc. Hierarchical cable modem clone detection
US7986690B2 (en) * 2008-08-12 2011-07-26 Cisco Technology, Inc. Inter-gateway cloned device detector using provisioning request analysis
CN105100088B (en) * 2015-07-08 2018-06-05 广州珠江数码集团股份有限公司 A kind of method and system for preventing illegally clone CM accesses DOCSIS networks

Also Published As

Publication number Publication date
CN109120917A (en) 2019-01-01

Similar Documents

Publication Publication Date Title
CN110213227B (en) Network data flow detection method and device
JP5237452B2 (en) Apparatus and method for sensing the presence of a transmitted signal in a wireless channel
US7694317B2 (en) CATV transmission line monitoring system, method, and program
US7647530B2 (en) Network fault pattern analyzer
CN1763720A (en) Model based diagnosis and repair for event logs
CN110555630B (en) Data processing method and device
CN112860676B (en) Data cleaning method applied to big data mining and business analysis and cloud server
CN111385309A (en) Security detection method, system and terminal for online office equipment
CN109120917B (en) Method and system for detecting cloned CM
CN113901441A (en) User abnormal request detection method, device, equipment and storage medium
CN112954302B (en) Method and device for detecting hidden danger of IPTV (Internet protocol television)/household wide segmentation based on outlier algorithm
CN113704763B (en) Pipelined device scanning detection method
US7016808B2 (en) Analyzing and servicing imaging devices
US11595290B2 (en) Systems and techniques for assessing a customer premises equipment device
CN111865724B (en) Information acquisition control implementation method for video monitoring equipment
CN111835541B (en) Method, device, equipment and system for detecting aging of flow identification model
CN110266562B (en) Method for automatically detecting identity authentication function of network application system
CN111782908A (en) WEB violation operation behavior detection method based on data mining cluster analysis
CN116484263B (en) Intelligent self-service machine fault detection system and method
CN111859363B (en) Method and device for identifying unauthorized access of application and electronic equipment
CN117640466A (en) Comprehensive asset identification method, comprehensive asset identification system, storage medium and computer equipment
WO2023123957A1 (en) Method and system for screening downlink device of home gateway
CN211044247U (en) Video monitoring system for hotels
CN117997586A (en) Network security detection system based on data visualization
CN116668080A (en) Flow abnormality assessment method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant