CN111224933B - Method for simulating embezzlement sensitive data perception latent APT attack - Google Patents

Method for simulating embezzlement sensitive data perception latent APT attack Download PDF

Info

Publication number
CN111224933B
CN111224933B CN201911020563.6A CN201911020563A CN111224933B CN 111224933 B CN111224933 B CN 111224933B CN 201911020563 A CN201911020563 A CN 201911020563A CN 111224933 B CN111224933 B CN 111224933B
Authority
CN
China
Prior art keywords
sequence
data
latent
real
apt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911020563.6A
Other languages
Chinese (zh)
Other versions
CN111224933A (en
Inventor
陈涵
王真
王睿
赵洪华
朱卫星
付印金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Army Engineering University of PLA
Original Assignee
Army Engineering University of PLA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Army Engineering University of PLA filed Critical Army Engineering University of PLA
Priority to CN201911020563.6A priority Critical patent/CN111224933B/en
Publication of CN111224933A publication Critical patent/CN111224933A/en
Application granted granted Critical
Publication of CN111224933B publication Critical patent/CN111224933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for simulating embezzlement sensitive data perception latent APT attack, which comprises the following steps: building a data model, and generating a characteristic sequence A [ a ] by using a system log1,a2,...ai,...an]Wherein a isiIs the ith sequence; analyzing data flow fluctuation to generate flow sequence B [ B ]1,b2,...bi,...bn]Wherein b isiIs the ith sequence; matching the characteristic sequence with the flow sequence to generate a normal sequence library; releasing viruses simulating data stealing to obtain a virus characteristic diagram and monitoring a real-time sequence of a system; and calculating the relative difference degree of the real-time sequence and the normal sequence, and comparing the relative difference degree with a threshold value to judge whether the system has latent APT. The invention has the advantages that virus is released to simulate stealing sensitive data, then the real-time characteristic sequence of the system is matched with the normal characteristic sequence, the relative difference degree is calculated and compared with the threshold value, so that whether the latent APT attack aiming at stealing data possibly exists in the system is sensed, and the sensitivity and the accuracy of detecting the latent APT of the system are improved.

Description

Method for simulating embezzlement sensitive data perception latent APT attack
Technical Field
The invention relates to the technical field of computer network security, in particular to a method for simulating a theft sensitive data perception latent APT (advanced Persistent attack) attack.
Background
APT does not refer to a particular virus, but rather hackers use advanced means to conduct long-term, persistent cyber attacks on targets, usually high-value businesses, government agencies, and sensitive information. In recent years, advanced persistent threat attack events continuously appear, the remarkable characteristic is persistence, usually for years, and the specific characteristics are that various attack means are continuously sought, long-term hibernation is realized after the attack means slowly permeate into an internal network, authority is continuously promoted in the network, various information is continuously collected until important information is obtained.
Because APT is hidden and can be hidden in a computer system for years without being perceived, the traditional intrusion detection method, such as firewall, IDS product, etc., can hardly detect the latent APT. The final target of the APT attack is valuable data, the network and the system are not damaged, the current model and algorithm for sensing and detecting the APT attack generally have the defect of low sensitivity, meanwhile, the data cannot be matched according to the environmental characteristics, and the difficulty in extracting the characteristic value is high.
Disclosure of Invention
In order to improve the sensing accuracy and sensitivity of the existing APT detection method, the invention provides a method for simulating the perception of latent APT attack by stealing sensitive data, which judges the APT attack by simulating the reaction of a system after stealing the sensitive data of the system.
The technical scheme for realizing the purpose of the invention is as follows: a method of simulating a theft sensitive data aware latent APT attack, comprising the steps of:
1) establishing a data environment consisting of second-order arrays generated by random arrays, and performing labeling compilation sequence A [ a ] on data sources in the data environment1,a2,...ai,...an]Wherein a isiIs the ith sequence, and utilizes the system log to restore, extract and screen the tagged sequence A [ a ]1,a2,...ai,...an]Carrying out data annotation based on an attribute value extraction method of a neural network to generate a characteristic sequence A and form a data model; wherein;
2) setting a plurality of data source sending targets, establishing data channels with the data sources in the data environment, compiling a code for each channel, and serializing all code records to form a data set Bb1,b2,...bi,...bn]Wherein b isiFor the ith sequence, analyzing data flow fluctuation by a flow analyzer and a KTAM to generate a flow sequence B;
3) performing combined calculation on the sequence A and the sequence B, matching, finding out the same characteristic values of the sequence A and the sequence B by using a TF-IDF algorithm, generating respective characteristic vectors of the sequence A and the sequence B, calculating cosine similarity of the two characteristic vectors, indicating that the larger the value is, the more similar the value is, sequencing according to the size of cosine values to obtain an AB combined characteristic library, and taking the AB combined characteristic library as a normal sequence library of a system;
4) each vector data is provided with a timestamp, the release time of the stolen data virus is taken as the timestamp as a variable to be added into the calculation, a specific time vector is formed by the timestamps by using a sampling rate of 100Hz to obtain a virus characteristic time sequence group diagram, and meanwhile, the real-time sequence of the system is monitored;
5) and calculating the difference between the real-time sequence after the virus is released and the normal sequence before the virus is released, and judging whether the latent APT possibly exists in the system according to the difference.
Compared with the prior art, the invention has the remarkable advantages that: by releasing virus to simulate stealing sensitive data, matching the real-time characteristic sequence of the system with the normal characteristic sequence, calculating the relative difference degree, and comparing the relative difference degree with a threshold value, whether the latent APT attack aiming at stealing data possibly exists in the perception system or not is sensed, and the sensitivity and the accuracy of detecting the latent APT of the system are improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The invention discloses a method for simulating embezzlement sensitive data perception latent APT attack, which comprises the following steps:
1) establishing a data environment, building a data model, and performing labeling compilation sequence A [ a ] on a data source1,a2,...ai,...an]Wherein a isiThe ith sequence is restored, extracted and screened by using a system log to generate a characteristic sequence A;
2) setting several data source sending targets, establishing data channels with data sources in data environment, making one code for each channel, recording data set Bb with all codes1,b2,...bi,...bn]Wherein b isiFor the ith sequence, the flow analyzer is used to classifyAnalyzing data flow fluctuation to generate a flow sequence B;
3) combining and calculating the sequence A and the sequence B, matching, summarizing and classifying to obtain an AB combined feature library, and taking the AB combined feature library as a normal sequence library of the system;
4) taking the release time of the stolen data virus as a variable to be added into calculation to obtain a virus characteristic group diagram, and monitoring a real-time sequence of the system;
5) and calculating the difference between the real-time sequence after the virus is released and the normal sequence before the virus is released, and judging whether the latent APT possibly exists in the system according to the difference.
Further, in step 5), assuming that the number of the system call sequences of a real-time process is f (t) (t 1, 2.), the width of the sliding window is w real-time sequences, if f (t) is greater than or equal to w, then (f (t) -w +1) short sequences with the width of w can be formed according to the sliding window method principle, and these short sequences are marked as { a ≧ wiuF (t) -w +1, u-1, 2. The normal sequence library is N, wherein any normal sequence is { bju}(j=1,2,...,n;u=1,2,...,w)。
In practical circumstances, noise data cannot be excluded, and therefore, the difference between the real-time sequences is subjected to windowing and noise filtering. Assuming that the window width is L, the difference between the real-time sequence and the normal sequence library is:
Figure GDA0003504729090000031
wherein Diff ({ a)iuN) is { a }iuThe difference degree from a normal sequence library N, and the calculation method thereof satisfies Diff ({ a)iu},N)=min{Diff({aiu},{bju}), wherein: diff ({ a)iu},{bjuIs { a) })iuAnd bjuThe degree of difference; l is the window width and is more than or equal to w.
By analyzing a large number of samples, the threshold τ for the degree of difference between the real-time sequence and the normal sequence can be calculated, if D ({ aiuN) is greater than or equal to τ, the real-time sequence is abnormal, and the system makes a decisionDefense response, no latent APT in the system; if D ({ a)iuN) is less than or equal to τ, the real-time sequence is normal, the system does not respond significantly, and there may be latent APT in the system.
At present, in the field of intrusion detection, traditional enterprises use various network security protection systems including software and hardware firewalls, IDS, IPS, log management and the like, but these detection means cannot effectively detect and defend latent APT.
The invention senses whether the latent APT exists in the system by extracting and modeling the system log and matching the system log with the flow sequence after releasing the virus.
The invention is further described below with reference to the accompanying drawings.
1) Establishing a data environment consisting of second-order arrays generated by random arrays, and performing labeling compilation sequence A [ a ] on data sources in the data environment1,a2,...ai,...an]Wherein a isiIs the ith sequence, and utilizes the system log to restore, extract and screen the tagged sequence A [ a ]1,a2,...ai,...an]And carrying out data annotation based on an attribute value extraction method of the neural network to generate a characteristic sequence A and form a data model. Wherein;
2) setting a plurality of data source sending targets, establishing data channels with the data sources in the data environment, compiling a code for each channel, and serializing all code records to form a data set Bb1,b2,...bi,...bn]Wherein b isiFor the ith sequence, generating a flow sequence B by using a flow analyzer and adopting a KTAM analysis method to analyze data flow fluctuation, wherein the data flow fluctuation comprises characteristic data such as flow rate, link utilization rate, protocol distribution of different protocol layers, packet size and the like;
3) performing combined calculation on the sequence A and the sequence B, matching, finding out the same characteristic values of the sequence A and the sequence B by using a TF-IDF algorithm, generating respective characteristic vectors of the sequence A and the sequence B, calculating cosine similarity of the two characteristic vectors, indicating that the larger the value is, the more similar the value is, sequencing according to the size of cosine values to obtain an AB combined characteristic library, and taking the AB combined characteristic library as a normal sequence library of a system;
4) each vector data is provided with a timestamp, the release time of the stolen data virus is used as the timestamp to be added into calculation, the timestamp comprises metadata attributes describing a timetable, the row time of the timetable and variables of the row time, a specific time vector formed by the timestamps is used for obtaining a virus characteristic time sequence group diagram, and a real-time sequence of the system is monitored;
5) and calculating the difference between the real-time sequence after the virus is released and the normal sequence before the virus is released, and judging whether the latent APT possibly exists in the system according to the difference.
Further, in step 5), assuming that the number of the system call sequences of a real-time process is f (t) (t 1, 2.), the width of the sliding window is w real-time sequences, if f (t) is greater than or equal to w, then (f (t) -w +1) short sequences with the width of w can be formed according to the sliding window method principle, and these short sequences are marked as { a ≧ wiuF (t) -w +1, u-1, 2. The normal sequence library is N, wherein any normal sequence is { bju}(j=1,2,...,n;u=1,2,...,w)。
In practical circumstances, noise data cannot be excluded, and therefore, the difference between the real-time sequences is subjected to windowing and noise filtering. And carrying out windowing and noise filtering processing on the difference degree of each real-time sequence, wherein the assumed window width is L, and the difference degree of the real-time sequence and a normal sequence library is as follows:
Figure GDA0003504729090000051
among them, Diff ({ a)iuN) is { a }iuThe difference degree from a normal sequence library N, and the calculation method thereof satisfies Diff ({ a)iu},N)=min{Diff({aiu},{bju}), wherein: diff ({ a)iu},{bjuIs { a) })iuAnd bjuThe degree of difference; l is the window width and is more than or equal to w;
analyzing by sample, adopting self-adaptive threshold method, selecting the vector with its own centerAnd a domain window, searching the maximum value and the minimum value of the vectors in the window, and taking the average value of the maximum value and the minimum value as a threshold value, or taking the average value of all the vectors in the window as the threshold value, or taking the Gaussian convolution of all the vectors in the window as the threshold value. Calculating to obtain the threshold value tau of the difference degree between the real-time sequence and the normal sequence if D ({ a)iuN) is more than or equal to tau, the real-time sequence is abnormal, the system makes a defense response, and no latent APT exists in the system; if D ({ a)iuN) is less than or equal to τ, the real-time sequence is normal, the system does not respond significantly, and there may be latent APT in the system.
At present, in the field of machine learning, the technology for extracting the characteristics of system logs and network flow is gradually mature, the method can acquire the real-time sequence characteristics of a system by using a sliding window method, then matches the characteristics with a normal behavior characteristic library, and calculates the relative difference between the characteristics, so that the detection sensitivity of the unknown latent APT is improved.
According to the invention, after the virus simulating the stolen data is released, whether the latent APT exists is judged by comparing the virus characteristic diagram with the non-infected computer characteristic sequence, so that the detection accuracy of the unknown latent APT is improved, and the perception accuracy and sensitivity of an intrusion detection platform are improved.

Claims (4)

1. A method of simulating a theft sensitive data aware latent APT attack comprising the steps of:
1) establishing a data environment consisting of second-order arrays generated by random arrays, and performing labeling compilation sequence A [ a ] on data sources in the data environment1,a2,...ai,...an]Wherein a isiIs the ith sequence, and utilizes the system log to restore, extract and screen the tagged sequence A [ a ]1,a2,...ai,...an]Carrying out data annotation based on an attribute value extraction method of a neural network to generate a characteristic sequence A and form a data model; wherein;
2) setting a plurality of data source sending targets, establishing data sources in a data environmentEstablishing data channels, each channel compiling a code, and serializing all code records to form a data set B [ B ]1,b2,...bi,...bn]Wherein b isiFor the ith sequence, analyzing data flow fluctuation by a flow analyzer and a KTAM to generate a flow sequence B;
3) performing combined calculation on the sequence A and the sequence B, matching, finding out the same characteristic values of the sequence A and the sequence B by using a TF-IDF algorithm, generating respective characteristic vectors of the sequence A and the sequence B, calculating cosine similarity of the two characteristic vectors, indicating that the larger the value is, the more similar the value is, sequencing according to the size of cosine values to obtain an AB combined characteristic library, and taking the AB combined characteristic library as a normal sequence library of a system;
4) each vector data is provided with a timestamp, the release time of the stolen data virus is taken as the timestamp as a variable to be added into the calculation, a specific time vector is formed by the timestamps by using a sampling rate of 100Hz to obtain a virus characteristic time sequence group diagram, and meanwhile, the real-time sequence of the system is monitored;
5) and calculating the difference between the real-time sequence after the virus is released and the normal sequence before the virus is released, and judging whether the latent APT possibly exists in the system according to the difference.
2. The method of simulating a theft sensitive data aware latent APT attack according to claim 1, wherein: and 2) analyzing data traffic fluctuation by adopting KTAM, wherein the data traffic fluctuation comprises traffic rate, link utilization rate, protocol distribution of different protocol layers and packet size.
3. The method of simulating a theft sensitive data aware latent APT attack according to claim 1, wherein: the time stamp in step 4) contains metadata attributes describing the schedule, its line time and its variables.
4. The method of simulating a theft sensitive data aware latent APT attack according to claim 1, wherein: in the step 5), the number of the system call sequences of a real-time process is set to be f (t) (t 1, 2.), and the window is slidIf f (t) is not less than w, then (f (t) -w +1) short sequences with width w are formed according to the sliding window method principle, and these short sequences are marked as { a ≧ wiuN as a normal sequence library, wherein any normal sequence is { b }ju}(j=1,2,...,n;u=1,2,...,w);
And carrying out windowing and noise filtering processing on the difference degree of each real-time sequence, setting the window width as L, and setting the difference degree between the real-time sequence and a normal sequence library as follows:
Figure FDA0002247067250000021
among them, Diff ({ a)iuN) is { a }iuThe difference degree from a normal sequence library N, and the calculation method thereof satisfies Diff ({ a)iu},N)=min{Diff({aiu},{bju}), wherein: diff ({ a)iu},{bjuIs { a) })iuAnd bjuThe degree of difference; l is the window width and is more than or equal to w;
analyzing through a sample, selecting a field window which is determined to be centered by each vector by adopting a self-adaptive threshold method, searching the maximum value and the minimum value of the vectors in the window, and taking the average value of the maximum value and the minimum value as a threshold value, or taking the average value of all the vectors in the window as the threshold value, or taking the Gaussian convolution of all the vectors in the window as the threshold value; calculating to obtain the threshold value tau of the difference degree between the real-time sequence and the normal sequence if D ({ a)iuN) is more than or equal to tau, the real-time sequence is abnormal, the system makes a defense response, and no latent APT exists in the system; if D ({ a)iuN) < τ, the real-time sequence is normal, the system does not respond significantly, and there may be latent APT in the system.
CN201911020563.6A 2019-10-25 2019-10-25 Method for simulating embezzlement sensitive data perception latent APT attack Active CN111224933B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911020563.6A CN111224933B (en) 2019-10-25 2019-10-25 Method for simulating embezzlement sensitive data perception latent APT attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911020563.6A CN111224933B (en) 2019-10-25 2019-10-25 Method for simulating embezzlement sensitive data perception latent APT attack

Publications (2)

Publication Number Publication Date
CN111224933A CN111224933A (en) 2020-06-02
CN111224933B true CN111224933B (en) 2022-04-08

Family

ID=70827553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911020563.6A Active CN111224933B (en) 2019-10-25 2019-10-25 Method for simulating embezzlement sensitive data perception latent APT attack

Country Status (1)

Country Link
CN (1) CN111224933B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2942919A1 (en) * 2014-05-08 2015-11-11 Deutsche Telekom AG Social network honeypot
CN105262726A (en) * 2015-09-10 2016-01-20 中国人民解放军信息工程大学 APT (Advanced Persistent Threat) attack detection method based on big data behavior sequence analysis
CN108076040A (en) * 2017-10-11 2018-05-25 北京邮电大学 A kind of APT Attack Scenarios method for digging based on killing chain and fuzzy clustering
CN108229153A (en) * 2016-12-21 2018-06-29 青岛祥智电子技术有限公司 A kind of advanced duration threatens the method for discrimination of attack
CN108768989A (en) * 2018-05-18 2018-11-06 刘勇 It is a kind of using the APT attack defense methods of mimicry technology, system
CN108875364A (en) * 2017-12-29 2018-11-23 北京安天网络安全技术有限公司 Menace determination method, device, electronic equipment and the storage medium of unknown file
CN110022288A (en) * 2018-01-10 2019-07-16 贵州电网有限责任公司遵义供电局 A kind of APT threat recognition methods

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2942919A1 (en) * 2014-05-08 2015-11-11 Deutsche Telekom AG Social network honeypot
CN105262726A (en) * 2015-09-10 2016-01-20 中国人民解放军信息工程大学 APT (Advanced Persistent Threat) attack detection method based on big data behavior sequence analysis
CN108229153A (en) * 2016-12-21 2018-06-29 青岛祥智电子技术有限公司 A kind of advanced duration threatens the method for discrimination of attack
CN108076040A (en) * 2017-10-11 2018-05-25 北京邮电大学 A kind of APT Attack Scenarios method for digging based on killing chain and fuzzy clustering
CN108875364A (en) * 2017-12-29 2018-11-23 北京安天网络安全技术有限公司 Menace determination method, device, electronic equipment and the storage medium of unknown file
CN110022288A (en) * 2018-01-10 2019-07-16 贵州电网有限责任公司遵义供电局 A kind of APT threat recognition methods
CN108768989A (en) * 2018-05-18 2018-11-06 刘勇 It is a kind of using the APT attack defense methods of mimicry technology, system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
大规模网络安全态势分析系统YHSAS设计与实现;贾焰等;《信息技术与网络安全》;20180110;全文 *

Also Published As

Publication number Publication date
CN111224933A (en) 2020-06-02

Similar Documents

Publication Publication Date Title
CN111988285B (en) Network attack tracing method based on behavior portrait
CN107154950B (en) Method and system for detecting log stream abnormity
CN112114995A (en) Process-based terminal anomaly analysis method, device, equipment and storage medium
Yu et al. Improving the quality of alerts and predicting intruder’s next goal with Hidden Colored Petri-Net
CN111181918B (en) TTP-based high-risk asset discovery and network attack tracing method
CN112333195B (en) APT attack scene reduction detection method and system based on multi-source log correlation analysis
CN103428196A (en) URL white list-based WEB application intrusion detecting method and apparatus
CN110598180B (en) Event detection method, device and system based on statistical analysis
CN113422763B (en) Alarm correlation analysis method constructed based on attack scene
US10819717B2 (en) Malware infected terminal detecting apparatus, malware infected terminal detecting method, and malware infected terminal detecting program
CN115459965A (en) Multistep attack detection method for network security of power system
CN112560029A (en) Website content monitoring and automatic response protection method based on intelligent analysis technology
CN116074092B (en) Attack scene reconstruction system based on heterogram attention network
Nalavade et al. Mining association rules to evade network intrusion in network audit data
CN118041699B (en) Network intrusion positioning system based on artificial intelligence
CN116846633A (en) Network threat monitoring and analyzing method and system based on artificial intelligence
Hendry et al. Intrusion signature creation via clustering anomalies
CN117220961B (en) Intrusion detection method, device and storage medium based on association rule patterns
CN111224933B (en) Method for simulating embezzlement sensitive data perception latent APT attack
CN117278245A (en) Data acquisition method, device and storage medium for Internet simulation scene
CN114697087B (en) Alarm time sequence-based alarm association method
CN113132414B (en) Multi-step attack mode mining method
Zhai et al. Research and improvement on ID3 algorithm in intrusion detection system
CN116155519A (en) Threat alert information processing method, threat alert information processing device, computer equipment and storage medium
CN113660223A (en) Network security data processing method, device and system based on alarm information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant