CN117879970A - Network security protection method and system - Google Patents
Network security protection method and system Download PDFInfo
- Publication number
- CN117879970A CN117879970A CN202410201313.7A CN202410201313A CN117879970A CN 117879970 A CN117879970 A CN 117879970A CN 202410201313 A CN202410201313 A CN 202410201313A CN 117879970 A CN117879970 A CN 117879970A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- attack
- threat
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000004458 analytical method Methods 0.000 claims abstract description 63
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 53
- 230000006399 behavior Effects 0.000 claims abstract description 50
- 230000004044 response Effects 0.000 claims abstract description 39
- 244000035744 Hura crepitans Species 0.000 claims abstract description 37
- 238000005516 engineering process Methods 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 28
- 230000004927 fusion Effects 0.000 claims abstract description 20
- 238000012544 monitoring process Methods 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims abstract description 14
- 230000008263 repair mechanism Effects 0.000 claims abstract description 10
- 238000010801 machine learning Methods 0.000 claims abstract description 9
- 238000001514 detection method Methods 0.000 claims description 27
- 230000002159 abnormal effect Effects 0.000 claims description 19
- 230000007123 defense Effects 0.000 claims description 14
- 238000009826 distribution Methods 0.000 claims description 12
- 230000007246 mechanism Effects 0.000 claims description 12
- 238000012360 testing method Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 230000000694 effects Effects 0.000 claims description 11
- 238000005457 optimization Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 8
- 238000011156 evaluation Methods 0.000 claims description 8
- 238000004088 simulation Methods 0.000 claims description 7
- 238000003066 decision tree Methods 0.000 claims description 6
- 230000008439 repair process Effects 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 claims description 5
- 238000007499 fusion processing Methods 0.000 claims description 4
- 230000001965 increasing effect Effects 0.000 claims description 4
- 238000011835 investigation Methods 0.000 claims description 4
- 238000007781 pre-processing Methods 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 230000000903 blocking effect Effects 0.000 claims description 3
- 230000010354 integration Effects 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000035945 sensitivity Effects 0.000 claims description 3
- 238000012098 association analyses Methods 0.000 claims description 2
- 230000002708 enhancing effect Effects 0.000 claims description 2
- 150000001875 compounds Chemical class 0.000 claims 1
- 238000011161 development Methods 0.000 claims 1
- 238000004519 manufacturing process Methods 0.000 claims 1
- 239000004065 semiconductor Substances 0.000 claims 1
- 238000013473 artificial intelligence Methods 0.000 abstract description 4
- 239000003795 chemical substances by application Substances 0.000 description 15
- 239000000243 solution Substances 0.000 description 6
- 238000012795 verification Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 2
- 239000002131 composite material Substances 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000013105 post hoc analysis Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000013179 statistical model Methods 0.000 description 1
Abstract
The invention discloses a network security protection method and system, which relate to the technical field of network security and comprise the steps of collecting multi-mode data in real time; converting the raw data into a standardized format for machine learning using a multimodal data fusion algorithm; updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing safety strategies; simulating potential attack paths and strategies by adopting sandbox technology and virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats; an automated response and repair mechanism is introduced to respond and process the detected threat in real time. According to the invention, by deploying the intelligent acquisition agent at the key network node and combining with the network topology analysis optimized by artificial intelligence, targeted and efficient data coverage can be realized, and the comprehensive acquisition of key information is ensured.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security protection method and system.
Background
Existing network security technologies rely primarily on static defense mechanisms, such as fixed firewall rules and signature-based intrusion detection systems, which have limited effectiveness against increasingly complex and variable network attacks, particularly unknown or zero-day attacks. Furthermore, traditional security solutions often lack advanced data analysis and processing capabilities, making it difficult to extract valuable security insight from large-scale network data. This results in limited capabilities in real-time threat detection and prediction. At the same time, these systems lack the necessary adaptivity and cannot dynamically adjust their security policies and defensive measures in response to changes in network traffic and threat patterns.
Traditional network security methods are often inefficient in processing large amounts of data, resulting in large resource consumption that may impact overall network performance. These methods are often not sufficiently effective, especially when identifying and coping with complex attacks such as Advanced Persistent Threats (APT), because such attacks involve multiple phases and multiple means of attack. Furthermore, existing solutions often require a high degree of manual involvement, both in threat monitoring and response handling, increasing operating costs and error risks. Finally, conventional security systems require periodic manual updates and maintenance, particularly signature libraries and policy rules, adding additional maintenance costs and workload.
Disclosure of Invention
The invention is provided in view of the problems of the existing network security technology in terms of dynamics, adaptivity, data analysis depth and efficiency.
The problem to be solved by the present invention is therefore how to overcome these limitations by introducing more intelligent and flexible technologies, providing a more comprehensive and efficient network security approach.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a network security protection method, which includes deploying intelligent acquisition agents at different nodes of a network, and acquiring multi-mode data in real time; converting the raw data into a standardized format for machine learning using a multimodal data fusion algorithm; updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing safety strategies; storing and verifying the integrity of the predictive model and security policy using blockchain techniques and providing an unalterable event record chain; simulating potential attack paths and strategies by adopting sandbox technology and virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats; an automated response and repair mechanism is introduced to respond and process the detected threat in real time.
As a preferred scheme of the network security protection method of the present invention, the method comprises: the method for updating the threat identification model in real time by adopting the streaming data processing and dynamic incremental learning algorithm comprises the following steps: developing a multi-mode streaming input network to monitor and extract security event features with threat indicators in real time; introducing a dynamic incremental learning algorithm to update the threat identification model in real time, and dynamically adjusting a learning strategy according to the real-time network load and the data stream change; establishing a contribution tracking and rewarding distribution mechanism based on intelligent contracts, and continuously enriching and perfecting a threat library by using community strength; in combination with generating a challenge network and evolutionary algorithm, new threat data and hypochondriac scenarios are generated by resistance to iterate the threat identification model.
As a preferred scheme of the network security protection method of the present invention, the method comprises: developing a multi-modal streaming input network includes complex analysis by joining different data sources to determine if there is coordinated attack activity or internal threat, as follows: if the network traffic analysis finds an abnormal data mode and the user behavior analysis simultaneously indicates an atypical access or use mode, triggering the association check of the device log to find related system events, and simultaneously if the authentication information analysis reveals abnormal login attempts or permission changes, comprehensively starting the joint association analysis to identify the existence of potential joint attacks or internal threats; if the multi-mode data fusion result shows potential complex security threat, the system automatically adjusts the data acquisition strategy, increases the monitoring frequency and depth of key assets, and feeds back the threat modes to a dynamic incremental learning algorithm, so that future activities of the same type of modes are required to be focused; if a significant anomaly is detected in a certain data source, an emergency analysis mode crossing the data source is activated, user behaviors and equipment events related to the communication are rapidly identified, if the user behaviors and the equipment events are found to be related to other security events, a security response mechanism is immediately started, and detailed information is sent to a corresponding network defense team for investigation; if a security event of a certain type is found frequently, automatically adjusting analysis parameters of the multi-mode streaming input network, focusing on early signals of the event, and enhancing a dynamic learning algorithm by using newly found threat features and behavior patterns so as to enhance future prediction and recognition capability.
As a preferred scheme of the network security protection method of the present invention, the method comprises: simulating potential attack paths and strategies using sandboxed technology and virtual network environments comprises the steps of: constructing a sandbox environment by combining a virtualization technology and a containerization technology, and designing the environment to simulate different network topologies, operating systems and application scenes; automatically generating a new attack scene based on an algorithm for generating an countermeasure network by integration, and applying a new threat mode to a sandbox environment; performing pressure test on the existing security policy by simulating different attack scenes, and implementing decision tree or scene analysis to dynamically adjust the policy; positioning abnormality through conventional behavior analysis in sandbox environment, and simultaneously integrating automatic response and repair mechanism to simulate response after real attack; the sandbox test result is fed back to the model and the strategy updating flow, and the sandbox environment is updated regularly to reflect the latest network security trend and threat; the specific formula for automatically generating a new attack scenario is as follows:
wherein G represents a generator, D represents a arbiter, K (D, G) represents a value function of the generator and the arbiter,representing the desire for a real data distribution, +. >Representing the desire of the noise data distribution input by the generator, x represents the real data sample, z represents the input noise of the generator, D (x) represents the output of the arbiter for the real data sample x, G (z) represents the output of the generator for the noise input z, and D (G (z)) represents the evaluation of the output of the arbiter.
As a preferred scheme of the network security protection method of the present invention, the method comprises: the pressure test of the existing security policy by simulating different attack scenes comprises the following steps: defining an attack scene library and evaluation indexes; simulating an attack scene in a sandbox environment by adopting an automatic script, and recording a response result of the existing security strategy of the system; setting different script parameters and execution paths for each attack scene according to the characteristics of the attack scene so as to simulate the diversity and complexity of attack behaviors; the response data of the system in the sandbox comprises a log file, a security event report and feedback of a defense system, and performance data of the system under different attack scenes are stored; processing the stored performance data, and analyzing the performance of the existing security policy under different attack scenes; and executing path identification problem nodes by using the decision tree analysis strategy, and optimizing the security strategy according to the analysis result.
As a preferred scheme of the network security protection method of the present invention, the method comprises: optimizing the security policy according to the analysis result comprises the following steps: if the attack detection time is too long, analyzing potential bottlenecks, optimizing from the aspects of hardware resources and strategy complexity, and adjusting or increasing data acquisition points to reduce data transmission delay; if the attack blocking efficiency is low, executing attack type judgment: if the attack is unknown, the existing defense model is adjusted to update a signature library and enhance the behavior analysis capability; if the attack is known, the boundary defense capacity is enhanced, including IPS and firewall, so as to prevent the same kind of attack; if the false alarm rate is high, executing false alarm correlation judgment: if the false alarm is related to a certain type of data, the data processing rule is adjusted to reduce noise; if the false alarm is related to the user behavior analysis, adjusting a threshold value of a behavior analysis algorithm to improve the recognition accuracy; if the report missing rate is high, judging the vulnerability attack type: if the attack is known for missing report, checking whether delay or failure exists in the implementation of the security policy, and repairing the policy execution flow; if the attack is a missing report unknown attack, the collection and update speed of threat information is improved, and new threats are responded quickly; and (3) carrying out deep analysis on repeated missing report or false report under a specific scene: if identification is difficult due to the existence of a combination attack or a multi-stage attack, more complex scenario tests are designed to simulate the various steps of the multi-stage attack; if the recognition is difficult because the malicious attack imitates the normal behavior, the sensitivity of the anomaly detection algorithm is improved, and more strict examination is enabled for the similar behavior; combining analysis and adjustment results of a plurality of scenes to make an optimization plan: if multiple scenes show similar strategy shortages, prioritizing the strategy adjustment of the universality to cover multiple weaknesses; if the system repeatedly performs poorly under high-intensity attacks, the security policy management flow and the fault recovery plan are rechecked.
As a preferred scheme of the network security protection method of the present invention, the method comprises: the multi-mode data comprises network traffic, user behavior data, equipment logs, authentication information and external threat information, and the analysis formula of the network traffic is as follows:
wherein T represents a comprehensive analysis index of network traffic, N represents the total number of data packets observed on the network in a specific time period, and P i Indicating the size of the ith data packet, V i Represents the importance or priority weight of the ith data packet, W represents the total bandwidth of the network, lambda represents the weight coefficient of abnormal traffic detection, A j The abnormal flow index in the j-th time window is represented, M represents the total number of the considered time windows, gamma represents the weight coefficient of the network efficiency index, E represents the network efficiency index, i represents the data packet, and j represents the time window.
In a second aspect, an embodiment of the present invention provides a network security protection system, including a data acquisition module configured to acquire multi-modal data in real time by deploying intelligent acquisition agents at different nodes of a network; the fusion and preprocessing module is used for converting the original data into a standardized format for machine learning by using a multi-mode data fusion algorithm; the threat identification module is used for updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing security strategies; the block chain module is used for storing and verifying the integrity of the prediction model and the security policy by using a block chain technology and providing an unalterable event record chain; the sandbox simulation module is used for simulating potential attack paths and strategies by adopting a sandbox technology and a virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats; and the repair module is used for introducing an automatic response and repair mechanism and performing instant response and processing on the detected threat.
In a third aspect, embodiments of the present invention provide a computer apparatus comprising a memory and a processor, the memory storing a computer program, wherein: the computer program instructions, when executed by a processor, implement the steps of the network security protection method according to the first aspect of the present invention.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium having a computer program stored thereon, wherein: the computer program instructions, when executed by a processor, implement the steps of the network security protection method according to the first aspect of the present invention.
The beneficial effects of the invention are as follows: according to the invention, by deploying the intelligent acquisition agent at the key network node and combining with the network topology analysis optimized by artificial intelligence, the data coverage with pertinence and high efficiency can be realized, and the comprehensive acquisition of key information is ensured; the integrated anomaly detection algorithm enables the intelligent agent to automatically isolate and protect itself when being attacked, and simultaneously rapidly report security events to the center; by adopting a streaming data processing and dynamic incremental learning algorithm, the scheme not only updates the threat identification model in time, but also dynamically adjusts the learning strategy according to the real-time network load and the data stream change; simulating potential attack paths and strategies by utilizing a sandbox technology and a virtual network environment, and providing an experimental platform for verification and optimization of security strategies; and simulating potential attack paths and strategies by utilizing a sandbox technology and a virtual network environment, and providing an experimental platform for verification and optimization of security strategies.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly explain the drawings required to be used in the embodiments, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a block diagram of a network security protection method.
Fig. 2 is an algorithm flow chart of a network security protection method.
Fig. 3 is a diagram of a computer device for a network security protection method.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
Example 1
Referring to fig. 1-3, a first embodiment of the present invention provides a network security protection method, including,
s1: by deploying intelligent acquisition agents at different nodes of the network, multimodal data is acquired in real time.
Specifically, a network topology analysis tool based on artificial intelligence optimization is utilized to automatically identify key network nodes, and an intelligent acquisition agent is deployed, so as to ensure comprehensive data coverage; the self-adaptive acquisition technology is applied, and the acquisition frequency and depth are automatically adjusted according to the change of the network flow, so that key data are acquired, and meanwhile unnecessary resource consumption is reduced; the abnormal detection algorithm is integrated, so that the intelligent agent can automatically isolate and protect the intelligent agent when the intelligent agent is attacked, and report a security event to the center; the security and the integrity of the acquired data in the transmission process are ensured by using quantum key distribution.
It should be noted that the multimodal data includes, but is not limited to, network traffic, user behavior data, device logs, authentication information, and external threat information.
It should be noted that the specific formula of the network traffic analysis is as follows:
wherein T represents a comprehensive analysis index of network traffic, N represents the total number of data packets observed on the network in a specific time period, and P i Indicating the size of the ith data packet, V i Represents the importance or priority weight of the ith data packet, W represents the total bandwidth of the network, lambda represents the weight coefficient of abnormal traffic detection, A j Representing the j-th time windowThe abnormal traffic index, M, represents the total number of considered time windows, γ represents the weight coefficient of the network efficiency index, E represents the network efficiency index, i represents the data packet, j represents the time window, such as based on the comprehensive evaluation of delay and packet loss rate.
S2: the raw data is converted to a standardized format for machine learning using a multimodal data fusion algorithm.
Specifically, an advanced data cleaning and preprocessing algorithm is applied to remove noise and improve data quality so as to facilitate fusion; a high-expandability real-time data fusion framework is realized, and high-speed and expandable data processing is supported; introducing a context sensing algorithm, and dynamically adjusting a fusion strategy according to the specific condition of the network environment so as to improve the fusion accuracy; deep feature extraction is performed using a machine learning algorithm and the features that most contribute to model training are selected.
It should be noted that, the specific formula of feature extraction is as follows:
a [l] =g(W [l] ·a [l] +b [l] )
wherein a is [l] Represents the activation value of the first layer, g represents the activation function, W [l] Representing weights, b [l] Representing the bias.
S3: and updating the threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing security strategies.
Specifically, the method comprises the following steps:
s3.1: a multi-modal streaming input network is developed to monitor and extract security event features with threat indicators in real time.
Specifically, a data access layer is constructed for synchronizing network traffic, user behavior data, device logs and authentication information; for the data of the data access layer, applying a data cleaning technology to remove noise, and performing data conversion to normalize various types of data; constructing a convolutional neural network and a cyclic neural network to respectively process static data and dynamic data, and designing an algorithm to identify and extract security threat indication features in complex data; performing composite analysis by combining different data sources to determine whether there is coordinated attack activity or internal threat; and constructing a threat identification model based on the flow type integrated security threat indication features, and classifying and prioritizing the identified threats.
It should be noted that, the composite analysis performed by combining different data sources includes: if the network traffic analysis finds an abnormal data pattern (such as a traffic surge or an abnormal data packet) and the user behavior analysis simultaneously indicates an atypical access or use pattern (such as an unusual login time or place), triggering a correlation check on the device log to find related system events, and if the authentication information analysis reveals an abnormal login attempt or permission change, comprehensively starting a joint correlation analysis to identify the existence of a potential joint attack or internal threat; if the multi-mode data fusion result shows potential complex security threats (such as Advanced Persistent Threat (APT) attack), the system automatically adjusts the data acquisition strategy, increases the monitoring frequency and depth of key assets, and feeds back the threat modes to a dynamic incremental learning algorithm, so that future activities of the same type of modes are required to be focused; if a significant anomaly (such as unknown encrypted communication in network traffic) is detected in a certain data source, activating an emergency analysis mode crossing the data source, quickly identifying user behaviors and equipment events related to the communication, immediately starting a safety response mechanism if the user behaviors and the equipment events are found to be related to other safety events (such as data leakage or unauthorized information access), and sending detailed information to a corresponding network defense team for investigation; if such security events are found to be frequent, the analysis parameters of the multi-modal streaming input network are automatically adjusted to pay more attention to the early signals of such events, and simultaneously the newly found threat features and behavior patterns are used to enhance the dynamic learning algorithm so as to enhance the future prediction and recognition capability.
S3.2: and introducing a dynamic incremental learning algorithm to update the threat identification model in real time, and dynamically adjusting the learning strategy according to the real-time network load and the data flow change.
Preferably, for dynamic and continuously changing network environments, a dynamic incremental learning algorithm is introduced to continuously update and optimize the threat identification model, and timeliness and accuracy of the model are maintained. These algorithms are able to process new data samples and gradually integrate them into existing models rather than retraining from scratch, thereby saving computational resources and reducing latency.
Specifically, network load and data flow are monitored in real time to evaluate the performance and predictive power of the current threat identification model; when new data or new types of attacks are identified, the dynamic incremental learning algorithm blends these new samples or new features into the current threat identification model without requiring a full retrain; the online learning method is applied to quickly adapt to the change of the network environment, and the freshness of the model is maintained through incremental updating; concept drift (i.e., the case where the data distribution changes over time) is handled using forgetting mechanisms and weight decay techniques; the updated performance of the model is evaluated in real time to ensure that the learning process does not result in overfitting or performance degradation.
It should be noted that, the specific formula of the incremental learning update is as follows:
wherein omega new Representing model weight re-values, ω old Representing model weight re-values, α represents learning rate, and J represents loss function.
S3.3: and establishing a contribution tracking and rewarding distribution mechanism based on the intelligent contracts, and continuously enriching and perfecting a threat library by utilizing community strength.
Further, designing and deploying intelligent contracts, transparently recording contributions of contributors includes reporting new threat samples, features or other relevant information; defining clear rules and metrics in the smart contracts to evaluate the value of each contribution, such as its scarcity, accuracy, and importance to model improvement; when the contribution is verified and incorporated into the threat library, automatically providing the corresponding cryptocurrency or tokens to the contributors as rewards through the smart contracts; collaboration among community members is encouraged, co-verifying, improving and augmenting threat intelligence to form benign collaboration and competition mechanisms.
S3.4: in combination with generating a challenge network and evolutionary algorithm, new threat data and hypochondriac scenarios are generated by resistance to iterate the threat identification model.
Specifically, new threat data samples are created using the GANs, wherein the generator attempts to generate more and more realistic attack data, and the discriminator attempts to distinguish between the real attack data and the data created by the generator; introducing an evolutionary algorithm to iterate the generated attack data, and optimizing the generated attack modes to enable the modes to meet the weaknesses of the defense model; the quality of threat data generated by these methods is assessed and qualified samples are incorporated into the training dataset, continually iterating and refining the threat identification model.
S4: the blockchain technique is utilized to store and verify the integrity of the predictive model and security policies and to provide an unalterable chain of event records.
S5: sandboxed technology and virtual network environments are employed to simulate potential attack paths and strategies, and conventional network behavior is monitored and analyzed to identify anomalies and potential threats.
Preferably, the method comprises the following steps:
s5.1: and constructing a sandbox environment by combining a virtualization technology and a containerization technology, and designing the environment to simulate different network topologies, operating systems and application scenes.
S5.2: the integration automatically generates new attack scenarios based on algorithms that generate the challenge network and applies new threat patterns to the sandboxed environment.
Specifically, the specific formula for generating the new attack scenario is as follows:
wherein G represents a generator, D represents a arbiter, K (D, G) represents a value function of the generator and the arbiter,representing the desire for a real data distribution, +.>Representing the desire of the noise data distribution input by the generator, x represents the real data sample, z represents the input noise of the generator, D (x) represents the output of the arbiter for the real data sample x, G (z) represents the output of the generator for the noise input z, and D (G (z)) represents the evaluation of the output of the arbiter.
S5.3: the existing security policies are pressure tested by simulating different attack scenarios, and decision trees or scenario analysis are implemented to dynamically adjust the policies.
Further, an attack scene library and evaluation indexes are defined, wherein the attack scene library comprises, but is not limited to, DDoS attacks, phishing, malicious software propagation, internal data leakage, cross-site script attacks, SQL injection attacks and the like, and the evaluation indexes comprise attack detection time, attack prevention efficiency, false alarm rate and the like; simulating an attack scene in a sandbox environment by adopting an automatic script, and recording a response result of the existing security strategy of the system; setting different script parameters and execution paths for each attack scene according to the characteristics of the attack scene so as to simulate the diversity and complexity of attack behaviors; the response data of the system in the sandbox comprises log files, security event reports, feedback of a defense system and the like, and performance data of the system under different attack scenes are stored; processing the stored performance data, and analyzing the performance of the existing security policy under different attack scenes; and executing path identification problem nodes by using the decision tree analysis strategy, and optimizing the security strategy according to the analysis result.
Specifically, if the attack detection time is too long, the potential bottleneck is analyzed, optimization is performed in terms of hardware resources and strategy complexity, and the data acquisition point is adjusted or increased to reduce the data transmission delay. If the attack blocking efficiency is low, executing attack type judgment: if the attack is unknown, the existing defense model is adjusted to update a signature library and enhance the behavior analysis capability; if the attack is known, the boundary defense capability is enhanced, including IPS and firewall, so as to prevent the same kind of attack. If the false alarm rate is high, executing false alarm correlation judgment: if the false alarm is related to the specific type of data, the data processing rule is adjusted to reduce noise; if the false alarm is related to the user behavior analysis, the threshold value of the behavior analysis algorithm is adjusted to improve the recognition accuracy. If the report missing rate is high, judging the vulnerability attack type: if the attack is known for missing report, checking whether delay or failure exists in the implementation of the security policy, and repairing the policy execution flow; if the attack is a missing report unknown attack, the collection and update speed of threat information is improved, and new threats are responded quickly; and (3) carrying out deep analysis on repeated missing report or false report under a specific scene: if identification is difficult due to the existence of a combination attack or a multi-stage attack, more complex scenario tests are designed to simulate the various steps of the multi-stage attack; if the recognition is difficult because the malicious attack imitates the normal behavior, the sensitivity of the anomaly detection algorithm is improved, and more strict examination is enabled for the similar behavior; combining analysis and adjustment results of a plurality of scenes to make an optimization plan: if multiple scenes show similar strategy shortages, prioritizing the strategy adjustment of the universality to cover multiple weaknesses; if the system repeatedly performs poorly under high-intensity attacks, the security policy management flow and the fault recovery plan are rechecked.
S5.4: the exception is located through conventional behavior analysis in a sandbox environment, and an automatic response and repair mechanism is integrated to simulate the response after the real attack.
Specifically, a monitoring tool is deployed in a sandbox environment and used for tracking network traffic, system calls, user behaviors and application logs; collecting normal behavior data in the sandbox environment, including network traffic, system calls and user behavior, to determine a baseline, and setting an anomaly detection threshold according to the baseline data and pressure test results to trigger an alarm and subsequent response steps; analyzing the monitored data using machine learning and statistical models to normalize pattern recognition and abnormal behavior detection; continuously analyzing and comparing the real-time data with the baseline to determine activity deviating from the normal behavior pattern; once the behavioral analysis system detects abnormal activity, immediately triggering a preset automatic response mechanism according to the severity of the abnormality, including quarantining the threat, executing a predefined repair script, or starting a detailed safety investigation flow; after attack or threat confirmation, automatically executing an automatic repair program to restore the sandbox environment to a safe state, wherein the testing and executing restoring steps comprise data rollback, system restarting and service restoring; and carrying out detailed post-hoc analysis on each abnormal event, recording the discovered loopholes and weaknesses, and updating and improving the monitoring and response strategies according to analysis results.
It should be noted that the configuration monitoring tool uses the intelligent recognition model adjusted by the S5.3 security policy to effectively analyze the standard behavior and recognize the anomaly.
S5.5: and feeding back the sandbox test result to the model and strategy updating flow, and periodically updating the sandbox environment to reflect the latest network security trend and threat.
S6: an automated response and repair mechanism is introduced to timely respond and process the detected threat.
Specifically, responsive rules and protocols are set according to the identified threat type and severity, such as automatically initiating traffic isolation for detected malicious traffic, automatically limiting or suspending account permissions for abnormal login attempts; integrating an automated response mechanism into existing networks and security infrastructure to ensure that the response mechanism seamlessly cooperates with firewalls, intrusion detection systems, and other security tools; monitoring network activities in real time, and triggering corresponding automatic response immediately once a threat meeting preset conditions is detected; after the threat is quarantined or alleviated, automatically performing repair and restoration procedures such as restarting the affected service, rolling back to a secure state, updating the security policy to prevent re-attacks; performing post-analysis on the effect of each automatic response, and adjusting the response strategy according to the post-analysis; and updating the response strategy according to the new threat information and the security trend at regular intervals.
Further, the embodiment also provides a network security protection system, which comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring multi-mode data in real time by deploying intelligent acquisition agents at different nodes of a network; the fusion and preprocessing module is used for converting the original data into a standardized format for machine learning by using a multi-mode data fusion algorithm; the threat identification module is used for updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing security strategies; the block chain module is used for storing and verifying the integrity of the prediction model and the security policy by using a block chain technology and providing an unalterable event record chain; the sandbox simulation module is used for simulating potential attack paths and strategies by adopting a sandbox technology and a virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats; and the repair module is used for introducing an automatic response and repair mechanism and performing instant response and processing on the detected threat.
The embodiment also provides a computer device, which is suitable for the condition of the network security protection method, and comprises a memory and a processor; the memory is configured to store computer executable instructions, and the processor is configured to execute the computer executable instructions to implement the network security protection method as set forth in the above embodiment.
The computer device may be a terminal comprising a processor, a memory, a communication interface, a display screen and input means connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
The present embodiment also provides a storage medium having stored thereon a computer program which, when executed by a processor, implements a network security protection method as set forth in the above embodiments.
In summary, the intelligent acquisition agent is deployed on the key network node, and the network topology analysis optimized by combining the artificial intelligence can realize targeted and high-efficiency data coverage, so that the comprehensive acquisition of key information is ensured; the integrated anomaly detection algorithm enables the intelligent agent to automatically isolate and protect itself when being attacked, and simultaneously rapidly report security events to the center; by adopting a streaming data processing and dynamic incremental learning algorithm, the scheme not only updates the threat identification model in time, but also dynamically adjusts the learning strategy according to the real-time network load and the data stream change; simulating potential attack paths and strategies by utilizing a sandbox technology and a virtual network environment, and providing an experimental platform for verification and optimization of security strategies; and simulating potential attack paths and strategies by utilizing a sandbox technology and a virtual network environment, and providing an experimental platform for verification and optimization of security strategies.
Example 2
Referring to fig. 1 to 2, a network security method is provided for a second embodiment of the present invention, and in order to verify the beneficial effects of the present invention, scientific demonstration is performed through economic benefit calculation and simulation experiments.
Specifically, taking a certain enterprise-level network as an example, 1000 terminal devices, 5 data centers and wide public cloud service are included. The attack types include simulating common network threats such as DDoS attack, internal data leakage, malicious software propagation and the like.
Further, 10 key nodes are selected for intelligent acquisition agent deployment, each node generates about 100 records per second, including network traffic, user behavior and the like, and the abnormal detection rate is recorded during the simulation attack; removing 5% of noise data from the data collected by each node, and recording the average time required for completing data fusion; and recording threat detection accuracy under different attack scenes, and recording the updating times of the model and the updating effect of each time.
Further, different types of network attacks are simulated in the simulation environment, data from each node is collected and processed, a threat identification model is applied, the identification result is recorded, and a part of data record tables are shown in table 1.
Table 1 part data record table
| Experimental procedure | Index (I) | Data |
| S1 data acquisition | Anomaly detection rate | 95% |
| S2 data fusion | Fusion processing time | Average 2 seconds |
| S3 threat identification | Detection accuracy (DDoS) | 90% |
| S3 threat identification | Detection accuracy (internal leakage) | 85% |
| S3 threat identification | Detection accuracy (malware) | 88% |
| S3 learning update | Model update times | 5 times |
| S3 learning update | Post-update boost effect | Average rise 3% |
| ... | ... | ... |
Furthermore, in a simulation environment, the intelligent acquisition agent can effectively identify 95% of abnormal events, so that high-efficiency data acquisition and preliminary analysis capability are indicated; the average 2 second data processing time shows the high efficiency of the system in terms of real-time data processing; under different types of attack scenes, the system shows good threat detection capability, and the accuracy is between 85% and 90%; the 5 model updates show the dynamic learning capability of the system in adapting to new threats, and the threat detection accuracy is improved by 3% on average each time of updating.
Preferably, the present invention has significant advantages over the prior art in the field of network security. By deploying the intelligent acquisition agent at the key network node, the efficient multi-mode data acquisition and fusion are realized, and a more comprehensive security threat view angle is provided compared with the traditional single data source. The adopted dynamic incremental learning algorithm enables the threat identification model to be updated in real time, adapts to continuous changes of network environment, and reduces the calculation cost of retraining the model. In addition, the integrated anomaly detection and automated response mechanism greatly improves the response speed and efficiency to security events. The invention further applies the quantum key distribution technology and the intelligent contract, and further enhances the security of data transmission and the dynamic property of the system. Finally, new threat data are generated by utilizing a generated countermeasure network (GANs) and an evolutionary algorithm, so that the recognition capability of the system to complex attack modes is improved, and the defense system is more robust. These features make the present invention superior to the prior art in several key aspects such as data processing, threat identification, learning updates, security and emergency response.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.
Claims (10)
1. A network security protection method is characterized in that: comprising the steps of (a) a step of,
the intelligent acquisition agent is deployed at different nodes of the network to acquire multi-mode data in real time;
converting the raw data into a standardized format for machine learning using a multimodal data fusion algorithm;
updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing safety strategies;
storing and verifying the integrity of the predictive model and security policy using blockchain techniques and providing an unalterable event record chain;
simulating potential attack paths and strategies by adopting sandbox technology and virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats;
an automated response and repair mechanism is introduced to respond and process the detected threat in real time.
2. The network security protection method of claim 1, wherein: the method for updating the threat identification model in real time by adopting the streaming data processing and dynamic incremental learning algorithm comprises the following steps:
developing a multi-mode streaming input network to monitor and extract security event features with threat indicators in real time;
Introducing a dynamic incremental learning algorithm to update the threat identification model in real time, and dynamically adjusting a learning strategy according to the real-time network load and the data stream change;
establishing a contribution tracking and rewarding distribution mechanism based on intelligent contracts, and continuously enriching and perfecting a threat library by using community strength;
in combination with generating a challenge network and evolutionary algorithm, new threat data and hypochondriac scenarios are generated by resistance to iterate the threat identification model.
3. The network security protection method of claim 2, wherein: the development of the multi-modal streaming input network comprises the steps of carrying out compound analysis by combining different data sources to determine whether coordinated attack activities or internal threats exist or not, wherein the specific steps are as follows:
if the network traffic analysis finds an abnormal data mode and the user behavior analysis simultaneously indicates an atypical access or use mode, triggering the association check of the device log to find related system events, and simultaneously if the authentication information analysis reveals abnormal login attempts or permission changes, comprehensively starting the joint association analysis to identify the existence of potential joint attacks or internal threats;
if the multi-mode data fusion result shows potential complex security threat, the system automatically adjusts the data acquisition strategy, increases the monitoring frequency and depth of key assets, and feeds back the threat modes to a dynamic incremental learning algorithm, so that future activities of the same type of modes are required to be focused;
If a significant anomaly is detected in a certain data source, an emergency analysis mode crossing the data source is activated, user behaviors and equipment events related to the communication are rapidly identified, if the user behaviors and the equipment events are found to be related to other security events, a security response mechanism is immediately started, and detailed information is sent to a corresponding network defense team for investigation;
if a security event of a certain type is found frequently, automatically adjusting analysis parameters of the multi-mode streaming input network, focusing on early signals of the event, and enhancing a dynamic learning algorithm by using newly found threat features and behavior patterns so as to enhance future prediction and recognition capability.
4. The network security protection method of claim 1, wherein: the simulating potential attack paths and strategies by adopting sandbox technology and virtual network environment comprises the following steps:
constructing a sandbox environment by combining a virtualization technology and a containerization technology, and designing the environment to simulate different network topologies, operating systems and application scenes;
automatically generating a new attack scene based on an algorithm for generating an countermeasure network by integration, and applying a new threat mode to a sandbox environment;
performing pressure test on the existing security policy by simulating different attack scenes, and implementing decision tree or scene analysis to dynamically adjust the policy;
Positioning abnormality through conventional behavior analysis in sandbox environment, and simultaneously integrating automatic response and repair mechanism to simulate response after real attack;
the sandbox test result is fed back to the model and the strategy updating flow, and the sandbox environment is updated regularly to reflect the latest network security trend and threat;
the specific formula for automatically generating the new attack scenario is as follows:
wherein G represents a generator, D represents a arbiter, K (D, G) represents a value function of the generator and the arbiter,representing the desire for a real data distribution, +.>Representing the desire of the noise data distribution input by the generator, x represents the real data sample, z represents the input noise of the generator, D (x) represents the output of the arbiter for the real data sample x, G (z) represents the output of the generator for the noise input z, and D (G (z)) represents the evaluation of the output of the arbiter.
5. The network security protection method of claim 4, wherein: the pressure test of the existing security policy by simulating different attack scenes comprises the following steps:
defining an attack scene library and evaluation indexes;
simulating an attack scene in a sandbox environment by adopting an automatic script, and recording a response result of the existing security strategy of the system;
Setting different script parameters and execution paths for each attack scene according to the characteristics of the attack scene so as to simulate the diversity and complexity of attack behaviors;
the response data of the system in the sandbox comprises a log file, a security event report and feedback of a defense system, and performance data of the system under different attack scenes are stored;
processing the stored performance data, and analyzing the performance of the existing security policy under different attack scenes;
and executing path identification problem nodes by using the decision tree analysis strategy, and optimizing the security strategy according to the analysis result.
6. The network security protection method of claim 5, wherein: the optimizing the security policy according to the analysis result comprises the following steps:
if the attack detection time is too long, analyzing potential bottlenecks, optimizing from the aspects of hardware resources and strategy complexity, and adjusting or increasing data acquisition points to reduce data transmission delay;
if the attack blocking efficiency is low, executing attack type judgment:
if the attack is unknown, the existing defense model is adjusted to update a signature library and enhance the behavior analysis capability;
if the attack is known, the boundary defense capacity is enhanced, including IPS and firewall, so as to prevent the same kind of attack;
If the false alarm rate is high, executing false alarm correlation judgment:
if the false alarm is related to a certain type of data, the data processing rule is adjusted to reduce noise;
if the false alarm is related to the user behavior analysis, adjusting a threshold value of a behavior analysis algorithm to improve the recognition accuracy;
if the report missing rate is high, judging the vulnerability attack type:
if the attack is known for missing report, checking whether delay or failure exists in the implementation of the security policy, and repairing the policy execution flow;
if the attack is a missing report unknown attack, the collection and update speed of threat information is improved, and new threats are responded quickly;
and (3) carrying out deep analysis on repeated missing report or false report under a specific scene:
if identification is difficult due to the existence of a combination attack or a multi-stage attack, more complex scenario tests are designed to simulate the various steps of the multi-stage attack;
if the recognition is difficult because the malicious attack imitates the normal behavior, the sensitivity of the anomaly detection algorithm is improved, and more strict examination is enabled for the similar behavior;
combining analysis and adjustment results of a plurality of scenes to make an optimization plan:
if multiple scenes show similar strategy shortages, prioritizing the strategy adjustment of the universality to cover multiple weaknesses;
If the system repeatedly performs poorly under high-intensity attacks, the security policy management flow and the fault recovery plan are rechecked.
7. The network security protection method of claim 1, wherein: the multi-mode data comprises network traffic, user behavior data, equipment logs, authentication information and external threat information, and the analysis formula of the network traffic is as follows:
wherein T represents a comprehensive analysis index of network traffic, N represents the total number of data packets observed on the network in a specific time period, and P i Indicating the size of the ith data packet, V i Represents the importance or priority weight of the ith data packet, W represents the total bandwidth of the network, lambda represents the weight coefficient of abnormal traffic detection, A j The abnormal flow index in the j-th time window is represented, M represents the total number of the considered time windows, gamma represents the weight coefficient of the network efficiency index, E represents the network efficiency index, i represents the data packet, and j represents the time window.
8. A network security protection system based on the network security protection method of any one of claims 1 to 7, characterized in that: also included is a method of manufacturing a semiconductor device,
the data acquisition module is used for acquiring multi-mode data in real time by deploying intelligent acquisition agents at different nodes of the network;
The fusion and preprocessing module is used for converting the original data into a standardized format for machine learning by using a multi-mode data fusion algorithm;
the threat identification module is used for updating a threat identification model in real time by adopting a streaming data processing and dynamic incremental learning algorithm, and optimizing a learning process and a threat library through active learning and crowdsourcing security strategies;
the block chain module is used for storing and verifying the integrity of the prediction model and the security policy by using a block chain technology and providing an unalterable event record chain;
the sandbox simulation module is used for simulating potential attack paths and strategies by adopting a sandbox technology and a virtual network environment, and monitoring and analyzing conventional network behaviors to identify anomalies and potential threats;
and the repair module is used for introducing an automatic response and repair mechanism and performing instant response and processing on the detected threat.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that: the steps of the network security protection method of any of claims 1 to 7 are implemented when the processor executes the computer program.
10. A computer-readable storage medium having stored thereon a computer program, characterized by: the computer program when executed by a processor implements the steps of the network security protection method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410201313.7A CN117879970A (en) | 2024-02-23 | 2024-02-23 | Network security protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410201313.7A CN117879970A (en) | 2024-02-23 | 2024-02-23 | Network security protection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117879970A true CN117879970A (en) | 2024-04-12 |
Family
ID=90583169
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410201313.7A Pending CN117879970A (en) | 2024-02-23 | 2024-02-23 | Network security protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117879970A (en) |
-
2024
- 2024-02-23 CN CN202410201313.7A patent/CN117879970A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210273957A1 (en) | Cyber security for software-as-a-service factoring risk | |
| US20240064168A1 (en) | Incorporating software-as-a-service data into a cyber threat defense system | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| Repalle et al. | Intrusion detection system using ai and machine learning algorithm | |
| Deka et al. | Network defense: Approaches, methods and techniques | |
| Hu et al. | Attack scenario reconstruction approach using attack graph and alert data mining | |
| US20230011004A1 (en) | Cyber security sandbox environment | |
| RU2610395C1 (en) | Method of computer security distributed events investigation | |
| Hasan et al. | Artificial intelligence empowered cyber threat detection and protection for power utilities | |
| Ananthapadmanabhan et al. | Threat modeling and threat intelligence system for cloud using splunk | |
| Ghanshala et al. | BNID: a behavior-based network intrusion detection at network-layer in cloud environment | |
| Yeboah-ofori et al. | Cybercrime and risks for cyber physical systems: A review | |
| Li et al. | Research on intrusion detection based on neural network optimized by genetic algorithm | |
| Kumar et al. | Statistical based intrusion detection framework using six sigma technique | |
| Ponnusamy et al. | Investigation on iot intrusion detection in wireless environment | |
| Li | An approach to graph-based modeling of network exploitations | |
| CN117879970A (en) | Network security protection method and system | |
| Malik et al. | Dynamic risk assessment and analysis framework for large-scale cyber-physical systems | |
| Binnar et al. | Security Analysis of Cyber Physical System using Digital Forensic Incident Response | |
| Lakhdhar et al. | An approach to a graph-based active cyber defense model | |
| KR102592868B1 (en) | Methods and electronic devices for analyzing cybersecurity threats to organizations | |
| US20240098100A1 (en) | Automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment | |
| Du et al. | Research and Application of Information System Vulnerability Control Technology Based on Runtime Self-Protection Technology | |
| Fu et al. | A Study of Evaluation Methods of WEB Security Threats Based on Multi-stage Attack | |
| Rice et al. | A hierarchical approach for detecting system intrusions through event correlation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |