CN110020190B - Multi-instance learning-based suspicious threat index verification method and system - Google Patents
Multi-instance learning-based suspicious threat index verification method and system Download PDFInfo
- Publication number
- CN110020190B CN110020190B CN201810727300.8A CN201810727300A CN110020190B CN 110020190 B CN110020190 B CN 110020190B CN 201810727300 A CN201810727300 A CN 201810727300A CN 110020190 B CN110020190 B CN 110020190B
- Authority
- CN
- China
- Prior art keywords
- suspicious
- suspicious threat
- threat index
- verification
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/284—Lexical analysis, e.g. tokenisation or collocates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/289—Phrasal analysis, e.g. finite state techniques or chunking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Abstract
The invention discloses a suspicious threat index verification method and system based on multi-instance learning. The method comprises the following steps: processing the text content of the information related to each suspicious threat index to generate a word sequence containing the original semantic information; for each suspicious threat index, selecting a plurality of processed word sequences corresponding to the suspicious threat index, and applying a multi-example learning algorithm to train the selected word sequences corresponding to the suspicious indexes and generate a multi-example learning verification model; processing an information text of a suspicious threat index to be detected by adopting a natural language processing technology to generate a word sequence corresponding to the suspicious threat index to be detected; and then, performing predictive verification on the word sequence corresponding to the suspicious threat index to be predicted by using the multi-example learning verification model, and determining whether the suspicious threat index to be predicted is a malicious threat index. The invention can efficiently and accurately complete the verification of the suspicious threat index.
Description
Technical Field
The invention relates to the field of network space security, in particular to a suspicious threat index verification method and system based on multi-instance learning.
Background
The suspicious threat index verification is to judge the maliciousness of the suspicious indexes appearing in the network or the log, namely to determine whether the suspicious indexes are real malicious threat indexes. And the suspicious threat index is verified, so that the network threat can be identified in time, and the network security is ensured.
Specific suspicious threat indicators can be verified according to the related intelligence information. Currently, there are three main types of authentication methods: one is a manual verification method based on a security expert, namely, the security expert is used for analyzing collected related information and manually determining the threat of suspicious indexes; one is a verification method based on rule matching, namely simply matching existing information by using a regular expression or a self-defined rule, and judging suspicious indexes according to matching results; one is based on the verification method of the particular context vocabulary, namely through checking whether the context of the suspicious threat index in the information contains the particular context vocabulary to study and judge whether the suspicious index is the real malicious threat index.
The manual verification method based on the safety experts usually depends on the experience accumulated by the safety experts, the existing information is manually analyzed and collated, and the labor cost is high.
The regular expression matching suspicious index is directly applied to the regular expression matching based verification method, and semantic information in the information is ignored, so that the false alarm rate of the verification is high.
According to the verification method based on the specific context vocabulary, the candidate context vocabulary needs to be collected in advance, and then the context vocabulary in the information is extracted for matching.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a suspicious threat index verification method and a suspicious threat index verification system based on multi-instance learning.
The technical scheme of the invention is as follows:
a suspicious threat index verification method based on multi-example learning comprises the following steps:
processing the information text content related to each suspicious threat index by adopting a natural language processing technology to generate a word sequence containing original semantic information, and replacing the suspicious threat index in each information text with a uniform set phrase; each suspicious threat index is a same type of suspicious threat index, and each suspicious threat index corresponds to a plurality of information texts;
for each suspicious threat index, selecting a plurality of processed word sequences corresponding to the suspicious threat index, and applying a multi-example learning algorithm to train the selected word sequences corresponding to the suspicious indexes and generate a multi-example learning verification model;
processing an information text of the suspicious threat index to be detected by adopting a natural language processing technology to generate a word sequence corresponding to the suspicious threat index to be detected; and then, performing predictive verification on the word sequence corresponding to the suspicious threat index to be predicted by using the multi-example learning verification model, and determining whether the suspicious threat index to be predicted is a malicious threat index.
Further, the method for generating the multi-example learning verification model comprises the following steps: taking each word sequence corresponding to each suspicious threat indicator as a packet, taking each word sequence as an example, and generating a training set corresponding to the suspicious threat indicator; and training each training set by using a multi-example learning algorithm to generate the multi-example learning verification model.
Further, the multi-instance learning algorithm is a multi-instance neural network model.
Further, the multi-example neural network model comprises an Embedding layer, a sub-neural network layer and a multi-example learning pooling layer; the multi-example neural network model firstly utilizes an Embedding layer to convert each input word sequence into a word vector and inputs the word vector into the sub-neural network layer, and the sub-neural network layer excavates and analyzes semantic features of the suspicious threat indicators; and finally, the multi-example learning pooling layer performs classification verification on the suspicious threat indicators according to the input semantic features.
Further, the sub-neural network layer is AlexNet or RCNN.
Furthermore, each suspicious threat index corresponds to a plurality of informative information texts.
A suspicious threat index verification system based on multi-instance learning is characterized by comprising an intelligence information preprocessing module, a multi-instance learning verification model training module and a verification model prediction module; wherein the content of the first and second substances,
the information preprocessing module is used for processing the information text content related to each suspicious threat index by adopting a natural language processing technology to generate a word sequence containing original semantic information and replacing the suspicious threat index in each information text into a uniform set phrase; each suspicious threat index is a same type of suspicious threat index, and each suspicious threat index corresponds to a plurality of information texts;
the multi-example learning verification model training module is used for applying a multi-example learning algorithm to train the word sequence corresponding to each suspicious index and generate a multi-example learning verification model; for each suspicious threat index, selecting a plurality of processed word sequences corresponding to the suspicious threat index for training;
the verification model prediction module is used for performing prediction verification on the word sequence corresponding to the suspicious threat index to be predicted by using the multi-example learning verification model and determining whether the suspicious threat index to be predicted is a malicious threat index; and processing the information text of the suspicious threat index to be detected by adopting a natural language processing technology to generate a word sequence corresponding to the suspicious threat index to be detected.
Further, the multi-example learning verification model training module trains each training set by using a multi-example learning algorithm to generate the multi-example learning verification model; and generating a training set corresponding to the suspicious threat indicators by taking each word sequence corresponding to each suspicious threat indicator as a packet and taking each word sequence as an example.
Further, the multi-instance learning algorithm is a multi-instance neural network model; the multi-example neural network model comprises an Embedding layer, a sub-neural network layer and a multi-example learning pooling layer; the multi-example neural network model firstly utilizes an Embedding layer to convert each input word sequence into a word vector and inputs the word vector into the sub-neural network layer, and the sub-neural network layer excavates and analyzes semantic features of the suspicious threat indicators; and finally, the multi-example learning pooling layer performs classification verification on the suspicious threat indicators according to the input semantic features.
Furthermore, each suspicious threat index corresponds to a plurality of informative information texts.
The invention provides a suspicious threat index verification method based on multi-instance learning, which mainly comprises the following steps as shown in figure 1: intelligence information preprocessing, multi-instance learning verification model training and verification model prediction.
And an information preprocessing step, namely processing the text content by adopting a natural language processing technology aiming at the information collected in advance and related to the suspicious threat index to generate a word sequence containing the original semantic information.
And a multi-example learning verification model training step, namely selecting a plurality of pieces of processed information word sequence information of the same index, applying a multi-example learning algorithm, training and generating an available multi-example learning verification model.
And a verification model prediction step, namely performing prediction verification on the verification model trained in the step and the information text of the suspicious threat index to be detected to determine whether the suspicious threat index to be detected is a malicious threat index.
Further, the information preprocessing specifically comprises: firstly, suspicious threat indexes in the existing information are identified and replaced into uniform specific phrases by utilizing a regular matching and replacing technology, and the influence of different index names on a verification result is avoided. And then, word segmentation technology in natural language processing is adopted to segment the text information, stop word removal and other processing are carried out, and the original semantic information of the text is kept as much as possible so as to facilitate later learning.
Further, the specific method for training the multi-example learning verification model includes: the marked indexes and related information (namely a training set) are used for training a verification model, in the training set, all processed related word sequences of each index are regarded as a 'packet', each word sequence is regarded as an 'example', a multi-example learning algorithm such as a multi-example neural network is selected, and a plurality of example information are considered together to generate the verification model with high verification accuracy. Each index has a plurality of different sample examples, the plurality of examples are subjected to word segmentation, and the processed word sequences are different.
Further, the verification model prediction specifically includes: and (3) preprocessing suspicious threat indexes to be verified and related threat intelligence (namely a test set) thereof to obtain related multi-example word sequence information, and then performing prediction verification on the maliciousness of the suspicious threat indexes by using a trained verification model.
The key points of the technology of the invention are as follows:
1) a suspicious threat index verification method based on multi-instance learning is defined, and suspicious threat indexes can be verified efficiently and accurately at low cost.
2) The method provides an information data processing mode, obtains related word sequences after processing, and reserves semantic information in the information as much as possible.
3) By utilizing a plurality of information related to the suspicious threat indicators, the potential characteristics of the suspicious threat indicators can be fully mined, and whether the suspicious threat indicators are malicious indicators or not can be more accurately judged.
4) A multi-example neural network structure is designed, verification can be automatically completed end to end, and manual investment and error interference are reduced.
Compared with the prior art, the invention has the following positive effects:
1. the method carries out serialization processing on related information, retains text semantic information and can improve the accuracy of verification of suspicious threat indexes.
2. The method comprehensively uses a plurality of pieces of related word sequence information, can strengthen the active analysis of suspicious indexes, and reduces the false alarm rate of verification.
3. The method designs an efficient multi-example neural network structure, can fully mine the potential characteristics of the word sequence, realizes automatic verification end to end and reduces the overhead cost.
4. The method can be applied to simple suspicious threat index verification and IOC index mining of network threat information, and can update the threat index after accurate verification to the existing information library.
Drawings
FIG. 1 is a flow diagram of a suspicious threat indicator verification method based on multi-instance learning.
FIG. 2 is a diagram of an example of a suspicious threat indicator verification method model based on multi-example learning.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described below with reference to the accompanying drawings so that those skilled in the art can better understand the present invention. It should be noted that in the following description, while detailed descriptions of known functions and designs may obscure the main contents of the present invention, the descriptions will be omitted herein.
Example 1 suspicious threat indicator verification method based on multi-example learning
The method and the device can be applied to automatic verification of various suspicious threat indicators. The example illustrates a specific application of the present invention by taking a suspected APT domain name as an example.
Aiming at some suspicious APT domain names and a plurality of threat intelligence information related to the suspicious APT domain names, whether the suspicious APT domain names are malicious domain names in APT attack can be automatically verified by using the method. The following steps are specific:
1) relevant intelligence information preprocessing
The preprocessing step IS explained by taking a suspicious APT DOMAIN name 'jerrytop. org' as an example, firstly, matching the suspicious APT DOMAIN name in each report in the prior 3 reports related to the suspicious APT DOMAIN name, and replacing the suspicious APT DOMAIN name with an 'IS _ APT _ DOMAIN' specific phrase so as to avoid the influence of different suspicious APT DOMAIN names on the later model training.
And then performing word segmentation on each article by using a word segmentation tool or an analysis algorithm of natural language processing. Finally, useless stop words are removed, semantic information of an original report is kept as much as possible, and a corresponding word sequence is obtained through sorting for later training and verification.
2) Validation model training for multi-instance learning
The domain name indexes marked by the existing categories, namely the known APT domain name and non-APT domain name, and the processed intelligence word sequences related to the known APT domain name and the non-APT domain name are selected as the input of the verification model and input into the designed multi-example neural network model, as shown in fig. 2.
A plurality of word sequences of a single index are integrally input into a model as a package, and the model firstly utilizes an Embedding layer to complete word vector conversion of each word sequence. Then the converted word vector is accessed into a subsequent sub-neural network layer, and the sub-neural network has a flexible structure, namely advanced established neural networks such as AlexNet and RCNN can be directly utilized; self-constructed neural networks, such as combinations of convolutional layers and fully-connected layers, can also be used, and the sub-neural networks are invisible feature extraction and learning, and automatically mine and analyze the semantic features of the domain name indexes. And finally, the multi-example learning pooling layer performs classification verification on the suspicious threat indexes by utilizing and learning the semantic features learned by the neural network.
Through the operation, the multi-example learning verification model with good classification effect can be obtained after training by using the training set. The model takes the word sequence vector of the domain name index and the information thereof as input and outputs the verification result of the domain name index.
3) Verification model prediction
With the pre-training model, the suspicious domain name indicators can be automatically verified. Aiming at the suspicious domain name and the information related to the suspicious domain name, firstly carrying out the step 1) operation on the suspicious domain name to obtain a corresponding information word sequence. Then inputting the data into the model trained in the step 2), and the model can automatically complete classification verification and output the final verification result.
In a specific experiment, a neural network layer structure in the model and a pooling method of a multi-example learning pooling layer are modified, so that various classification verification models can be obtained, and the verification accuracy of the classification verification models on suspicious domain names can reach more than 92% and can reach about 98% at most. The experimental result of the example also verifies the high efficiency and the accuracy of the suspicious threat index verification method based on multi-example learning.
Although the invention has been described with respect to specific illustrative embodiments thereof, it will be understood by those skilled in the art that the invention is not limited thereto, and that various changes, substitutions, and alterations can be made without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. A suspicious threat index verification method based on multi-example learning comprises the following steps:
processing the information text content related to each suspicious threat index by adopting a natural language processing technology to generate a word sequence containing original semantic information, and replacing the suspicious threat index in each information text with a uniform set phrase; each suspicious threat index is a same type of suspicious threat index, and each suspicious threat index corresponds to a plurality of information texts;
for each suspicious threat index, selecting a plurality of processed word sequences corresponding to the suspicious threat index, and applying a multi-example learning algorithm to train the selected word sequences corresponding to the suspicious threat indexes and generate a multi-example learning verification model; the method for generating the multi-example learning verification model comprises the following steps: taking each word sequence corresponding to each suspicious threat indicator as a packet, taking each word sequence as an example, and generating a training set corresponding to the suspicious threat indicator;
training each training set by using a multi-example learning algorithm to generate the multi-example learning verification model;
the multi-instance learning algorithm is a multi-instance neural network model; the multi-example neural network model comprises an Embedding layer, a sub-neural network layer and a multi-example learning pooling layer; the multi-example neural network model firstly utilizes an Embedding layer to convert each input word sequence into a word vector and inputs the word vector into the sub-neural network layer, and the sub-neural network layer excavates and analyzes semantic features of the suspicious threat indicators; finally, the multi-example learning pooling layer carries out classification verification on the suspicious threat indicators according to the input semantic features;
processing an information text of the suspicious threat index to be detected by adopting a natural language processing technology to generate a word sequence corresponding to the suspicious threat index to be detected; and then, performing predictive verification on the word sequence corresponding to the suspicious threat index to be detected by using the multi-example learning verification model, and determining whether the suspicious threat index to be detected is a malicious threat index.
2. The method of claim 1, wherein the sub-neural network layer is AlexNet or RCNN.
3. The method of claim 1, wherein each of the suspicious threat indicators corresponds to a plurality of informative information texts.
4. A suspicious threat index verification system based on multi-instance learning is characterized by comprising an intelligence information preprocessing module, a multi-instance learning verification model training module and a verification model prediction module; wherein the content of the first and second substances,
the information preprocessing module is used for processing the information text content related to each suspicious threat index by adopting a natural language processing technology to generate a word sequence containing original semantic information and replacing the suspicious threat index in each information text into a uniform set phrase; each suspicious threat index is a same type of suspicious threat index, and each suspicious threat index corresponds to a plurality of information texts;
the multi-example learning verification model training module is used for applying a multi-example learning algorithm to train the word sequence corresponding to each suspicious threat index and generate a multi-example learning verification model; for each suspicious threat index, selecting a plurality of processed word sequences corresponding to the suspicious threat index for training; the multi-example learning verification model training module trains each training set by using a multi-example learning algorithm to generate the multi-example learning verification model; taking each word sequence corresponding to each suspicious threat indicator as a packet, taking each word sequence as an example, and generating a training set corresponding to the suspicious threat indicator;
the multi-instance learning algorithm is a multi-instance neural network model; the multi-example neural network model comprises an Embedding layer, a sub-neural network layer and a multi-example learning pooling layer; the multi-example neural network model firstly utilizes an Embedding layer to convert each input word sequence into a word vector and inputs the word vector into the sub-neural network layer, and the sub-neural network layer excavates and analyzes semantic features of the suspicious threat indicators; finally, the multi-example learning pooling layer carries out classification verification on the suspicious threat indicators according to the input semantic features;
the verification model prediction module is used for performing prediction verification on the word sequence corresponding to the suspicious threat index to be tested by using the multi-example learning verification model and determining whether the suspicious threat index to be tested is a malicious threat index; and processing the information text of the suspicious threat index to be detected by adopting a natural language processing technology to generate a word sequence corresponding to the suspicious threat index to be detected.
5. The system of claim 4, wherein each of the suspicious threat indicators corresponds to a plurality of informative information texts.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810727300.8A CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810727300.8A CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110020190A CN110020190A (en) | 2019-07-16 |
| CN110020190B true CN110020190B (en) | 2021-06-01 |
Family
ID=67188326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810727300.8A Active CN110020190B (en) | 2018-07-05 | 2018-07-05 | Multi-instance learning-based suspicious threat index verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110020190B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291378B (en) * | 2019-12-05 | 2022-08-02 | 中国船舶重工集团公司第七0九研究所 | Threat information judging and researching method and device |
| CN115225413B (en) * | 2022-09-20 | 2022-12-23 | 北京微步在线科技有限公司 | Method and device for extracting defect index, electronic equipment and storage medium |
| CN116723051B (en) * | 2023-08-07 | 2023-10-27 | 北京安天网络安全技术有限公司 | Domain name information generation method, device and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105205113A (en) * | 2015-09-01 | 2015-12-30 | 西安交通大学 | System and method for excavating abnormal change process of time series data |
| CN106685996A (en) * | 2017-02-23 | 2017-05-17 | 上海万雍科技股份有限公司 | Method for detecting account abnormal logging based on HMM model |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8943558B2 (en) * | 2013-03-08 | 2015-01-27 | Next Level Security Systems, Inc. | System and method for monitoring a threat |
| CN105955952A (en) * | 2016-05-03 | 2016-09-21 | 成都数联铭品科技有限公司 | Information extraction method based on bi-directional recurrent neural network |
| CN107241352B (en) * | 2017-07-17 | 2020-01-21 | 浙江鹏信信息科技股份有限公司 | Network security event classification and prediction method and system |
| CN107564526B (en) * | 2017-07-28 | 2020-10-27 | 北京搜狗科技发展有限公司 | Processing method, apparatus and machine-readable medium |
| CN107992746B (en) * | 2017-12-14 | 2021-06-25 | 华中师范大学 | Malicious behavior mining method and device |
-
2018
- 2018-07-05 CN CN201810727300.8A patent/CN110020190B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105205113A (en) * | 2015-09-01 | 2015-12-30 | 西安交通大学 | System and method for excavating abnormal change process of time series data |
| CN106685996A (en) * | 2017-02-23 | 2017-05-17 | 上海万雍科技股份有限公司 | Method for detecting account abnormal logging based on HMM model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110020190A (en) | 2019-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110134757B (en) | Event argument role extraction method based on multi-head attention mechanism | |
| CN108763931B (en) | Vulnerability detection method based on Bi-LSTM and text similarity | |
| CN110147726B (en) | Service quality inspection method and device, storage medium and electronic device | |
| CN111783394B (en) | Training method of event extraction model, event extraction method, system and equipment | |
| CN110020190B (en) | Multi-instance learning-based suspicious threat index verification method and system | |
| CN109635288A (en) | A kind of resume abstracting method based on deep neural network | |
| CN111866004B (en) | Security assessment method, apparatus, computer system, and medium | |
| CN111651996A (en) | Abstract generation method and device, electronic equipment and storage medium | |
| CN109087667B (en) | Voice fluency recognition method and device, computer equipment and readable storage medium | |
| CN115292568B (en) | Civil news event extraction method based on joint model | |
| CN112035345A (en) | Mixed depth defect prediction method based on code segment analysis | |
| CN114416479A (en) | Log sequence anomaly detection method based on out-of-stream regularization | |
| CN116402630B (en) | Financial risk prediction method and system based on characterization learning | |
| CN115017015B (en) | Method and system for detecting abnormal behavior of program in edge computing environment | |
| CN117312562A (en) | Training method, device, equipment and storage medium of content auditing model | |
| CN116107834A (en) | Log abnormality detection method, device, equipment and storage medium | |
| CN116975161A (en) | Entity relation joint extraction method, equipment and medium of power equipment partial discharge text | |
| CN116720184A (en) | Malicious code analysis method and system based on generation type AI | |
| CN114492460B (en) | Event causal relationship extraction method based on derivative prompt learning | |
| CN115328753A (en) | Fault prediction method and device, electronic equipment and storage medium | |
| CN112466324A (en) | Emotion analysis method, system, equipment and readable storage medium | |
| CN114817934A (en) | Vulnerability severity assessment method and system based on vulnerability event argument | |
| CN113849634A (en) | Method for improving interpretability of depth model recommendation scheme | |
| CN117076596B (en) | Data storage method, device and server applying artificial intelligence | |
| KR102574512B1 (en) | Apparatus for detecting metaphor and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |