CN114205134A - Network policy detection method, electronic device, and storage medium - Google Patents

Network policy detection method, electronic device, and storage medium Download PDF

Info

Publication number
CN114205134A
CN114205134A CN202111484515.XA CN202111484515A CN114205134A CN 114205134 A CN114205134 A CN 114205134A CN 202111484515 A CN202111484515 A CN 202111484515A CN 114205134 A CN114205134 A CN 114205134A
Authority
CN
China
Prior art keywords
network
network policy
detection model
target
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111484515.XA
Other languages
Chinese (zh)
Inventor
任宇哲
鲁敦政
姬亚锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sino Bridge Technology Co ltd
Original Assignee
Beijing Sino Bridge Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sino Bridge Technology Co ltd filed Critical Beijing Sino Bridge Technology Co ltd
Priority to CN202111484515.XA priority Critical patent/CN114205134A/en
Publication of CN114205134A publication Critical patent/CN114205134A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the disclosure discloses a network policy detection method, an electronic device and a storage medium, wherein the method comprises the following steps: acquiring configuration information of a detected network policy; determining a source domain of the detected network strategy according to a source IP address of the detected network strategy, and determining a target domain of the detected network strategy according to a target IP address of the detected network strategy; acquiring a target network strategy detection model corresponding to the detected network strategy according to the source domain and the target domain; and acquiring a network policy detection result corresponding to the detected network policy based on the target network policy detection model and the configuration information. The technical scheme can determine whether the detected network strategy is reliable or not according to the network strategy detection result, thereby reducing the cost for detecting the network strategy and improving the efficiency for detecting the network strategy.

Description

Network policy detection method, electronic device, and storage medium
Technical Field
The present disclosure relates to the field of network policy detection technologies, and in particular, to a network policy detection method, an electronic device, and a storage medium.
Background
With the development of communication technology, people increasingly depend on networks in the aspects of production and life. In general, an intranet (private network) may be installed in a work place, and a user may transmit information to and from a work unit through the intranet or may exchange information with an external network through the intranet. In order to secure the security of data transmitted through the intranet, a firewall may be provided between the intranet and the extranet to isolate the intranet from the extranet and restrict network access operations.
In recent years, as the situation of information security becomes more severe, the requirement for the firewall becomes higher and higher. To determine whether a firewall is reliable, a network policy on the firewall may be checked. In the related art, the network policy can be manually detected by a detection person to ensure that the network policy is reliable. However, as the network policy becomes more complex, the time consumed for detecting the network policy and the required detection time cost are increased sharply, the cost for detecting the network policy is increased, and the efficiency for detecting the network policy is reduced. Therefore, how to reduce the cost of detecting the network policy and improve the efficiency of detecting the network policy is an urgent problem to be solved at present.
Disclosure of Invention
In order to solve the problems in the related art, embodiments of the present disclosure provide a network policy detection method, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a network policy detection method, including:
acquiring configuration information of the detected network policy, wherein the configuration information comprises a source IP address, a destination IP address, a source mac address, a destination port, an action time period and a control action of at least one detected network policy;
determining a source domain of the detected network strategy according to a source IP address of the detected network strategy, and determining a target domain of the detected network strategy according to a target IP address of the detected network strategy;
acquiring a target network strategy detection model corresponding to the detected network strategy according to the source domain and the target domain;
and acquiring a network policy detection result corresponding to the detected network policy based on the target network policy detection model and the configuration information.
In one implementation of the present disclosure, obtaining a target network policy detection model corresponding to a detected network policy according to a source domain and a target domain includes:
determining network equipment corresponding to the detected network policy according to the source domain and the target domain, and sending a target network policy detection model uploading instruction to the network equipment corresponding to the detected network policy;
and receiving a target network strategy detection model uploaded by the network equipment corresponding to the detected network strategy in response to the target network strategy detection model uploading instruction, wherein the target network strategy detection model is obtained by pre-training the network equipment corresponding to the detected network strategy and the server.
In one implementation manner of the present disclosure, determining a network device corresponding to a detected network policy according to a source domain and a target domain includes:
acquiring an active network equipment list, wherein the active network equipment list comprises the updating time of the latest updating of the network strategy of the network equipment and the IP address of the network equipment;
and determining the network equipment with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
In one implementation of the present disclosure, the active network device list further includes an access time of a last access action of the network device:
determining the network device with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value and the IP address matched with the source domain or the target domain as the network device corresponding to the detected network policy, including:
and determining the network equipment of which the time difference between the updating time and the current time is less than or equal to a first time difference threshold value, the time difference between the access time and the current time is less than or equal to a second time difference threshold value, and the IP address is matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
In one implementation of the present disclosure, the active network device list further includes user image information of a user corresponding to the network device;
determining the network device with the time difference between the update time and the current time smaller than or equal to a first time difference threshold, the time difference between the access time and the current time smaller than or equal to a second time difference threshold, and the IP address matched with the source domain or the target domain as the network device corresponding to the detected network policy, including:
and determining the network equipment with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value, the time difference between the access time and the current time smaller than or equal to a second time difference threshold value, the user portrait information matched with the preset portrait information, and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
In a second aspect, an embodiment of the present disclosure provides a network policy detection method, where the method is applied to a network device, and includes:
receiving a target network strategy detection model uploading instruction;
and responding to the target network strategy detection model uploading instruction, and sending the target network strategy detection model.
In one implementation of the present disclosure, before receiving a target network policy detection model upload instruction, the method further includes:
receiving an update weight parameter sent by a server, and updating the private network policy detection model according to the update weight parameter;
acquiring an access log and an alarm log in real time, wherein the access log comprises an access action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the access action, the alarm log comprises an alarm action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the alarm action, and the alarm action is used as an access action for triggering a firewall to detect alarm or an access action for triggering system fault;
acquiring real-time access action control information based on the alarm log acquired in real time, and training a private network policy detection model based on the real-time access action control information and the access log acquired in real time;
when the trained private network strategy detection model is not converged, acquiring a gradient update vector according to the trained private network strategy detection model, and sending the gradient update vector, wherein the server is used for aggregating the gradient update vector, and updating the weight parameters of the shared network strategy detection model of the server according to the aggregated gradient update vector to acquire updated weight parameters;
and when the trained private network strategy detection model is converged, determining the private network strategy detection model as a target network strategy detection model.
In an implementation manner of the present disclosure, before receiving an update weight parameter sent by a server and updating a private network policy detection model according to the update weight parameter, the method further includes:
acquiring an access log and an alarm log which are acquired in advance, determining an access action source domain according to a source IP address in the access log which is acquired in advance, and determining an access action target domain according to a target IP address in the access log which is acquired in advance;
receiving a log uploading instruction, and uploading a noisy access log and a noisy alarm log when an uploading source domain indicated by the log uploading instruction is matched with an access action source domain or an access action destination domain;
receiving an initial weight parameter sent by a server, wherein the initial weight parameter is obtained by the server according to a common network policy detection model, the common network policy detection model is obtained by extracting a common access log for the server according to a noisy access log, extracting a common alarm log according to the noisy alarm log, obtaining access action control information according to the common alarm log, taking the common access log as input and the access action control information as output based on a pre-obtained initial network policy detection model, and training the initial network policy detection model;
and updating the weight parameters of the initial network strategy detection model obtained in advance according to the weight parameters to obtain the private network strategy detection model.
In a third aspect, an electronic device is provided in this disclosed embodiment, and the electronic device includes a memory, a processor, and a computer program stored on the memory, wherein the processor executes the computer program to implement the method of any one of the first aspect or the second aspect.
In a fourth aspect, the present disclosure provides, in an embodiment, a computer-readable storage medium having computer instructions stored thereon, wherein the computer instructions, when executed by a processor, implement the method of any one of the first aspect or the second aspect.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
in the technical scheme, by acquiring configuration information of a detected network policy, the configuration information includes a source IP address, a destination IP address, a source mac address, a destination port, an action time period and a control action of at least one detected network policy, a source domain of the detected network policy is determined according to the source IP address of the detected network policy, a target domain of the detected network policy is determined according to the destination IP address of the detected network policy, and a target network policy detection model corresponding to the detected network policy is acquired according to the source domain and the target domain, wherein the target network policy detection model can be used for detecting whether an abnormal network access action corresponding to the source domain or the target domain can be blocked by a firewall set according to the detected network policy. And then, a network policy detection result corresponding to the detected network policy is obtained based on the target network policy detection model and the configuration information, so that whether the detected network policy is reliable or not can be determined according to the network policy detection result on the premise of not manually detecting the network policy, the cost for detecting the network policy is reduced, and the efficiency for detecting the network policy is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
Other features, objects, and advantages of the present disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings:
fig. 1 shows a schematic block diagram of a network policy detection system according to an embodiment of the present disclosure;
fig. 2 shows a schematic flow diagram of a network policy detection method according to an embodiment of the present disclosure;
fig. 3 shows a schematic flow diagram of a network policy detection method according to an embodiment of the present disclosure;
fig. 4 is a schematic block diagram of a network policy detection apparatus according to an embodiment of the present disclosure;
fig. 5 shows a schematic block diagram of a network policy detection apparatus according to an embodiment of the present disclosure;
FIG. 6 shows a schematic block diagram of an electronic device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device suitable for implementing the network policy detection method according to the embodiment of the present disclosure.
Detailed Description
Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement them. Also, for the sake of clarity, parts not relevant to the description of the exemplary embodiments are omitted in the drawings.
In the present disclosure, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of the disclosed features, numbers, steps, actions, components, parts, or combinations thereof, and do not preclude the possibility that one or more other features, numbers, steps, actions, components, parts, or combinations thereof are present or added.
It should be further noted that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
The details of the embodiments of the present disclosure are described in detail below with reference to specific embodiments.
With the development of communication technology, people increasingly depend on networks in the aspects of production and life. In general, an intranet (private network) may be installed in a work place, and a user may transmit information to and from a work unit through the intranet or may exchange information with an external network through the intranet. In order to secure the security of data transmitted through the intranet, a firewall may be provided between the intranet and the extranet to isolate the intranet from the extranet and restrict network access operations.
In recent years, as the situation of information security becomes more severe, the requirement for the firewall becomes higher and higher. To determine whether a firewall is reliable, a network policy on the firewall may be checked. In the related art, the network policy can be manually detected by a detection person to ensure that the network policy is reliable. However, as the network policy becomes more complex, the time consumed for detecting the network policy and the required detection time cost are increased sharply, the cost for detecting the network policy is increased, and the efficiency for detecting the network policy is reduced. Therefore, how to reduce the cost of detecting the network policy and improve the efficiency of detecting the network policy is an urgent problem to be solved at present.
In view of the foregoing drawbacks, in the technical solution provided by the present disclosure, configuration information of a detected network policy is obtained, where the configuration information includes a source IP address, a destination IP address, a source mac address, a destination port, an action period, and a control action of at least one detected network policy, a source domain of the detected network policy is determined according to the source IP address of the detected network policy, a target domain of the detected network policy is determined according to the destination IP address of the detected network policy, and a target network policy detection model corresponding to the detected network policy is obtained according to the source domain and the target domain, where the target network policy detection model can be used to detect whether an abnormal network access action corresponding to the source domain or the target domain can be blocked by a firewall set according to the detected network policy. And then, a network policy detection result corresponding to the detected network policy is obtained based on the target network policy detection model and the configuration information, so that whether the detected network policy is reliable or not can be determined according to the network policy detection result on the premise of not manually detecting the network policy, the cost for detecting the network policy is reduced, and the efficiency for detecting the network policy is improved.
Fig. 1 shows a schematic block diagram of a network policy detection system according to an embodiment of the present disclosure, where the network policy detection system includes a firewall device 101, a network policy detection device 102, and a network 103, the network 103 is used to provide a medium of a communication link between the firewall device 101 and the network policy detection device 102, and the network 103 may include various connection types, such as a wired connection, a wireless communication link, or an optical fiber cable.
Fig. 2 shows a schematic flow chart of a network policy detection method according to an embodiment of the present disclosure, which is applied to a network policy detection device. As shown in fig. 2, the network policy detection method includes the following steps:
in step S101, configuration information of the detected network policy is acquired.
Wherein. The configuration information includes a source IP address, a destination IP address, a source mac address, a destination port, an action period, and a control action of the at least one detected network policy.
In an embodiment of the present disclosure, the configuration information of the detected network policy may be obtained by reading the configuration information of the detected network policy stored in the network policy detection device in advance, or may be received from other devices or systems through the network.
The source IP address is the IP address of the network access action initiator, the destination IP address is the destination IP address of the network access action, the source mac address is the mac address of the network access action initiator, the destination mac address is the destination mac address of the network access action, the destination port is the destination port of the network access action, the action time interval is the time interval when the network access action occurs, and the control action is used for indicating whether the network access action is allowed to access the intranet through the firewall or is forbidden to access the intranet through the firewall.
In step S102, a source domain of the detected network policy is determined according to a source IP address of the detected network policy, and a target domain of the detected network policy is determined according to a destination IP address of the detected network policy.
In an embodiment of the present disclosure, the source domain of the detected network policy is determined according to the source IP address of the detected network policy, and the source IP address of the detected network policy may be searched in a source IP address domain database pre-stored in advance, so as to determine the source domain of the detected network policy according to the search result. The target domain of the detected network strategy is determined according to the target IP address of the detected network strategy, and the target domain of the detected network strategy can be determined according to the target IP address of the detected network strategy by searching in a target IP address domain database stored in advance so as to determine the target domain of the detected network strategy according to the searching result.
In step S103, a target network policy detection model corresponding to the detected network policy is obtained according to the source domain and the target domain.
In an embodiment of the present disclosure, the target network policy detection model may be a Neural Network (NN) model, a Convolutional Neural Network (CNN) model, a Long Short Term Memory (LSTM) model, or the like.
The target network policy detection model corresponding to the detected network policy is obtained according to the source domain and the target domain, and the target network policy detection model may be determined in a plurality of network policy detection models obtained in advance according to the target ID by searching the target ID in a detection model mapping table obtained in advance according to the source domain and the target domain. Target model request instructions including the source domain and the target domain may also be sent to other devices or systems, and the target network policy detection model sent by the other devices or systems in response to the target model request instructions is accepted.
In step S104, a network policy detection result corresponding to the detected network policy is obtained based on the target network policy detection model and the configuration information.
In an embodiment of the present disclosure, a source IP address, a destination IP address, a source mac address, a destination port, and an action period in configuration information may be used as input, a target network policy detection model is input to obtain a target control action, and a network policy detection result corresponding to a detected network policy is obtained by comparing the target control action with a control action in the configuration information. For example. When the target control action comprises a control action in the configuration information, the detected network policy may be considered to meet the requirements; when the target control action does not include the control action in the configuration information, or includes only a part of the control action in the configuration information, the detected network policy may be considered not to satisfy the requirement.
According to the technical scheme, the configuration information of the detected network policy is obtained, the configuration information comprises a source IP address, a destination IP address, a source mac address, a destination port, an action time period and a control action of at least one detected network policy, a source domain of the detected network policy is determined according to the source IP address of the detected network policy, a target domain of the detected network policy is determined according to the destination IP address of the detected network policy, and a target network policy detection model corresponding to the detected network policy is obtained according to the source domain and the target domain, wherein the target network policy detection model can be used for detecting whether abnormal network access actions corresponding to the source domain or the target domain can be blocked by a firewall set according to the detected network policy. And then, a network policy detection result corresponding to the detected network policy is obtained based on the target network policy detection model and the configuration information, so that whether the detected network policy is reliable or not can be determined according to the network policy detection result on the premise of not manually detecting the network policy, the cost for detecting the network policy is reduced, and the efficiency for detecting the network policy is improved.
In an implementation manner of the present disclosure, in step S103, a target network policy detection model corresponding to a detected network policy is obtained according to a source domain and a target domain, and the method may be implemented by the following steps:
and determining the network equipment corresponding to the detected network policy according to the source domain and the target domain, and sending a target network policy detection model uploading instruction to the network equipment corresponding to the detected network policy.
And receiving a target network strategy detection model uploaded by the network equipment corresponding to the detected network strategy in response to the target network strategy detection model uploading instruction, wherein the target network strategy detection model is obtained by pre-training the network equipment corresponding to the detected network strategy and the server.
The network device corresponding to the detected network policy may be understood as a network device whose own IP address corresponds to the source domain or the target domain. Determining the network device corresponding to the detected network policy according to the source domain and the target domain, which may be to search a network device ID in a detection model mapping table obtained in advance according to the source domain and the target domain, where the network device indicated by the network device ID is the network device corresponding to the detected network policy; the corresponding network device determining instruction including the domain information indicating the source domain and the target domain may also be sent to the plurality of network devices, and the network device corresponding to the detected network policy may receive the confirmation feedback information sent by the network device corresponding to the corresponding network device determining instruction, and determine the network device corresponding to the detected network policy according to the feedback information.
The network device may be various electronic devices with a network access function, including but not limited to a wireless router, a wired router, a switch, a gateway, a modem, and a wireless Access Point (AP), etc. The server may be a cloud server or a server provided by a network policy detection service provider. It should be noted that, in the embodiment of the present application, one server may correspond to multiple network devices.
The network device and the server are trained in advance to obtain the target network policy detection model, and the method comprises the following steps:
the network equipment receives an update weight parameter sent by the server and updates the private network strategy detection model according to the update weight parameter;
the method comprises the steps that network equipment collects an access log and an alarm log in real time, wherein the access log comprises an access action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the access action, the alarm log comprises an alarm action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the alarm action, and the alarm action is used as an access action for triggering a firewall to detect alarm or an access action for triggering system faults;
the network device obtains real-time access action control information based on the alarm log collected in real time, and trains a private network policy detection model based on the real-time access action control information and the access log collected in real time, wherein the private network policy detection model may be a Neural Network (NN) model, a Convolutional Neural Network (CNN) model, or a Long Short Term Memory (LSTM) model.
When the trained private network strategy detection model is not converged, the network equipment acquires a gradient update vector according to the trained private network strategy detection model and sends the gradient update vector to the network equipment;
the server receives the gradient update vector sent by the network equipment, aggregates the gradient update vector, updates the weight parameter of the common network strategy detection model of the server according to the aggregated gradient update vector to obtain an updated weight parameter, and sends the updated weight parameter to the network equipment so that the network equipment can train according to the updated weight parameter;
and when the trained private network strategy detection model is converged, the network equipment determines the private network strategy detection model as a target network strategy detection model.
In the embodiment, the network device corresponding to the detected network policy is determined according to the source domain and the target domain, the target network policy detection model uploading instruction is sent to the network device corresponding to the detected network policy, and the target network policy detection model uploaded by the network device corresponding to the detected network policy in response to the target network policy detection model uploading instruction is received, so that the target network policy detection model can be a model which is obtained by training the network device corresponding to the detected network policy and is used for learning whether abnormal network access actions corresponding to the source domain and the target domain can be blocked by a firewall set according to the detected network policy, and the content learned by the target network policy detection model is subjected to experience of the network device in actual operation.
In an implementation manner of the present disclosure, in step S103, a target network policy detection model corresponding to a detected network policy is obtained according to a source domain and a target domain, and the method may be implemented by the following steps:
and acquiring an active network equipment list, wherein the active network equipment list comprises the update time of the latest update of the network policy of the network equipment and the IP address of the network equipment.
And determining the network equipment with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
The network policy detection device updates the active network device list according to updated network policy information sent by the network device when updating the network policy each time; the list of active network devices may also be obtained from other apparatuses or systems.
In this embodiment, by obtaining the active network device list, and determining the network device whose update time is less than or equal to the first time difference threshold and whose IP address matches the source domain or the target domain as the network device corresponding to the detected network policy, on the premise of ensuring that the target network policy detection model is a model that is obtained by training the network device corresponding to the detected network policy and that has learned whether the abnormal network access actions corresponding to the source domain and the target domain can be blocked by the firewall that is set according to the detected network policy, the content learned by the target network policy detection model is experience of the network device in actual operation according to the new network policy on the network device.
In one implementation of the present disclosure, the active network device list further includes an access time of a last access action of the network device:
determining the network device with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value and the IP address matched with the source domain or the target domain as the network device corresponding to the detected network policy, including:
and determining the network equipment of which the time difference between the updating time and the current time is less than or equal to a first time difference threshold value, the time difference between the access time and the current time is less than or equal to a second time difference threshold value, and the IP address is matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
The access time can be understood as the time when the network device has made the access action last time, and the access time of the network device can be determined by receiving access action report information sent by the network device.
In this embodiment, by determining that the time difference between the update time and the current time is less than or equal to the first time difference threshold, the time difference between the access time and the current time is less than or equal to the second time difference threshold, and the network device whose IP address matches the source domain or the target domain is the network device corresponding to the detected network policy, it is possible to make the content learned by the target network policy detection model be the experience of the network device actually operating at a time closer to the current time according to a new network policy on the network device, on the premise of ensuring that the target network policy detection model is the model that is trained by the network device corresponding to the detected network policy and that has learned whether the abnormal network access actions corresponding to the source domain and the target domain can be blocked by the firewall set according to the detected network policy.
In one implementation of the present disclosure, the active network device list further includes user image information of a user corresponding to the network device;
determining the network device with the time difference between the update time and the current time smaller than or equal to a first time difference threshold, the time difference between the access time and the current time smaller than or equal to a second time difference threshold, and the IP address matched with the source domain or the target domain as the network device corresponding to the detected network policy, including:
and determining the network equipment with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value, the time difference between the access time and the current time smaller than or equal to a second time difference threshold value, the user portrait information matched with the preset portrait information, and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
The user portrait information corresponding to the network device may be pre-stored in the network policy detection device, may be obtained from other devices or systems, or may be uploaded by the network device itself. The preset portrait information may be pre-stored in the network policy detection device, or may be obtained from other devices or systems.
By determining the network device with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value, the time difference between the accessing time and the current time smaller than or equal to a second time difference threshold value, the user portrait information matched with the preset portrait information, and the IP address matched with the source domain or the target domain as the network device corresponding to the detected network policy, on the premise of ensuring that the target network policy detection model is a model which is obtained by training the network device corresponding to the detected network policy, has learned whether the source domain and the abnormal network access action corresponding to the target domain can be blocked by the firewall set according to the detected network policy, the contents learned by the target network policy detection model are the experience of the network device used by the user meeting the preset requirements in actual operation at the time closer to the current time according to the newer network policy on the network device.
Fig. 3 shows a schematic flow chart of a network policy detection method according to an embodiment of the present disclosure, which is applied to a network device. As shown in fig. 3, the network policy detection method includes the following steps:
in step S201, a target network policy detection model upload instruction is received.
In step S202, the target network policy detection model is sent in response to the target network policy detection model upload instruction.
In one implementation manner of the present disclosure, before receiving the target network policy detection model upload instruction in step S201, the method further includes the following steps:
and receiving an update weight parameter sent by the server, and updating the private network policy detection model according to the update weight parameter.
The method comprises the steps of collecting an access log and an alarm log in real time, wherein the access log comprises an access action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the access action, the alarm log comprises an alarm action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the alarm action, and the alarm action is used as an access action for triggering a firewall to detect alarm or an access action for triggering system faults.
And acquiring real-time access action control information based on the alarm log acquired in real time, and training the private network policy detection model based on the real-time access action control information and the access log acquired in real time.
When the trained private network strategy detection model is not converged, a gradient update vector is obtained according to the trained private network strategy detection model, the gradient update vector is sent, the server is used for aggregating the gradient update vector, and the weight parameters of the shared network strategy detection model of the server are updated according to the aggregated gradient update vector to obtain update weight parameters.
And when the trained private network strategy detection model is converged, determining the private network strategy detection model as a target network strategy detection model.
The private network policy detection model and the common network policy detection model may be Neural Network (NN) models, Convolutional Neural Network (CNN) models, Long Short Term Memory (LSTM) models, or the like.
In this embodiment, the update weight parameters sent by the server and received by the network device are obtained by aggregating the gradient update vectors sent by the plurality of network devices by the server and updating the weight parameters of the common network policy detection model of the server according to the aggregated gradient update vectors, so that the updated common network policy detection model can reflect the common rule between the access logs of the plurality of network devices and the real-time access action control information acquired based on the alarm logs of the plurality of network devices, which are learned by the private network policy detection model of the server in the previous round of training. The updated private network strategy detection model is trained by taking the access log acquired in real time as input and taking the real-time access action control information acquired based on the alarm log acquired in real time as output, so that the updated private network strategy detection model can learn the privacy rule between the access log of the network equipment and the real-time access action control information acquired based on the alarm logs of a plurality of network equipment on the basis of learning the common regularity and can also learn the network equipment by individuation, and the trained private network strategy detection model can learn the privacy rule between the access log of the network equipment and the real-time access action control information acquired based on the alarm logs of the network equipment; when the trained private network strategy detection model is not converged, the trained private network strategy detection model still needs to be trained, a gradient update vector is obtained according to the trained private network strategy detection model, and the gradient update vector is sent, so that the server can continuously obtain corresponding update weight parameters based on the gradient update vectors uploaded by the plurality of network devices on the premise of not revealing personal data of users of the network devices, and the private network strategy detection models of the network devices are continuously trained; when the trained private network policy detection model converges, the converged private network policy detection model can obtain corresponding access action control information based on a source IP address, a destination IP address, a source mac address, a destination port and an action time period in configuration information of the detected network policy, so as to determine whether the detected network policy meets requirements according to a control action indicated by the access action control information and a control action in the configuration information.
In an implementation manner of the present disclosure, before receiving an update weight parameter sent by a server and updating a private network policy detection model according to the update weight parameter, the method further includes the following steps:
the method comprises the steps of obtaining an access log and an alarm log which are collected in advance, determining an access action source domain according to a source IP address in the access log which is collected in advance, and determining an access action target domain according to a target IP address in the access log which is collected in advance.
And receiving a log uploading instruction, and uploading the access log after being subjected to noise addition and the alarm log after being subjected to noise addition when an uploading source domain indicated by the log uploading instruction is matched with an access action source domain or an access action destination domain.
Receiving an initial weight parameter sent by a server, wherein the initial weight parameter is obtained by the server according to a common network policy detection model, the common network policy detection model is obtained by extracting a common access log for the server according to the access log after noise is added, extracting a common alarm log according to the noise added alarm log, obtaining access action control information according to the common alarm log, taking the common access log as input and the access action control information as output based on the initial network policy detection model obtained in advance, and training the initial network policy detection model.
And updating the weight parameters of the initial network strategy detection model obtained in advance according to the weight parameters to obtain the private network strategy detection model.
The initial network strategy detection model can be a neural network model, a convolutional neural network model, a long-short term memory network model or the like, and can be understood as an untrained model.
Noise is added to the access log and the alarm log, random noise may be added to the access log and the alarm log, and Laplace noise (Laplace noise) may also be added to the access log and the alarm log.
In the embodiment, noise is added to the access log and the alarm log to obtain the access log after noise addition and the alarm log after noise addition, and the access log after noise addition and the alarm log after noise addition are uploaded, so that leakage of sensitive user personal information in the access log and the alarm log can be avoided on the premise of not reducing the rule between the access log reflected by the access log after noise addition and the alarm log after noise addition and real-time access action control information obtained based on the alarm log as far as possible, and the safety of the user personal information is improved.
In this embodiment, by receiving a log uploading instruction, when an uploading source domain indicated by the log uploading instruction matches an access action source domain or an access action destination domain, uploading a noisy access log and a noisy alarm log, so that the server can obtain a common access log and a common alarm log based on the noisy access log and the noisy alarm log, and perform preliminary training on an initial network policy detection model on the server according to the common access log and the common alarm log to obtain a common network policy detection model, where the common network policy detection model can be understood as a model obtained by preliminarily learning a rule between an access log common to a plurality of network devices and real-time access action control information obtained based on the alarm log. Then the server issues the initial weight parameters obtained according to the common network strategy detection model on the server, the network equipment updates the initial network strategy detection model on the network equipment according to the received initial weight parameters, to obtain a private network policy detection model, which can understand the learned rule model of the network policy detection model of the common network device, namely, the private network policy detection model can also be understood as a model obtained by preliminarily learning the rule between the common access log of the plurality of edge network devices and the real-time access action control information obtained based on the alarm log, therefore, the private network strategy detection model can be conveniently trained for multiple rounds, network equipment does not need to be trained based on the initial network strategy detection model, and the training difficulty is reduced.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.
According to the network policy detection apparatus of an embodiment of the present disclosure, the network policy detection apparatus is provided in the network policy detection device, and the network policy detection apparatus may be implemented as part or all of the electronic device by software, hardware, or a combination of the two. Fig. 4 is a schematic block diagram of a network policy detection apparatus according to an embodiment of the present disclosure, and as shown in fig. 4, the network policy detection apparatus 400 includes:
a configuration information obtaining module 401 configured to obtain configuration information of the detected network policy, where the configuration information includes a source IP address, a destination IP address, a source mac address, a destination port, an action period, and a control action of at least one detected network policy;
a source domain target domain obtaining module 402, configured to determine a source domain of the detected network policy according to a source IP address of the detected network policy, and determine a target domain of the detected network policy according to a destination IP address of the detected network policy;
a detection model obtaining module 403, configured to obtain, according to the source domain and the target domain, a target network policy detection model corresponding to the detected network policy;
a detection result obtaining module 404 configured to obtain a network policy detection result corresponding to the detected network policy based on the target network policy detection model and the configuration information.
In this embodiment, by obtaining configuration information of a detected network policy, where the configuration information includes a source IP address, a destination IP address, a source mac address, a destination port, an action period, and a control action of at least one detected network policy, determining a source domain of the detected network policy according to the source IP address of the detected network policy, determining a target domain of the detected network policy according to the destination IP address of the detected network policy, and obtaining a target network policy detection model corresponding to the detected network policy according to the source domain and the target domain, where the target network policy detection model can be used to detect whether an abnormal network access action corresponding to the source domain or the target domain can be blocked by a firewall set according to the detected network policy. And then, a network policy detection result corresponding to the detected network policy is obtained based on the target network policy detection model and the configuration information, so that whether the detected network policy is reliable or not can be determined according to the network policy detection result on the premise of not manually detecting the network policy, the cost for detecting the network policy is reduced, and the efficiency for detecting the network policy is improved.
According to the network policy detection apparatus of an embodiment of the present disclosure, the network policy detection apparatus is provided in a network device, and the network policy detection apparatus may be implemented as part or all of an electronic device by software, hardware, or a combination of both. Fig. 5 is a schematic block diagram of a network policy detection apparatus according to an embodiment of the present disclosure, and as shown in fig. 5, the network policy detection apparatus 500 includes:
an upload instruction receiving module 501 configured to receive a target network policy detection model upload instruction;
an upload instruction response module 502 configured to send the target network policy detection model in response to the target network policy detection model upload instruction.
The present disclosure also discloses an electronic device, fig. 6 shows a schematic structural block diagram of an electronic device according to an embodiment of the present disclosure, as shown in fig. 6, the electronic device 600 includes a memory 601 and a processor 602; wherein the content of the first and second substances,
the memory 601 is used to store one or more computer instructions, which are executed by the processor 602 to implement any of the methods in the embodiments of the present disclosure.
Fig. 7 is a schematic structural diagram of an electronic device suitable for implementing the network policy detection method according to the embodiment of the present disclosure.
As shown in fig. 7, electronic device 700 includes a processing unit 701, which may be implemented as a CPU, GPU, FPGA, NPU, or other processing unit. The processing unit 701 may execute various processes in the embodiment of any one of the methods described above of the present disclosure according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The RAM703 also stores various programs and data necessary for the operation of the electronic apparatus 700. The processing unit 701, the ROM702, and the RAM703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, any of the methods described above with reference to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing any of the methods of the embodiments of the present disclosure. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and acts of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowcharts or block diagrams may represent a module, a program segment, or a portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present disclosure may be implemented by software or hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present disclosure also provides a computer-readable storage medium, which may be the computer-readable storage medium included in the apparatus in the above-described embodiment; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the present disclosure.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is possible without departing from the inventive concept. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.

Claims (10)

1. A network policy detection method includes:
acquiring configuration information of a detected network policy, wherein the configuration information comprises a source IP address, a destination IP address, a source mac address, a destination port, an action time period and a control action of at least one detected network policy;
determining a source domain of the detected network strategy according to a source IP address of the detected network strategy, and determining a target domain of the detected network strategy according to a target IP address of the detected network strategy;
acquiring a target network policy detection model corresponding to the detected network policy according to the source domain and the target domain;
and acquiring a network policy detection result corresponding to the detected network policy based on the target network policy detection model and the configuration information.
2. The network policy detection method according to claim 1, wherein the obtaining a target network policy detection model corresponding to the detected network policy according to the source domain and the target domain comprises:
determining network equipment corresponding to the detected network policy according to the source domain and the target domain, and sending a target network policy detection model uploading instruction to the network equipment corresponding to the detected network policy;
and receiving a target network strategy detection model uploaded by the network equipment corresponding to the detected network strategy in response to the target network strategy detection model uploading instruction, wherein the target network strategy detection model is obtained by pre-training the network equipment corresponding to the detected network strategy and a server.
3. The network policy detection method according to claim 1, wherein the determining the network device corresponding to the detected network policy according to the source domain and the target domain comprises:
acquiring an active network equipment list, wherein the active network equipment list comprises the updating time of the latest updating of the network strategy of the network equipment and the IP address of the network equipment;
and determining the network equipment with the time difference between the updating time and the current time smaller than or equal to a first time difference threshold value and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
4. The network policy detection method according to claim 3, said list of active network devices further comprising an access time of a last access action of a network device:
the determining, as the network device corresponding to the detected network policy, the network device whose time difference between the update time and the current time is smaller than or equal to a first time difference threshold and whose IP address is matched with the source domain or the target domain, includes:
and determining the network equipment of which the time difference between the updating time and the current time is less than or equal to the first time difference threshold value, the time difference between the access time and the current time is less than or equal to the second time difference threshold value, and the IP address is matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
5. The network policy detection method according to claim 4, wherein the active network device list further includes user image information of a user corresponding to the network device;
the determining, as the network device corresponding to the detected network policy, that the time difference between the update time and the current time is less than or equal to the first time difference threshold, the time difference between the access time and the current time is less than or equal to a second time difference threshold, and the IP address matches with the source domain or the target domain includes:
and determining the network equipment with the time difference between the updating time and the current time smaller than or equal to the first time difference threshold, the time difference between the access time and the current time smaller than or equal to the second time difference threshold, the user portrait information matched with the preset portrait information, and the IP address matched with the source domain or the target domain as the network equipment corresponding to the detected network policy.
6. A network policy detection method is applied to a network device and comprises the following steps:
receiving a target network strategy detection model uploading instruction;
and responding to the target network strategy detection model uploading instruction, and sending the target network strategy detection model.
7. The network policy detection method according to claim 6, prior to said receiving a target network policy detection model upload instruction, said method further comprising:
receiving an update weight parameter sent by a server, and updating the private network policy detection model according to the update weight parameter;
acquiring an access log and an alarm log in real time, wherein the access log comprises an access action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the access action, the alarm log comprises an alarm action, a source IP address, a destination IP address, a source mac address, a destination port and an action time period which correspond to the alarm action, and the alarm action is an access action which triggers a firewall to detect alarm or an access action which triggers system fault;
acquiring real-time access action control information based on the alarm log acquired in real time, and training the private network policy detection model based on the real-time access action control information and the access log acquired in real time;
when the trained private network strategy detection model is not converged, acquiring a gradient update vector according to the trained private network strategy detection model, and sending the gradient update vector, wherein the server is used for aggregating the gradient update vector, and updating the weight parameters of the common network strategy detection model of the server according to the aggregated gradient update vector to acquire the updated weight parameters;
and when the trained private network strategy detection model is converged, determining the private network strategy detection model as the target network strategy detection model.
8. The method according to claim 7, wherein before receiving the updated weight parameter sent by the server and updating the private network policy detection model according to the updated weight parameter, the method further comprises:
acquiring an access log and an alarm log which are acquired in advance, determining an access action source domain according to a source IP address in the access log which is acquired in advance, and determining an access action target domain according to a target IP address in the access log which is acquired in advance;
receiving a log uploading instruction, and uploading a noisy access log and a noisy alarm log when an uploading source domain indicated by the log uploading instruction is matched with the access action source domain or the access action destination domain;
receiving an initial weight parameter sent by a server, wherein the initial weight parameter is obtained by the server according to a common network policy detection model, the common network policy detection model is obtained by extracting a common access log according to a noisy access log by the server, extracting a common alarm log according to the noisy alarm log, obtaining access action control information according to the common alarm log, taking the common access log as input and the access action control information as output based on a pre-obtained initial network policy detection model, and training the initial network policy detection model;
and updating the weight parameters of the pre-acquired initial network policy detection model according to the weight parameters to obtain the private network policy detection model.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory, wherein the processor executes the computer program to implement the method of any of claims 1-8.
10. A computer readable storage medium having computer instructions stored thereon, wherein the computer instructions, when executed by a processor, implement the method of any one of claims 1-8.
CN202111484515.XA 2021-12-07 2021-12-07 Network policy detection method, electronic device, and storage medium Pending CN114205134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111484515.XA CN114205134A (en) 2021-12-07 2021-12-07 Network policy detection method, electronic device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111484515.XA CN114205134A (en) 2021-12-07 2021-12-07 Network policy detection method, electronic device, and storage medium

Publications (1)

Publication Number Publication Date
CN114205134A true CN114205134A (en) 2022-03-18

Family

ID=80650948

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111484515.XA Pending CN114205134A (en) 2021-12-07 2021-12-07 Network policy detection method, electronic device, and storage medium

Country Status (1)

Country Link
CN (1) CN114205134A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150169A (en) * 2022-06-30 2022-10-04 北京天融信网络安全技术有限公司 Method, device, system and medium for strategy convergence
CN117234701A (en) * 2023-07-31 2023-12-15 上海数禾信息科技有限公司 Policy iteration method, device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004062216A1 (en) * 2002-12-27 2004-07-22 Fujitsu Limited Apparatus for checking policy of firewall
US20180026944A1 (en) * 2016-07-21 2018-01-25 AT&T Global Network Services (U.K.) B.V. Assessing risk associated with firewall rules
CN109040089A (en) * 2018-08-15 2018-12-18 深圳前海微众银行股份有限公司 Network strategy auditing method, equipment and computer readable storage medium
CN113079143A (en) * 2021-03-24 2021-07-06 北京锐驰信安技术有限公司 Flow data-based anomaly detection method and system
CN113660128A (en) * 2021-08-20 2021-11-16 北京神州新桥科技有限公司 Network device failure prediction method, electronic device, and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004062216A1 (en) * 2002-12-27 2004-07-22 Fujitsu Limited Apparatus for checking policy of firewall
US20180026944A1 (en) * 2016-07-21 2018-01-25 AT&T Global Network Services (U.K.) B.V. Assessing risk associated with firewall rules
CN109040089A (en) * 2018-08-15 2018-12-18 深圳前海微众银行股份有限公司 Network strategy auditing method, equipment and computer readable storage medium
CN113079143A (en) * 2021-03-24 2021-07-06 北京锐驰信安技术有限公司 Flow data-based anomaly detection method and system
CN113660128A (en) * 2021-08-20 2021-11-16 北京神州新桥科技有限公司 Network device failure prediction method, electronic device, and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150169A (en) * 2022-06-30 2022-10-04 北京天融信网络安全技术有限公司 Method, device, system and medium for strategy convergence
CN115150169B (en) * 2022-06-30 2024-02-09 北京天融信网络安全技术有限公司 Policy convergence method, device, system and medium
CN117234701A (en) * 2023-07-31 2023-12-15 上海数禾信息科技有限公司 Policy iteration method, device, computer equipment and storage medium
CN117234701B (en) * 2023-07-31 2024-06-07 上海数禾信息科技有限公司 Policy iteration method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US10716017B2 (en) Telecommunications network troubleshooting systems
CN113660128B (en) Network equipment fault prediction method, electronic equipment and storage medium
CN114205134A (en) Network policy detection method, electronic device, and storage medium
CN110929880A (en) Method and device for federated learning and computer readable storage medium
EP3553710B1 (en) Artificial intelligence optimized telecommunications systems
CN108200218B (en) Method and device for realizing load balance and electronic equipment
WO2017161760A1 (en) Data transmission method and device
WO2022151815A1 (en) Method and apparatus for determining security state of terminal device
CN112911013B (en) Cloud application processing method and device, computer equipment and storage medium
US12013690B2 (en) Method and system for controlling a process in a process plant
CN114328132A (en) Method, device, equipment and medium for monitoring state of external data source
CN114363212B (en) Equipment detection method, device, equipment and storage medium
CN115473692A (en) Service request processing method, device, equipment and medium
CN116634493A (en) Alarm information processing method and device, equipment and computer readable storage medium
CN114520775B (en) Application control method and device, electronic equipment and storage medium
US20120166559A1 (en) Vessel and land messenger service apparatus and method using vessel maintenance service
Chen et al. Flyfdetect: A smart home privacy protection framework via federated learning
CN114153880A (en) Data cache control method, electronic device and storage medium
CN117880055B (en) Network fault diagnosis method, device, equipment and medium based on transmission layer index
CN115955334B (en) Network attack flow processing method and system based on edge calculation
CN114785605B (en) Determination method, device, equipment and storage medium of network anomaly detection model
CN114707606B (en) Data processing method and device based on federal learning, equipment and storage medium
CN115550353B (en) Data channel establishing method and device, electronic equipment and storage medium
US20240056422A1 (en) Information processing device, program, and information processing method
CN114138584A (en) Proxy server testing method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination