CN109818793A - For the device type identification of Internet of Things and network inbreak detection method - Google Patents
For the device type identification of Internet of Things and network inbreak detection method Download PDFInfo
- Publication number
- CN109818793A CN109818793A CN201910089779.1A CN201910089779A CN109818793A CN 109818793 A CN109818793 A CN 109818793A CN 201910089779 A CN201910089779 A CN 201910089779A CN 109818793 A CN109818793 A CN 109818793A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- feature
- pkt
- period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the device type identification for being directed to Internet of Things and network inbreak detection methods, intruding detection system is made of device type identification matching system with abnormality detection system, the characteristics of identification system can be communicated according to device periodically extract equipment feature, statistical property according to the period etc. carries out Classifying Sum, and equipment is divided into abstract type;Pattern recognition system of the abnormality detection system based on GRU neural network can learning and memory normal communication behavior to establishing normal behaviour series model, since GRU neural network is separately designed for each device type, accuracy of identification is higher, and rate of false alarm substantially reduces;It monitors the signal intelligence of all internet of things equipment in network using gateway, all internet of things equipment are made directly or indirectly to be connected to gateway, to can detect the local communication between their all communications and internet of things equipment to internet, the stronger gateway of passage capacity carries out local data processing, and Internet of Things is avoided to set change resource scarcity.
Description
Technical field
The present invention relates to Internet technical fields, and in particular to a kind of to enter for the device type identification of Internet of Things and network
Invade detection method.
Background technique
In recent years, as technology of Internet of things rises, the electronic equipments such as more and more smart homes enter people's sight, give
People, which live, to be provided more convenient, changes people's lives ubiquitously, major various productions of producer based on Internet of Things
Product it is also growing day by day.However, the internet of things product quality produced at present is irregular, and standard disunity, and producer exists
The problem of often ignoring safety when design production product, Internet of Things also becomes the severely afflicated area of information safety protection.To guarantee
Safety needs the security protection system for Internet of Things, and current common solution can be divided into two kinds: upgrading is by shadow
Loud equipment firmware and intruding detection system.Inefficiency, only supplier be more when identifying novel attack for phase these two kinds of methods
Novel attack could be newly detected, and this may cause great delay, causes security loss, can not cope with the object of rapid growth very well
Networked marketplace.And it is based on Internet of Things feature, the system of design often faces following problems: having a large amount of new internet of things product to ask daily
Generation, and wherein there are security risks for significant portion.Invader also for these equipment loopholes exploitation Malware at any time, thus
Resource needed for guaranteeing the safety of internet of things equipment, energy are that dynamic increases variation;Internet of things equipment free memory,
Computing resource, capacity of power are limited, thus not applicable conventional needle is to the intrusion detection in equipment;Internet of things equipment has heterogeneous
Property, the feature distribution of equipment individual is more dispersed, and everyway has bigger difference between different types of equipment, and every class is set
Standby function is relatively limited;Compare other high-end devices, the network flow that internet of things equipment generates is less, and wherein most of is
Irregular user's access queries.
Summary of the invention
In view of the defects and deficiencies of the prior art, the present invention intends to provide a kind of device types for Internet of Things
Identification and network inbreak detection method, the signal intelligence of all internet of things equipment in network is monitored using gateway, makes property
Networked devices are directly or indirectly connected to gateway, thus between can detect their all communications and internet of things equipment to internet
Local communication, the stronger gateway of passage capacity carry out local data processing, Internet of Things are avoided to set change resource scarcity.
To achieve the above object, the technical solution adopted by the present invention is that: it includes device type identification matching system and different
Normal detection system;Device type, which identifies, is equipped with device-fingerprint identification module in matching system;It is equipped in abnormality detection system abnormal
Detection module;In local area network, all internet of things equipment are directly or indirectly connected to pacify with PC, smart mobile phone application
Full gateway accesses internet, and device-fingerprint identification module monitoring all communication behaviors of internet of things equipment in security gateway simultaneously mention
The mathematical feature of communication behavior is taken, then feature is sent to the normal communication of abnormality detection module and central Internet of Things service centre
Behavioural characteristic data set;Abnormality detection module in security gateway is based on normal communication behavioural characteristic number in the data training stage
Abnormality detection mathematical model is generated according to collection, and abnormality detection mathematical model is uploaded to the backup of security service center;It is examined in real time
In the survey stage, abnormality detection module is using mathematical feature of the abnormality detection mathematical model based on present communications behavior to present communications row
For whether exception determines, and to abnormal behaviour trigger alerts in real time.
Further, it is comprised the following steps for the device type detection method of internet of things:
One, the communication cycle of internet of things equipment flow is extracted: according to the periodically special of internet of things equipment network traffic
Point analyzes its communication feature, finds out the period, provides preprocessed data further to extract feature;Security gateway is by unpacking number
According to the different equipment of the mac Address Recognition of link layer offer, the equipment different to the address mac is handled respectively;Security gateway according to
Device network flow extracts its period using Fourier transformation and seeks two kinds of mathematical methods of auto-correlation function;
The method for extracting the communication cycle of internet of things equipment flow comprises the following steps:
A, signal intelligence of the audiomonitor in (0~d) s, since network traffic statistics format is not quite similar, for system
One format, carries out sliding-model control to flow information in seconds first, and specific practice is according to equipment i-th of period
Inside whether have and exports y in communication definitions moment sectioniWhether being 1, (such as taking 1s is unit, yiIndicate the equipment in is to (i+1) s
Whether communication behavior is had);Following formula is 1s definition with the period;
B, according to formula a pair of yiDo discrete fourier variation:
Formula one:Wherein
If YmaxFor the maximum value in frequency domain, records value in frequency domain and be greater than 0.8*YmaxAll frequency values, be denoted as ki, make
For Candidate Frequency, according toObtain the pre-selection period;Firstly, ignoring too short to improve calculating speed, enhancing recognition capability
With the too long period;Secondly, to determine pre-selection period YiCan the periodicity that communication be measured calculate y (n) every according to formula two
Auto-correlation function value at a candidate periodic:
Formula two:
If Ryy(Ti) in section [0.9*Ti,1.1*Ti] in can be in liPlace gets maximum value, then determines cycle memory in week
Phase, and by TiIt is updated to li;
C, r is definediWith rni: security gateway measures cycle T by formula three and formula fouriAccuracy:
Formula three:
Formula four:
Wherein riThe expression period is TiThe frequency that occurs in (0~d) s of signal, stable periodic communication should meet ri=
1;rniCalculate TiAnd the period adjacent with it frequency of occurrences in 0~ds, stable periodic communication should meet ri≈rni≈1;
It is thus possible to convert { (T for (0~d) the s communication information acquired1,r1,rn1),(T2,r2,rn2),…,(Tn,
rn,rnn)}。
Two, extracting cycle feature: the utilization rate in order to further increase data, the statistics in the period that the measuring and calculating first step obtains
One section of period is divided into several segments by characteristic, security gateway, and recycling is according to the { (T converted by flow1,r1,rn1),
(T2,r2,rn2),…,(Tn,rn,rnn) data, the feature of extraction is divided into four classes, is respectively as follows: (1) period essential information;(2) all
Phase infers accuracy, due to that will be divided into multiple segments the period, security gateway calculate the mean value obtained from each segment, variance,
Whether the statistical informations such as standard deviation are sufficiently stable, accurate come the period for measuring calculating;(3) cycle duration, by the week of calculating
Phase is divided into corresponding interval range, and the difference of different internet of things equipment is calculated convenient for Clustering Model later, facilitates classification, mentions
Height distinguishes accuracy;(4) infer the statistical stability in period, security gateway calculates each section of ri,rni, use ri、rniIt is locating
Interval range measured;
Three, the tagsort of extraction is summarized, obtains specific classification: after periodicity extraction feature, will be adopted using KNN algorithm
The feature of the distinct device of collection is classified;The specific method is as follows:
After security gateway detection device flow, extracts its feature and be transmitted to Internet of Things security service aggregation process;Internet of Things
The gap between the feature for the different internet of things equipment that multiple security gateways provide, benefit are measured in net security service by Euclidean distance
With KNN algorithm by device class;Receive distribution security gateway offer feature when, Internet of Things security service calculate it with
There is the Euclidean distance of feature to measure gap, if the immediate k equipment of feature Euclidean distance of this feature matching and the equipment
In most of belonging types, then it is attributed to such, and for reinforcing the type recognition training, is otherwise recorded as it newly
Type;New type is the virtual that clustering algorithm obtains;If this feature mismatches a certain known type, marked
Note, and when the sample in certain region is enough, it is new device type by the equipment annotation in the region;Internet of Things safety clothes
Business center returns to local gateway after judging, by court verdict and KNN training result;It accumulates at any time, model learning
More characteristic types, the identifiable number of devices of Internet of Things security service are consequently increased, and are identified also more accurate.
Further, whether the period essential information in step 2 includes the number of cycles detected, is the monocycle, used
The frequency whether communication protocol, source port change with variation;
Further, it is comprised the following steps for the device type detection method of internet of things:
One, normal data collection phase: system deployment initial stage, security gateway monitor internet of things equipment normal communication;Safety
Normal data packet flow < pkt that gateway obtains initial stage1,pkt2,…,pktn>it is converted into symbol sebolic addressing<s1,s2,…,sn>, lead to
Cross extraction feature, pktiIt is mapped as si, security gateway marks according to device type, extracts feature, different device types respectively
By the different GRU training identification model of correspondence;Security gateway general < pkt1,pkt2,…,pktn> feature is extracted, it is converted into symbol sequence
Column < s1,s2,…,sn>, for the GRU model learning training for respective type;
The feature of extraction includes direction of the traffic, the source port of communication and destination port, the length of communication data, flow transmission
The generation interval of the value of flag, the protocol type specifically used, data packet in layer Transmission Control Protocol HEAD;
Two, normal data training:
Local security gateway utilizes the feature < s extracted1,s2,…,sn>, training local GRU neural network will then train
As a result Internet of Things security service center is uploaded to, service centre summarizes training result and system from multiple LAN safety gateways
One integration, forms the GRU neural network for integrating all data, then integrated results are issued to each local gateway, as into one
The discrimination model of step;
Three, real-time abnormality detection:
If the internet of things equipment in Internet of Things is infected by rogue program, security gateway starts to identify exceptional communication;Safety net
Monitoring internet of things equipment is closed to communicate and extract feature < s1,s2,…,sn>, using symbol sebolic addressing as input, with Internet of Things safety clothes
The GRU neural network of business central integration is identified, the probability of occurrence of the exportable respective symbol of GRU neural network;It retouches for convenience
It states, is defined as follows:
Define 1: when by flow pktiThe symbol s of mappingiProbability of occurrence piMeet piWhen < δ, claim flow pktiIt is suspicious flow
Amount, wherein δ is the threshold value of setting;
Define 2: for flow sequence < pkt1,pkt2,…,pktω>, ω is length of window;When the number of wherein suspicious traffic
When mesh is more than threshold value ω * γ, claim flow sequence < pkt1,pkt2,…,pktω>it is suspicious, i.e. flow sequence<pkt1,
pkt2,…,pktω> be it is suspicious, and if only if
By the training of first step normal discharge, the output probability of GRU network normal stream amount is higher, and abnormal flow exists
Without training in the first step, the probability that GRU is provided is small;By setting suitable threshold value, security gateway can identify exception
Flow;After identification, if normal discharge, then local gateway strengthens the training of GRU network using it;In order to reduce rate of false alarm, pacify
Full gateway defines abnormal flow sequence, only just sounds an alarm when there is multiple flows to occur abnormal in window;Due to Internet of Things
The heterogeneity of net equipment, the communication feature of Different LANs has larger difference, therefore recognition result is uploaded to Internet of Things by security gateway
Net security service center, security centre's integral data form new whole identification model again, are issued to each local gateway, mention
High recognition capability.
After adopting the above scheme, the invention has the following beneficial effects: the device type of the present invention for Internet of Things identifies
And network inbreak detection method, can efficiently detect in local area network internet of things equipment type and classified, monitoring network it is logical
Believe and identifies abnormal behaviour;Intruding detection system is by device type identification matching system and abnormality detection system two subsystems structure
At, the characteristics of identification system can be communicated according to device periodically extract equipment feature, according to the statistical property etc. in period
Classifying Sum is carried out, equipment is divided into abstract type;Pattern recognition system of the abnormality detection system based on GRU neural network can be learned
Memory normal communication behavior is practised to establish normal behaviour series model, since GRU neural network is for each device type point
It does not design, so accuracy of identification is higher, rate of false alarm is substantially reduced.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is concrete configuration diagram of the invention.
Specific embodiment
With reference to the accompanying drawing, the present invention is further illustrated.
Present embodiment the technical solution adopted is that: it includes device type identification matching system and abnormality detection system
System;Device type, which identifies, is equipped with device-fingerprint identification module in matching system;Abnormality detection module is equipped in abnormality detection system;
Referring to shown in Fig. 1, in local area network, all internet of things equipment and PC, smart mobile phone application direct or indirect connection
Internet is accessed to security gateway, all communication behaviors of the device-fingerprint identification module monitoring internet of things equipment in security gateway
And the mathematical feature of communication behavior is extracted, then feature is sent to the normal of abnormality detection module and central Internet of Things service centre
Communication behavior characteristic data set;Abnormality detection module in security gateway is in the data training stage, based on normal communication behavior spy
Data set generation abnormality detection mathematical model is levied, and abnormality detection mathematical model is uploaded to the backup of security service center;In reality
When detection-phase, abnormality detection module is using mathematical feature of the abnormality detection mathematical model based on present communications behavior to current logical
Whether letter behavior determines extremely, and to abnormal behaviour trigger alerts in real time.
It is comprised the following steps for the device type detection method of internet of things:
One, the communication cycle of internet of things equipment flow is extracted: according to the periodically special of internet of things equipment network traffic
Point analyzes its communication feature, finds out the period, provides preprocessed data further to extract feature;Security gateway is by unpacking number
According to the different equipment of the mac Address Recognition of link layer offer, the equipment different to the address mac is handled respectively;Security gateway according to
Device network flow extracts its period using Fourier transformation and seeks two kinds of mathematical methods of auto-correlation function;
The method for extracting the communication cycle of internet of things equipment flow comprises the following steps:
A, signal intelligence of the audiomonitor in (0~d) s, since network traffic statistics format is not quite similar, for system
One format, carries out sliding-model control to flow information in seconds first, and specific practice is according to equipment i-th of period
Inside whether have and exports y in communication definitions moment sectioniWhether being 1, (such as taking 1s is unit, yiIndicate the equipment in is to (i+1) s
Whether communication behavior is had);Following formula is 1s definition with the period;
B, according to formula a pair of yiDo discrete fourier variation:
Formula one:Wherein
If YmaxFor the maximum value in frequency domain, records value in frequency domain and be greater than 0.8*YmaxAll frequency values, be denoted as ki, make
For Candidate Frequency, according toObtain the pre-selection period;Firstly, ignoring too short to improve calculating speed, enhancing recognition capability
With the too long period;Secondly, to determine pre-selection period YiCan the periodicity that communication be measured calculate y (n) every according to formula two
Auto-correlation function value at a candidate periodic:
Formula two:
If Ryy(Ti) in section [0.9*Ti,1.1*Ti] in can be in liPlace gets maximum value, then determines cycle memory in week
Phase, and by TiIt is updated to li;
C, r is definediWith rni: security gateway measures cycle T by formula three and formula fouriAccuracy:
Formula three:
Formula four:
Wherein riThe expression period is TiThe frequency that occurs in (0~d) s of signal, stable periodic communication should meet ri=
1;rniCalculate TiAnd the period adjacent with it frequency of occurrences in 0~ds, stable periodic communication should meet ri≈rni≈1;
It is thus possible to convert { (T for (0~d) the s communication information acquired1,r1,rn1),(T2,r2,rn2),…,(Tn,
rn,rnn)}。
Two, extracting cycle feature: the utilization rate in order to further increase data, the statistics in the period that the measuring and calculating first step obtains
One section of period is divided into several segments by characteristic, security gateway, and recycling is according to the { (T converted by flow1,r1,rn1),
(T2,r2,rn2),…,(Tn,rn,rnn) data, the feature of extraction is divided into four classes, is respectively as follows: (1) period essential information, period
Whether essential information includes the number of cycles detected, is whether monocycle, communication protocol used, source port change and become
The frequency of change;(2) period infers accuracy, and due to that will be divided into multiple segments the period, security gateway calculating is obtained from each segment
Whether the statistical informations such as mean value, variance, standard deviation out are sufficiently stable, accurate come the period for measuring calculating;(3) when the period continues
Between, the period of calculating is divided into corresponding interval range, the difference of different internet of things equipment is calculated convenient for Clustering Model later
Not, facilitate classification, improve and distinguish accuracy;(4) infer the statistical stability in period, security gateway calculates each section of ri,
rni, use ri、rniLocating interval range is measured;
Three, the tagsort of extraction is summarized, obtains specific classification: after periodicity extraction feature, will be adopted using KNN algorithm
The feature of the distinct device of collection is classified;The specific method is as follows:
After security gateway detection device flow, extracts its feature and be transmitted to Internet of Things security service aggregation process;Internet of Things
The gap between the feature for the different internet of things equipment that multiple security gateways provide, benefit are measured in net security service by Euclidean distance
With KNN algorithm by device class;Receive distribution security gateway offer feature when, Internet of Things security service calculate it with
There is the Euclidean distance of feature to measure gap, if the immediate k equipment of feature Euclidean distance of this feature matching and the equipment
In most of belonging types, then it is attributed to such, and for reinforcing the type recognition training, is otherwise recorded as it newly
Type;New type is the virtual that clustering algorithm obtains;If this feature mismatches a certain known type, marked
Note, and when the sample in certain region is enough, it is new device type by the equipment annotation in the region;Internet of Things safety clothes
Business center returns to local gateway after judging, by court verdict and KNN training result;It accumulates at any time, model learning
More characteristic types, the identifiable number of devices of Internet of Things security service are consequently increased, and are identified also more accurate.
For the principle of the device type detection method of internet of things are as follows: Internet of Things rogue program is when infecting normal device
The normal work that will affect equipment generates abnormal communication flows, as it is assumed that system initial operating stage, internet of things equipment not by
Infection, security gateway can recorde the normal traffic characteristic of collecting device and be learnt at this time;At work, security gateway records
The communication feature of internet of things equipment simultaneously extracts characteristic information, carries out discriminating whether to occur abnormal.
Normal data packet flow < pkt that security gateway obtains initial stage1,pkt2,…,pktn>be converted into symbol sebolic addressing<
s1,s2,…,sn>, by extracting feature, pktiIt is mapped as si;
To solve the problems, such as that the communication flows that single lan generates is few, it is representative not have, used in local security gateway
Above < s1,s2,…,snAfter > glossary of symbols data training study GRU network, training result is uploaded in Internet of Things security service
The heart, the training result that Internet of Things security service uploads each security gateway summarize, and are issued to each local network relationship
System is to reinforce local security gateway recognition capability;GRU study establishes normal discharge by the symbol sebolic addressing that proper network flow generates
Series model;In real-time detection, series model can test the abnormality degree of present flow rate, if present flow rate is multiple
The abnormality degree of continuous sequence is more than threshold value, will be judged as abnormal flow and sound an alarm.
Therefore, it for the device type detection method of internet of things, comprises the following steps:
One, normal data collection phase: system deployment initial stage, security gateway monitor internet of things equipment normal communication;Safety
Normal data packet flow < pkt that gateway obtains initial stage1,pkt2,…,pktn>it is converted into symbol sebolic addressing<s1,s2,…,sn>, lead to
Cross extraction feature, pktiIt is mapped as si, security gateway marks according to device type, extracts feature, different device types respectively
By the different GRU training identification model of correspondence;Security gateway general < pkt1,pkt2,…,pktn> feature is extracted, it is converted into symbol sequence
Column < s1,s2,…,sn>, for the GRU model learning training for respective type;
The feature of extraction includes direction of the traffic, the source port of communication and destination port, the length of communication data, flow transmission
The generation interval of the value of flag, the protocol type specifically used, data packet in layer Transmission Control Protocol HEAD;
Two, normal data training:
Local security gateway utilizes the feature < s extracted1,s2,…,sn>, training local GRU neural network will then train
As a result Internet of Things security service center is uploaded to, service centre summarizes training result and system from multiple LAN safety gateways
One integration, forms the GRU neural network for integrating all data, then integrated results are issued to each local gateway, as into one
The discrimination model of step;
Three, real-time abnormality detection:
If the internet of things equipment in Internet of Things is infected by rogue program, security gateway starts to identify exceptional communication;Safety net
Monitoring internet of things equipment is closed to communicate and extract feature < s1,s2,…,sn>, using symbol sebolic addressing as input, with Internet of Things safety clothes
The GRU neural network of business central integration is identified, the probability of occurrence of the exportable respective symbol of GRU neural network;It retouches for convenience
It states, is defined as follows:
Define 1: when by flow pktiThe symbol s of mappingiProbability of occurrence piMeet piWhen < δ, claim flow pktiIt is suspicious flow
Amount, wherein δ is the threshold value of setting;
Define 2: for flow sequence < pkt1,pkt2,…,pktω>, ω is length of window;When the number of wherein suspicious traffic
When mesh is more than threshold value ω * γ, claim flow sequence < pkt1,pkt2,…,pktω>it is suspicious, i.e. flow sequence<pkt1,
pkt2,…,pktω> be it is suspicious, and if only if
By the training of first step normal discharge, the output probability of GRU network normal stream amount is higher, and abnormal flow exists
Without training in the first step, the probability that GRU is provided is small;By setting suitable threshold value, security gateway can identify exception
Flow;After identification, if normal discharge, then local gateway strengthens the training of GRU network using it;In order to reduce rate of false alarm, pacify
Full gateway defines abnormal flow sequence, only just sounds an alarm when there is multiple flows to occur abnormal in window;Due to Internet of Things
The heterogeneity of net equipment, the communication feature of Different LANs has larger difference, therefore recognition result is uploaded to Internet of Things by security gateway
Net security service center, security centre's integral data form new whole identification model again, are issued to each local gateway, mention
High recognition capability.
Described in present embodiment for Internet of Things device type identification and network inbreak detection method, have with
Lower advantage:
1, the signal intelligence that all internet of things equipment in network are monitored provided with gateway keeps all internet of things equipment direct
Or it is connected to gateway indirectly, to can detect the local communication between their all communications and internet of things equipment to internet, lead to
It crosses the stronger gateway of performance and carries out local data processing, Internet of Things is avoided to set change resource scarcity;
2, according to the feature of internet of things equipment heterogeneity, every class equipment is modeled, guarantees each abnormality detection model
The input of receiving is substantially limited and close, so that system is more sensitive to the detection of anomalous variation, recognition capability is stronger, reduces
False alarm rate;
3, system with the communication data of equipment required for automatic identification and can extract feature, then with unsupervised machine
Learning method is by equipment tagsort, and except special circumstances do not need manpower, and system does not need primary data, and transplantability is strong,
Adapt to the number of devices and type of rapid growth;
4, using central Internet of Things service, the information that multiple gateways provide is integrated, and selects and needs less trained number
According to neural network algorithm GRU, it is few to solve the problems, such as that internet of things equipment communicates.
The above is merely illustrative of the technical solution of the present invention, rather than limits those of ordinary skill in the art to this hair
The other modifications or equivalent replacement that bright technical solution is made, as long as it does not depart from the spirit and scope of the technical scheme of the present invention,
It is intended to be within the scope of the claims of the invention.
Claims (4)
1. for the device type identification of Internet of Things and network inbreak detection method, it is characterised in that it is identified comprising device type
Matching system and abnormality detection system;Device type, which identifies, is equipped with device-fingerprint identification module in matching system;Abnormality detection system
Abnormality detection module is equipped in system;In local area network, all internet of things equipment and PC, smart mobile phone application directly or
It is connected indirectly to security gateway access internet, the device-fingerprint identification module monitoring internet of things equipment in security gateway is all
Communication behavior and the mathematical feature for extracting communication behavior, then feature is sent in abnormality detection module and central Internet of Things service
The normal communication behavioural characteristic data set of the heart;Abnormality detection module in security gateway is based on positive normal open in the data training stage
Believe behavioural characteristic data set generation abnormality detection mathematical model, and it is standby that abnormality detection mathematical model is uploaded to security service center
Part;In the real-time detection stage, abnormality detection module uses mathematical feature of the abnormality detection mathematical model based on present communications behavior
Whether present communications behavior is determined extremely, and to abnormal behaviour trigger alerts in real time.
2. according to claim 1 exist for the device type identification of Internet of Things and network inbreak detection method, feature
It is comprised the following steps in the device type detection method for internet of things:
One, it extracts the communication cycle of internet of things equipment flow: according to the periodic characteristics of internet of things equipment network traffic, dividing
Its communication feature is analysed, the period is found out, provides preprocessed data further to extract feature;Security gateway passes through unpacked data link
The different equipment of the mac Address Recognition that layer provides, the equipment different to the address mac are handled respectively;Security gateway is according to facility network
Network flow extracts its period using Fourier transformation and seeks two kinds of mathematical methods of auto-correlation function;
The method for extracting the communication cycle of internet of things equipment flow comprises the following steps:
A, signal intelligence of the audiomonitor in (0~d) s, since network traffic statistics format is not quite similar, for unified lattice
Formula, carries out sliding-model control to flow information in seconds first, and specific practice is to be within i-th of period according to equipment
It is no to have output y in communication definitions moment sectioniWhether being 1, (such as taking 1s is unit, yiWhether indicate the interior equipment of is to (i+1) s
There is communication behavior);Following formula is 1s definition with the period;
B, according to formula a pair of yiDo discrete fourier variation:
Formula one:Wherein
If YmaxFor the maximum value in frequency domain, records value in frequency domain and be greater than 0.8*YmaxAll frequency values, be denoted as ki, as time
Selected frequency, according toObtain the pre-selection period;Firstly, ignoring too short and mistake to improve calculating speed, enhancing recognition capability
The long period;Secondly, to determine pre-selection period YiCan the periodicity that communication be measured calculate y (n) in each time according to formula two
Select the auto-correlation function value at the period:
Formula two:
If Ryy(Ti) in section [0.9*Ti, 1.1*Ti] in can be in liPlace gets maximum value, then determine cycle memory in the period,
And by TiIt is updated to li;
C, r is definediWith rni: security gateway measures cycle T by formula three and formula fouriAccuracy:
Formula three:
Formula four:
Wherein riThe expression period is TiThe frequency that occurs in (0~d) s of signal, stable periodic communication should meet ri=1;rni
Calculate TiAnd the period adjacent with it frequency of occurrences in 0~ds, stable periodic communication should meet ri≈rni≈1;
It is thus possible to convert { (T for (0~d) the s communication information acquired1, r1, rn1), (T2, r2, rn2) ..., (Tn, rn,
rnn)}。
Two, extracting cycle feature: the statistics of the utilization rate in order to further increase data, the period that the measuring and calculating first step obtains is special
Property, one section of period is divided into several segments, the { (T that recycling basis is converted by flow by security gateway1, r1, rn1), (T2,
r2, rn2) ..., (Tn, rn, rnn) data, the feature of extraction is divided into four classes, is respectively as follows: (1) period essential information;(2) period
Infer accuracy, due to that will be divided into multiple segments the period, security gateway calculates mean value, the variance, mark obtained from each segment
Whether the statistical informations such as quasi- difference are sufficiently stable, accurate come the period for measuring calculating;(3) cycle duration, by the period of calculating
It is divided into corresponding interval range, the difference of different internet of things equipment is calculated convenient for Clustering Model later, facilitate classification, improve
Distinguish accuracy;(4) infer the statistical stability in period, security gateway calculates each section of ri, rni, use ri、rniLocating
Interval range is measured;
Three, the tagsort of extraction is summarized, obtains specific classification: after periodicity extraction feature, using KNN algorithm by acquisition
The feature of distinct device is classified;The specific method is as follows:
After security gateway detection device flow, extracts its feature and be transmitted to Internet of Things security service aggregation process;Internet of Things peace
The gap between the feature for the different internet of things equipment that multiple security gateways provide is measured in full service by Euclidean distance, is utilized
KNN algorithm is by device class;When receiving the feature of distribution security gateway offer, Internet of Things security service calculates it and has
The Euclidean distance of feature measures gap, if this feature matching in the feature Euclidean distance immediate k equipment of the equipment
It, then be attributed to such by most of belonging types, and for reinforcing the type recognition training, is otherwise recorded as it new
Type;New type is the virtual that clustering algorithm obtains;If this feature mismatches a certain known type, marked,
And when the sample in certain region is enough, it is new device type by the equipment annotation in the region;Internet of Things security service
Center returns to local gateway after judging, by court verdict and KNN training result;It accumulates at any time, model learning is more
More characteristic types, the identifiable number of devices of Internet of Things security service are consequently increased, and are identified also more accurate.
3. according to claim 2 exist for the device type identification of Internet of Things and network inbreak detection method, feature
Whether the period essential information in step 2 includes the number of cycles detected, is monocycle, communication protocol used, source port
The frequency whether to change with variation.
4. according to claim 1 exist for the device type identification of Internet of Things and network inbreak detection method, feature
It is comprised the following steps in the device type detection method for internet of things:
One, normal data collection phase: system deployment initial stage, security gateway monitor internet of things equipment normal communication;Security gateway
Normal data packet flow < pkt that initial stage is obtained1, pkt2..., pktn>it is converted into symbol sebolic addressing<s1, s2..., sn>, pass through
Extract feature, pktiIt is mapped as si, security gateway marks according to device type, extracts feature respectively, and different device types will
Corresponding different GRU training identification model;Security gateway general < pkt1, pkt2..., pktn> feature is extracted, it is converted into symbol sequence
Column < s1, s2..., sn>, for the GRU model learning training for respective type;
The feature of extraction includes direction of the traffic, the source port of communication and destination port, the length of communication data, flow transport layer
The generation interval of the value of flag, the protocol type specifically used, data packet in Transmission Control Protocol HEAD;
Two, normal data training:
Local security gateway utilizes the feature < s extracted1, s2..., sn>, training local GRU neural network then ties training
Fruit uploads to Internet of Things security service center, and service centre summarizes the training result from multiple LAN safety gateways and uniformly
Integration forms the GRU neural network for integrating all data, then integrated results is issued to each local gateway, as further
Discrimination model;
Three, real-time abnormality detection:
If the internet of things equipment in Internet of Things is infected by rogue program, security gateway starts to identify exceptional communication;Security gateway prison
It listens internet of things equipment to communicate and extracts feature < s1, s2..., sn>, using symbol sebolic addressing as input, in Internet of Things security service
The GRU neural network of heart integration is identified, the probability of occurrence of the exportable respective symbol of GRU neural network;For convenience of description, do
Such as give a definition:
Define 1: when by flow pktiThe symbol s of mappingiProbability of occurrence piMeet piWhen < δ, claim flow pktiIt is suspicious traffic,
Wherein δ is the threshold value of setting;
Define 2: for flow sequence < pkt1, pkt2..., pktω>, ω is length of window;When the number of wherein suspicious traffic is super
When crossing threshold value ω * γ, claim flow sequence < pkt1, pkt2..., pktω>it is suspicious, i.e. flow sequence<pkt1, pkt2...,
pktω> be it is suspicious, and if only if
By the training of first step normal discharge, the output probability of GRU network normal stream amount is higher, and abnormal flow is first
Without training in step, the probability that GRU is provided is small;By setting suitable threshold value, security gateway can identify abnormal flow;
After identification, if normal discharge, then local gateway strengthens the training of GRU network using it;In order to reduce rate of false alarm, security gateway
Abnormal flow sequence is defined, is only just sounded an alarm when there are multiple flows to occur abnormal in window;Due to internet of things equipment
Heterogeneity, the communication feature of Different LANs has a larger difference, therefore recognition result is uploaded to Internet of Things safety by security gateway
Service centre, security centre's integral data form new whole identification model again, are issued to each local gateway, improve identification
Ability.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910089779.1A CN109818793A (en) | 2019-01-30 | 2019-01-30 | For the device type identification of Internet of Things and network inbreak detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910089779.1A CN109818793A (en) | 2019-01-30 | 2019-01-30 | For the device type identification of Internet of Things and network inbreak detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109818793A true CN109818793A (en) | 2019-05-28 |
Family
ID=66605900
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910089779.1A Pending CN109818793A (en) | 2019-01-30 | 2019-01-30 | For the device type identification of Internet of Things and network inbreak detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109818793A (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290022A (en) * | 2019-06-24 | 2019-09-27 | 中国人民解放军陆军工程大学 | Unknown application layer protocol identification method based on adaptive clustering |
CN110348526A (en) * | 2019-07-15 | 2019-10-18 | 武汉绿色网络信息服务有限责任公司 | A kind of device type recognition methods and device based on semi-supervised clustering algorithm |
CN110365703A (en) * | 2019-07-30 | 2019-10-22 | 国家电网有限公司 | Internet-of-things terminal abnormal state detection method, apparatus and terminal device |
CN110381088A (en) * | 2019-08-21 | 2019-10-25 | 牡丹江师范学院 | A kind of data safety support method based on Internet of Things |
CN110602041A (en) * | 2019-08-05 | 2019-12-20 | 中国人民解放军战略支援部队信息工程大学 | White list-based Internet of things equipment identification method and device and network architecture |
CN110874646A (en) * | 2020-01-16 | 2020-03-10 | 支付宝(杭州)信息技术有限公司 | Exception handling method and device for federated learning and electronic equipment |
CN111526087A (en) * | 2020-04-10 | 2020-08-11 | 浙江远东工业开发有限公司 | Automatic access method for various gateways based on platform of Internet of things |
CN111711946A (en) * | 2020-06-28 | 2020-09-25 | 北京司马科技有限公司 | IoT (Internet of things) equipment identification method and identification system under encrypted wireless network |
CN112153044A (en) * | 2020-09-23 | 2020-12-29 | 腾讯科技(深圳)有限公司 | Flow data detection method and related equipment |
CN112311611A (en) * | 2019-07-29 | 2021-02-02 | 中国移动通信集团广东有限公司 | Data anomaly monitoring method and device and electronic equipment |
CN112333706A (en) * | 2019-07-16 | 2021-02-05 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN112423296A (en) * | 2020-11-19 | 2021-02-26 | 成都渊数科技有限责任公司 | Method and system for identifying iot equipment behavior safety |
CN112564974A (en) * | 2020-12-08 | 2021-03-26 | 武汉大学 | Deep learning-based fingerprint identification method for Internet of things equipment |
CN112583808A (en) * | 2020-12-08 | 2021-03-30 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN112600792A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Abnormal behavior detection method and system for Internet of things equipment |
CN112653677A (en) * | 2020-12-13 | 2021-04-13 | 北京哈工信息产业股份有限公司 | Network isolation method based on Internet of things terminal classification management system |
CN112769623A (en) * | 2021-01-19 | 2021-05-07 | 河北大学 | Internet of things equipment identification method under edge environment |
CN112769790A (en) * | 2020-12-30 | 2021-05-07 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
CN112822208A (en) * | 2021-02-01 | 2021-05-18 | 北京邮电大学 | Internet of things equipment identification method and system based on block chain |
CN112953961A (en) * | 2021-03-14 | 2021-06-11 | 国网浙江省电力有限公司电力科学研究院 | Equipment type identification method in power distribution room Internet of things |
CN113037687A (en) * | 2019-12-24 | 2021-06-25 | 中移物联网有限公司 | Flow identification method and electronic equipment |
CN113452656A (en) * | 2020-03-26 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Method and device for identifying abnormal behaviors |
CN113516228A (en) * | 2021-07-08 | 2021-10-19 | 哈尔滨理工大学 | Network anomaly detection method based on deep neural network |
CN113705714A (en) * | 2021-09-03 | 2021-11-26 | 上海观安信息技术股份有限公司 | Power distribution Internet of things equipment abnormal behavior detection method and device based on behavior sequence |
CN113765891A (en) * | 2021-08-13 | 2021-12-07 | 深圳番多拉信息科技有限公司 | Equipment fingerprint identification method and device |
CN113992419A (en) * | 2021-10-29 | 2022-01-28 | 上海交通大学 | User abnormal behavior detection and processing system and method thereof |
WO2022083345A1 (en) * | 2020-10-20 | 2022-04-28 | 华为技术有限公司 | Method for detecting video monitoring device, and electronic device |
WO2022083641A1 (en) * | 2020-10-23 | 2022-04-28 | 华为技术有限公司 | Device identification method, apparatus and system |
CN114731290A (en) * | 2019-11-26 | 2022-07-08 | 国际商业机器公司 | Anomaly detection method for privacy protection in internet of things |
US11436611B2 (en) * | 2019-12-12 | 2022-09-06 | At&T Intellectual Property I, L.P. | Property archivist enabled customer service |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135093A (en) * | 2017-03-17 | 2017-09-05 | 西安电子科技大学 | A kind of Internet of Things intrusion detection method and detecting system based on finite automata |
CN107833416A (en) * | 2017-10-27 | 2018-03-23 | 芜湖乐锐思信息咨询有限公司 | A kind of smart home remote antitheft alarm system based on Internet of Things |
CN109067753A (en) * | 2018-08-15 | 2018-12-21 | 中用科技有限公司 | A method of for managing internet of things equipment |
-
2019
- 2019-01-30 CN CN201910089779.1A patent/CN109818793A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135093A (en) * | 2017-03-17 | 2017-09-05 | 西安电子科技大学 | A kind of Internet of Things intrusion detection method and detecting system based on finite automata |
CN107833416A (en) * | 2017-10-27 | 2018-03-23 | 芜湖乐锐思信息咨询有限公司 | A kind of smart home remote antitheft alarm system based on Internet of Things |
CN109067753A (en) * | 2018-08-15 | 2018-12-21 | 中用科技有限公司 | A method of for managing internet of things equipment |
Non-Patent Citations (1)
Title |
---|
THIEN DUC NGUYEN: "IoT: A Self-learning System for Detecting Compromised IoT Devices", 《ARXIV》 * |
Cited By (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110290022B (en) * | 2019-06-24 | 2021-02-26 | 中国人民解放军陆军工程大学 | Unknown application layer protocol identification method based on adaptive clustering |
CN110290022A (en) * | 2019-06-24 | 2019-09-27 | 中国人民解放军陆军工程大学 | Unknown application layer protocol identification method based on adaptive clustering |
CN110348526A (en) * | 2019-07-15 | 2019-10-18 | 武汉绿色网络信息服务有限责任公司 | A kind of device type recognition methods and device based on semi-supervised clustering algorithm |
CN112333706B (en) * | 2019-07-16 | 2022-08-23 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN112333706A (en) * | 2019-07-16 | 2021-02-05 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN112311611B (en) * | 2019-07-29 | 2022-04-12 | 中国移动通信集团广东有限公司 | Data anomaly monitoring method and device and electronic equipment |
CN112311611A (en) * | 2019-07-29 | 2021-02-02 | 中国移动通信集团广东有限公司 | Data anomaly monitoring method and device and electronic equipment |
CN110365703A (en) * | 2019-07-30 | 2019-10-22 | 国家电网有限公司 | Internet-of-things terminal abnormal state detection method, apparatus and terminal device |
CN110602041A (en) * | 2019-08-05 | 2019-12-20 | 中国人民解放军战略支援部队信息工程大学 | White list-based Internet of things equipment identification method and device and network architecture |
CN110381088A (en) * | 2019-08-21 | 2019-10-25 | 牡丹江师范学院 | A kind of data safety support method based on Internet of Things |
CN110381088B (en) * | 2019-08-21 | 2021-11-12 | 牡丹江师范学院 | Data security guarantee method based on Internet of things |
CN114731290A (en) * | 2019-11-26 | 2022-07-08 | 国际商业机器公司 | Anomaly detection method for privacy protection in internet of things |
CN114731290B (en) * | 2019-11-26 | 2023-01-06 | 国际商业机器公司 | Method, system, and computer-readable storage medium for anomaly detection for privacy protection in the internet of things |
US11436611B2 (en) * | 2019-12-12 | 2022-09-06 | At&T Intellectual Property I, L.P. | Property archivist enabled customer service |
CN113037687A (en) * | 2019-12-24 | 2021-06-25 | 中移物联网有限公司 | Flow identification method and electronic equipment |
CN110874646A (en) * | 2020-01-16 | 2020-03-10 | 支付宝(杭州)信息技术有限公司 | Exception handling method and device for federated learning and electronic equipment |
CN113452656B (en) * | 2020-03-26 | 2022-10-11 | 百度在线网络技术(北京)有限公司 | Method, apparatus, electronic device and computer readable medium for identifying abnormal behavior |
CN113452656A (en) * | 2020-03-26 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Method and device for identifying abnormal behaviors |
CN111526087A (en) * | 2020-04-10 | 2020-08-11 | 浙江远东工业开发有限公司 | Automatic access method for various gateways based on platform of Internet of things |
CN111526087B (en) * | 2020-04-10 | 2021-12-24 | 浙江远东工业开发有限公司 | Automatic access method for various gateways based on platform of Internet of things |
CN111711946A (en) * | 2020-06-28 | 2020-09-25 | 北京司马科技有限公司 | IoT (Internet of things) equipment identification method and identification system under encrypted wireless network |
CN112153044A (en) * | 2020-09-23 | 2020-12-29 | 腾讯科技(深圳)有限公司 | Flow data detection method and related equipment |
CN112153044B (en) * | 2020-09-23 | 2021-11-12 | 腾讯科技(深圳)有限公司 | Flow data detection method and related equipment |
WO2022083345A1 (en) * | 2020-10-20 | 2022-04-28 | 华为技术有限公司 | Method for detecting video monitoring device, and electronic device |
WO2022083641A1 (en) * | 2020-10-23 | 2022-04-28 | 华为技术有限公司 | Device identification method, apparatus and system |
CN112423296A (en) * | 2020-11-19 | 2021-02-26 | 成都渊数科技有限责任公司 | Method and system for identifying iot equipment behavior safety |
CN112600792A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Abnormal behavior detection method and system for Internet of things equipment |
CN112583808A (en) * | 2020-12-08 | 2021-03-30 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN112564974B (en) * | 2020-12-08 | 2022-06-14 | 武汉大学 | Deep learning-based fingerprint identification method for Internet of things equipment |
CN112564974A (en) * | 2020-12-08 | 2021-03-26 | 武汉大学 | Deep learning-based fingerprint identification method for Internet of things equipment |
CN112583808B (en) * | 2020-12-08 | 2022-01-07 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN112653677A (en) * | 2020-12-13 | 2021-04-13 | 北京哈工信息产业股份有限公司 | Network isolation method based on Internet of things terminal classification management system |
CN112653677B (en) * | 2020-12-13 | 2021-12-07 | 北京哈工信息产业股份有限公司 | Network isolation method based on Internet of things terminal classification management system |
CN112769790A (en) * | 2020-12-30 | 2021-05-07 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
CN112769790B (en) * | 2020-12-30 | 2022-06-28 | 杭州迪普科技股份有限公司 | Traffic processing method, device, equipment and storage medium |
CN112769623A (en) * | 2021-01-19 | 2021-05-07 | 河北大学 | Internet of things equipment identification method under edge environment |
CN112822208A (en) * | 2021-02-01 | 2021-05-18 | 北京邮电大学 | Internet of things equipment identification method and system based on block chain |
CN112953961A (en) * | 2021-03-14 | 2021-06-11 | 国网浙江省电力有限公司电力科学研究院 | Equipment type identification method in power distribution room Internet of things |
CN113516228A (en) * | 2021-07-08 | 2021-10-19 | 哈尔滨理工大学 | Network anomaly detection method based on deep neural network |
CN113765891A (en) * | 2021-08-13 | 2021-12-07 | 深圳番多拉信息科技有限公司 | Equipment fingerprint identification method and device |
CN113765891B (en) * | 2021-08-13 | 2024-04-09 | 深圳番多拉信息科技有限公司 | Equipment fingerprint identification method and device |
CN113705714A (en) * | 2021-09-03 | 2021-11-26 | 上海观安信息技术股份有限公司 | Power distribution Internet of things equipment abnormal behavior detection method and device based on behavior sequence |
CN113992419A (en) * | 2021-10-29 | 2022-01-28 | 上海交通大学 | User abnormal behavior detection and processing system and method thereof |
CN113992419B (en) * | 2021-10-29 | 2023-09-01 | 上海交通大学 | System and method for detecting and processing abnormal behaviors of user |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109818793A (en) | For the device type identification of Internet of Things and network inbreak detection method | |
He et al. | Software-defined-networking-enabled traffic anomaly detection and mitigation | |
CN105577679B (en) | A kind of anomalous traffic detection method based on feature selecting and density peaks cluster | |
CN112381121A (en) | Unknown class network flow detection and identification method based on twin network | |
CN103581186B (en) | A kind of network security situational awareness method and system | |
CN106817248B (en) | APT attack detection method | |
CN106899435B (en) | A kind of complex attack recognition methods towards wireless invasive detection system | |
CN113645232B (en) | Intelligent flow monitoring method, system and storage medium for industrial Internet | |
CN108322445A (en) | A kind of network inbreak detection method based on transfer learning and integrated study | |
CN106878307B (en) | A kind of unknown communication protocol recognition method based on bit error rate model | |
CN108632269A (en) | Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms | |
US11706236B2 (en) | Autonomous application of security measures to IoT devices | |
CN111191720B (en) | Service scene identification method and device and electronic equipment | |
CN110162968A (en) | A kind of Network Intrusion Detection System based on machine learning | |
CN110225001A (en) | A kind of dynamic self refresh net flow assorted method based on topic model | |
CN109450957A (en) | A kind of low speed Denial of Service attack detection method based on cloud model | |
Niandong et al. | Detection of probe flow anomalies using information entropy and random forest method | |
CN115277113A (en) | Power grid network intrusion event detection and identification method based on ensemble learning | |
Portela et al. | Evaluation of the performance of supervised and unsupervised Machine learning techniques for intrusion detection | |
CN116150688A (en) | Lightweight Internet of things equipment identification method and device in smart home | |
CN109660656A (en) | A kind of intelligent terminal method for identifying application program | |
Fan et al. | AutoIoT: Automatically updated IoT device identification with semi-supervised learning | |
Hammerschmidt et al. | Behavioral clustering of non-stationary IP flow record data | |
CN117729047A (en) | Intelligent learning engine method and system for industrial control network flow audit | |
CN113268735A (en) | Distributed denial of service attack detection method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190528 |