CN111371917B - Domain name detection method and system - Google Patents

Domain name detection method and system Download PDF

Info

Publication number
CN111371917B
CN111371917B CN202010127131.1A CN202010127131A CN111371917B CN 111371917 B CN111371917 B CN 111371917B CN 202010127131 A CN202010127131 A CN 202010127131A CN 111371917 B CN111371917 B CN 111371917B
Authority
CN
China
Prior art keywords
domain name
detected
determining
score
response records
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010127131.1A
Other languages
Chinese (zh)
Other versions
CN111371917A (en
Inventor
蒋鸿玲
康海燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN202010127131.1A priority Critical patent/CN111371917B/en
Publication of CN111371917A publication Critical patent/CN111371917A/en
Application granted granted Critical
Publication of CN111371917B publication Critical patent/CN111371917B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses

Abstract

The invention relates to a domain name detection method and a domain name detection system. The method comprises the steps of obtaining a domain name to be detected; determining response records of the domain name to be detected at different moments within detection time according to the domain name to be detected; determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different moments; and determining the domain name category of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected. The domain name detection method and system provided by the invention improve the domain name detection efficiency and accurately detect the malicious domain name.

Description

Domain name detection method and system
Technical Field
The invention relates to the field of computer network security, in particular to a domain name detection method and system.
Background
The number of malicious programs has shown a trend to increase year by year in recent years, and has become more sophisticated and complex. Network intrusion, such as worms, spam, trojans, denial of service attacks, important information theft, etc., has become a huge threat to network space. Attackers often use Domain Name System (DNS) technology to hide their malicious behavior, maintain the robustness of the malicious network itself, because DNS exists in all networks and is not typically filtered by firewalls. After infecting the host computer, the malicious program is usually connected with the remote command and control server, and an attacker can directly control the command and control server. Such as APT attack (Advanced Persistent Threat), botnets may download the latest malicious programs through a remote C & C Server (Command and Control Server), or obtain malicious instructions; malicious programs such as information stealing and the like can send the stolen information to a remote server and the like; spam relies on DNS to redirect web pages. These malicious programs often access the remote server through a domain name without using the IP address of the server, and thus the domain name plays an important role in malicious behavior. Early malicious programs employed a single domain name, which presented a single point of failure problem and were easily discovered and banned.
To prevent single point failures, and to evade detection and make malicious networks more robust, attackers will employ fast-flux techniques. The fast-flux technology refers to that hundreds of thousands of IP addresses correspond to a domain name, when the domain name is inquired, different IP addresses are returned, and the IP addresses are frequently changed, and the IP addresses serve as proxies for redirecting the communication between the infected host and the C & C server. If an IP address is blacklisted, servers of other IP addresses may still continue to provide service. By adding a new IP address, a new server is easy to be added into a malicious network. This dynamic DNS technique makes it difficult for an intrusion detection system to discover an attacker hidden behind a proxy.
In addition, the malicious program dynamically generates a large number of Domain names each day by using DGA (Domain Generation Algorithm), some of which are valid Domain names registered by an attacker, and a plurality of which correspond to the IP address of a command and control server (C & C server). The infected host queries a large number of automatically generated domain names and establishes connections with a few of them. Because the number of domain names is large and are automatically generated every day, the malicious network of the attacker is well hidden.
The current mechanism for evading malicious programs adopts fast-flux and DGA technologies at the same time. The domain name is automatically generated by using a DGA algorithm every day, and the IP address corresponding to the domain name is not the IP address of one or more proxy hosts which are responsible for redirecting the communication between the C & C server and the infected host. Malicious programs that employ this escape mechanism are more flexible and robust and are more difficult to detect.
Existing malicious domain name detection methods can be classified into the following two categories:
(1) a passive detection method. Malicious domain names are detected by collecting DNS traffic, parsing and analyzing DNS query and response packets.
(2) An active detection method. Malicious domain names are detected by sending data to the server of the attacker and analyzing response result data of the attacker, such as response time delay and the like.
The above two methods have the following limitations:
(1) the passive detection method needs to collect massive DNS traffic, analyze DNS data packets, and analyze the analyzed result, and has the defect of large calculated amount.
(2) The active detection method needs to send data to the server of the attacker, and has the defect that the active detection method is easy to cause the idea of the attacker, so that the active detection method is discovered by the attacker.
Therefore, the prior art cannot effectively detect the domain name and cannot timely find the malicious domain name.
Disclosure of Invention
The invention aims to provide a domain name detection method and a domain name detection system, which can improve the domain name detection efficiency and accurately detect malicious domain names.
In order to achieve the purpose, the invention provides the following scheme:
a domain name detection method, comprising:
acquiring a domain name to be detected;
determining response records of the domain name to be detected at different moments within detection time according to the domain name to be detected; the response record comprises a domain name, an IP address and query time;
determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different moments; the domain name features comprise a domain name score and a domain name length;
determining the domain name category of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output.
Optionally, the determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different times specifically includes:
sequencing the response records of the domain name to be detected at different moments according to the query time;
numbering the sorted response records;
calculating the similarity of the IP addresses of the adjacent numbers;
and determining the domain name score according to the similarity.
Optionally, the determining the domain name score according to the similarity specifically includes:
using formulas
Figure BDA0002394741140000031
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, L is the number of response records,
Figure BDA0002394741140000032
is the similarity of the IP addresses of i and j.
Optionally, the detection time is 10 days.
A domain name detection system, comprising:
the domain name acquisition module is used for acquiring a domain name to be detected;
the response record determining module is used for determining the response records of the domain name to be detected at different moments within the detection time according to the domain name to be detected; the response record comprises a domain name, an IP address and query time;
the domain name feature determining module is used for determining the domain name features of the domain name to be detected according to the response records of the domain name to be detected at different moments; the domain name features comprise a domain name score and a domain name length;
the domain name class determining module is used for determining the domain name class of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output.
Optionally, the domain name feature determining module specifically includes:
the sequencing unit is used for sequencing the response records of the domain name to be detected at different moments according to the query time;
the numbering unit is used for numbering the sequenced response records;
a similarity calculation unit for calculating a similarity of IP addresses of adjacent numbers;
and the domain name score determining unit is used for determining the domain name score according to the similarity.
Optionally, the domain name score determining unit specifically includes:
a domain name score determination subunit for utilizing the formula
Figure BDA0002394741140000041
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, L is the number of response records,
Figure BDA0002394741140000042
is the similarity of the IP addresses of i and j.
Optionally, the detection time is 10 days.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
according to the domain name detection method and system provided by the invention, the domain name characteristics of the domain name to be detected are determined according to the response records of the domain name to be detected at different moments within the detection time, and then classification is carried out by utilizing a classification model which takes the domain name characteristics as input and the domain name categories as output, so that the domain name is accurately and quickly detected, the domain name detection efficiency is improved, and the malicious domain name is accurately detected.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic diagram showing the comparison between normal domain name and fast-flux domain name IP address fluctuation;
FIG. 2 is a schematic flow chart of a domain name detection method according to the present invention;
fig. 3 is a schematic structural diagram of a domain name detection system provided in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a domain name detection method and a domain name detection system, which can improve the domain name detection efficiency and accurately detect malicious domain names.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
In a malicious network adopting the fast-flux technology, one domain name corresponds to a plurality of different IP addresses, each IP address is an independent infected host which is controlled by a common user and cannot be started and networked in real time, and in order to ensure the usability of the malicious network, an attacker needs to continuously infect new hosts, so that when a client inquires the fast-flux domain name in different time periods, the returned IP address changes, namely, the IP address has larger fluctuation. Fig. 1 shows the fluctuation between the fast-flux domain name and the normal IP address. In addition, the malicious domain name automatically generated by the DGA algorithm is obviously different from the normal domain name, and if the readability is not considered in the malicious domain name, the domain name length is larger. A specific comparison is shown in fig. 1.
Fig. 2 is a schematic flow chart of a domain name detection method provided by the present invention, and as shown in fig. 2, the domain name detection method provided by the present invention includes:
s201, acquiring the domain name to be detected.
S202, determining response records of the domain name to be detected at different moments within detection time according to the domain name to be detected; the response record includes a domain name, an IP address, and a query time. The detection time is 10 days. The time interval was 1 hour.
The method comprises the following specific steps:
(1) recording the current time TnowAnd a start detection time TstartIs the current time.
(2) If T isnow-TstartAnd (5) repeatedly executing the steps (3) - (5) if the T is less than or equal to T.
(3) Inquiring each domain name from the server of the domain name system, obtaining the response record of the domain name system, and storing each response record, including the domain name, the IP address and the inquiring time Tquery
(4) Updating the current time Tnow
(5) Calculating the time T taken for a queryqduration=Tnow-TqueryWait for Tp-TqdurationAfter the time, the current time T is updated againnow
When the time T to be detected is over, all domain names are acquired at intervals of TpTime-corresponding domain name system response records including domain name, IP address and query time Tquery
S203, determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different moments; the domain name characteristics include a domain name score and a domain name length. The malicious domain name score is significantly less than the normal domain name score. In order to maintain a malicious network of an attacker, the attacker needs to continuously recruit new infected hosts, so that an IP address set corresponding to a malicious domain name changes, the similarity of the IP address sets in adjacent time windows is low, and the domain name score is low. The length of the malicious domain name is smaller than that of the normal domain name. The malicious domain name generated by the DGA algorithm does not consider the readability of the domain name, so that the length of the malicious domain name is longer.
And sequencing the response records of the domain name to be detected at different moments according to the query time.
And numbering the sorted response records.
The similarity of the IP addresses of adjacent numbers is calculated.
And determining the domain name score according to the similarity. Using formulas
Figure BDA0002394741140000061
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, L is the number of response records,
Figure BDA0002394741140000062
similarity of IP addresses for i and j;
Figure BDA0002394741140000063
the domain name length is the number of characters in the domain name.
S204, determining the domain name category of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output.
Obtaining a malicious domain name through an open source channel (hphosts, RiskAnalytics, Malc0de database) and obtaining a normal domain name through a white list domain name website (Alexa website), respectively determining domain name characteristics of the malicious domain name and the normal domain name, and training the classification model obtained by the SVM model.
The domain name detection method provided by the invention has the following beneficial effects:
(1) DNS flow data does not need to be analyzed, and the calculation amount is reduced.
(2) Data do not need to be sent to the server of the attacker, and the attacker is prevented from finding the data and escaping detection.
(3) The method and the device can detect the fast-flux malicious domain name and the fast-flux malicious domain name adopting the DGA technology.
Fig. 3 is a schematic structural diagram of a domain name detection system provided by the present invention, and as shown in fig. 3, the domain name detection system provided by the present invention includes: a domain name acquisition module 301 to be detected, a response record determination module 302, a domain name feature determination module 303 and a domain name category determination module 304.
The domain name acquisition module 301 to be detected is used for acquiring a domain name to be detected;
the response record determining module 302 is configured to determine, according to the domain name to be detected, response records of the domain name to be detected at different times within a detection time; the response record comprises a domain name, an IP address and query time; the detection time is 10 days.
The domain name feature determining module 303 is configured to determine a domain name feature of the domain name to be detected according to response records of the domain name to be detected at different times; the domain name features comprise a domain name score and a domain name length;
the domain name class determining module 304 is configured to determine a domain name class of the domain name to be detected by using a classification model according to the domain name feature of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output.
The domain name feature determining module 303 specifically includes: the device comprises a sorting unit, a numbering unit, a similarity calculation unit and a domain name score determination unit.
The sequencing unit is used for sequencing the response records of the domain name to be detected at different moments according to the query time;
the numbering unit is used for numbering the sequenced response records;
the similarity calculation unit is used for calculating the similarity of the IP addresses of the adjacent numbers;
and the domain name score determining unit is used for determining the domain name score according to the similarity.
The domain name score determining unit specifically includes: a domain name score determination subunit.
Domain name score determination subunit for utilizing formulas
Figure BDA0002394741140000071
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, L is the number of response records,
Figure BDA0002394741140000081
is the similarity of the IP addresses of i and j.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principle and the implementation mode of the invention are explained by applying a specific example, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (4)

1. A domain name detection method is characterized by comprising the following steps:
acquiring a domain name to be detected;
determining response records of the domain name to be detected at different moments within detection time according to the domain name to be detected; the response record comprises a domain name, an IP address and query time;
determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different moments; the domain name features comprise a domain name score and a domain name length;
determining the domain name category of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output;
the determining the domain name characteristics of the domain name to be detected according to the response records of the domain name to be detected at different times specifically includes:
sequencing the response records of the domain name to be detected at different moments according to the query time;
numbering the sorted response records;
calculating the similarity of the IP addresses of the adjacent numbers;
determining the domain name score according to the similarity;
the determining the domain name score according to the similarity specifically includes:
using formulas
Figure FDA0003519279510000011
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, Pi d,
Figure FDA0003519279510000012
IP address sets returned by the response records corresponding to the ith and jth time windows respectively, L is the number of the response records,
Figure FDA0003519279510000013
to be the similarity of the IP addresses of i and j,
Figure FDA0003519279510000014
2. the method as claimed in claim 1, wherein the detection time is 10 days.
3. A domain name detection system, comprising:
the domain name acquisition module is used for acquiring a domain name to be detected;
the response record determining module is used for determining the response records of the domain name to be detected at different moments within the detection time according to the domain name to be detected; the response record comprises a domain name, an IP address and query time;
the domain name feature determining module is used for determining the domain name features of the domain name to be detected according to the response records of the domain name to be detected at different moments; the domain name features comprise a domain name score and a domain name length;
the domain name class determining module is used for determining the domain name class of the domain name to be detected by adopting a classification model according to the domain name characteristics of the domain name to be detected; the domain name categories comprise a malicious domain name and a normal domain name; the classification model takes the domain name characteristics as input and takes the domain name category as output;
the domain name feature determination module specifically includes:
the sequencing unit is used for sequencing the response records of the domain name to be detected at different moments according to the query time;
the numbering unit is used for numbering the sequenced response records;
a similarity calculation unit for calculating a similarity of IP addresses of adjacent numbers;
a domain name score determining unit, configured to determine the domain name score according to the similarity;
the domain name score determining unit specifically includes:
a domain name score determination subunit for utilizing the formula
Figure FDA0003519279510000021
Determining the domain name score; s (d) is the domain name score, i and j are both adjacent numbers, Pi d,
Figure FDA0003519279510000022
IP address sets returned by the response records corresponding to the ith and jth time windows respectively, L is the number of the response records,
Figure FDA0003519279510000023
to be the similarity of the IP addresses of i and j,
Figure FDA0003519279510000024
4. a domain name detection system according to claim 3, wherein said detection time is 10 days.
CN202010127131.1A 2020-02-28 2020-02-28 Domain name detection method and system Active CN111371917B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010127131.1A CN111371917B (en) 2020-02-28 2020-02-28 Domain name detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010127131.1A CN111371917B (en) 2020-02-28 2020-02-28 Domain name detection method and system

Publications (2)

Publication Number Publication Date
CN111371917A CN111371917A (en) 2020-07-03
CN111371917B true CN111371917B (en) 2022-04-22

Family

ID=71211614

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010127131.1A Active CN111371917B (en) 2020-02-28 2020-02-28 Domain name detection method and system

Country Status (1)

Country Link
CN (1) CN111371917B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995360B (en) * 2021-04-30 2021-07-30 新华三技术有限公司 Domain name detection method and device, DGA service equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152442A (en) * 2013-01-31 2013-06-12 中国科学院计算机网络信息中心 Detection and processing method and system for botnet domain names
CN106713371A (en) * 2016-12-08 2017-05-24 中国电子科技网络信息安全有限公司 Fast Flux botnet detection method based on DNS anomaly mining
CN110650157A (en) * 2019-10-23 2020-01-03 北京邮电大学 Fast-flux domain name detection method based on ensemble learning

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10594711B2 (en) * 2016-11-28 2020-03-17 Microsoft Technology Licensing, Llc. Detection of botnets using command-and-control access patterns
CN110266739A (en) * 2019-08-06 2019-09-20 杭州安恒信息技术股份有限公司 In conjunction with the detection method for the Fast-Flux Botnet for threatening information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152442A (en) * 2013-01-31 2013-06-12 中国科学院计算机网络信息中心 Detection and processing method and system for botnet domain names
CN106713371A (en) * 2016-12-08 2017-05-24 中国电子科技网络信息安全有限公司 Fast Flux botnet detection method based on DNS anomaly mining
CN110650157A (en) * 2019-10-23 2020-01-03 北京邮电大学 Fast-flux domain name detection method based on ensemble learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Botnet Detection by Monitoring Group Activities in DNS Traffic;Hyunsang Choi等;《7th IEEE International Conference on Computer and Information Technology (CIT 2007)》;20071121;第715-720页 *

Also Published As

Publication number Publication date
CN111371917A (en) 2020-07-03

Similar Documents

Publication Publication Date Title
Vinayakumar et al. Scalable framework for cyber threat situational awareness based on domain name systems data analysis
Nadler et al. Detection of malicious and low throughput data exfiltration over the DNS protocol
Singh et al. Issues and challenges in DNS based botnet detection: A survey
US10880270B1 (en) Network firewall for mitigating against persistent low volume attacks
Kwon et al. PsyBoG: A scalable botnet detection method for large-scale DNS traffic
US10185761B2 (en) Domain classification based on domain name system (DNS) traffic
US8260914B1 (en) Detecting DNS fast-flux anomalies
CN109474575B (en) DNS tunnel detection method and device
Bilge et al. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.
US9503468B1 (en) Detecting suspicious web traffic from an enterprise network
US8516585B2 (en) System and method for detection of domain-flux botnets and the like
US8347394B1 (en) Detection of downloaded malware using DNS information
US9258289B2 (en) Authentication of IP source addresses
US20140047543A1 (en) Apparatus and method for detecting http botnet based on densities of web transactions
Singh et al. Detecting bot-infected machines using DNS fingerprinting
US20130133072A1 (en) Network protection system and method
US20180034837A1 (en) Identifying compromised computing devices in a network
CN110730175A (en) Botnet detection method and detection system based on threat information
CN102685145A (en) Domain name server (DNS) data packet-based bot-net domain name discovery method
EP3297248A1 (en) System and method for generating rules for attack detection feedback system
Satam et al. Anomaly Behavior Analysis of DNS Protocol.
CN111818103A (en) Traffic-based tracing attack path method in network target range
EP3913888A1 (en) Detection method for malicious domain name in domain name system and detection device
CN111314301A (en) Website access control method and device based on DNS (Domain name Server) analysis
Nguyen et al. DGA botnet detection using collaborative filtering and density-based clustering

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant