CN101902336A - Rule model-based security event correlation analysis system and method - Google Patents
Rule model-based security event correlation analysis system and method Download PDFInfo
- Publication number
- CN101902336A CN101902336A CN2009100850378A CN200910085037A CN101902336A CN 101902336 A CN101902336 A CN 101902336A CN 2009100850378 A CN2009100850378 A CN 2009100850378A CN 200910085037 A CN200910085037 A CN 200910085037A CN 101902336 A CN101902336 A CN 101902336A
- Authority
- CN
- China
- Prior art keywords
- state
- rule model
- rule
- model
- queue
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a rule model-based security event correlation analysis system and a rule model-based security event correlation analysis method so as to reduce the implementation cost of projects supported by a plurality of rule models. The method comprises the following steps: acquiring a primitive alarm event; invoking a matching algorithm corresponding to a rule model so as to match the primitive alarm event with all valid states in a state queue of the rule model; in case of failed matching, matching the primitive alarm event with the initial state of the rule model again, after the matching is successful, adding the initial state into the state queue; and in case of successful matching, maintaining the state queue firstly, then carrying out matching again, wherein maintained events including events after correlation analysis. The rule model-based security event correlation analysis system and the rule model-based security event correlation analysis method have the advantages of reducing the implementation cost of the project supported by the plurality of rule models, and theoretically supporting an infinite number of rule models so as to acquire more comprehensive analysis results.
Description
Technical field
The present invention relates to the network security technology field, relate in particular to a kind of security event correlation analysis system and method for rule-based model.
Background technology
Along with computer technology and development of internet technology, network security problem more and more comes into one's own.Common Network Security Device has fire compartment wall, intruding detection system, intrusion prevention system, vulnerability scanning system, safety auditing system and antivirus software or the like, and these safety means can produce warning information when abnormal conditions occur.In addition, certain operations system and application program also can produce security-related daily record.These warning messages and daily record are commonly called original alert event.
The common quantity of original alert event of originating different is huge, and on the information that is comprised, often overlap each other, related or interdepend, manually handle the highly redundant of such flood tide and the information of high related complexity is unpractical by the safety manager.In addition, whole features that the detection of single safety means can't the overlay network attack have only that multiple safety means are combined to carry out multi-faceted monitoring, just can guarantee to find timely and accurately and prevent these attacks.
Address the above problem, just must the association analytical technology.At present main association analysis technology can be divided into two big classes, comprises the association analysis technology of rule-based model and based on the association analysis technology of statistical analysis.Below this two big class technology is introduced respectively.
(1) the association analysis technology of rule-based model
The association analysis technology of rule-based model, the various feature extractions of attack are come out to form the attack characterization storehouse, and primary network is attacked the feature of whole process from start to end based on describing the storehouse, construct the automaton model of an analysis usefulness, thereby draw the association analysis rule, and in detecting to network security with this association analysis rule application.
(2) based on the association analysis technology of statistical analysis
Based on the association analysis technology of statistical analysis, utilize data mining field statistical analysis technique commonly used, a large amount of original alert events are marked off the set that comprises common characteristic by statistical method.Then this set is applied in the network security detection.The cluster association technology that mainly is represented as of this type of association analysis method.
In the above-mentioned two class main stream approach, use owing to present statistical analysis technique also is not enough to tackle engineering based on the association analysis technology of statistical analysis, the analysis result that draws also lacks clear and definite practical significance, and therefore rarely having with this technology is the correlation analysis system of realization.And rule-based association analysis method is adopted by engineering system widely, but on the basis of these class methods, analysis result is subject to the model of foundation, and, the special Project Realization of the corresponding usually cover of specific model, the increase of model quantity also just means the increase of engineering construction difficulty, so most rule-based correlation analysis system all only adopts limited several analytical models, thereby also just is difficult to be applied to all sidedly under the various situations of network.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of security event correlation analysis system and method for rule-based model, to reduce the engineering construction cost under the more rules model supports.
In order to solve the problems of the technologies described above, the invention provides a kind of security event correlation analysis system of rule-based model, comprising:
The rule model database is used for tree-like mode storage rule model;
The matching algorithm module is used for storing the matching algorithm of each matched rule that may exist corresponding to described rule model;
Scheduler module, link to each other with described rule model database and matching algorithm module, be used to be written into described rule model and set up a state queue, obtain original alert event, calling matching algorithm from described matching algorithm module mates described original alert event, if it fails to match then the initial state of described original alert event and described rule model is mated once more, describedly once more described initial state is joined described state queue after the match is successful; Then safeguard described state queue earlier if the match is successful, carry out described coupling once more then;
The incident generation module links to each other with described scheduler module, when being used for described scheduler module and carrying out described the maintenance, generates incident after the association analysis corresponding with rule model.
Preferably, described scheduler module is safeguarded described state queue, comprises the state information of revising the state node on the quilt coupling in the described state queue, and judges whether the state of described state node arrives a state threshold;
Described incident generation module when the state of described state node arrives described state threshold, generates incident after the described association analysis.
Preferably, described rule model database is stored described rule model in tree-like mode.
Preferably, this system further comprises:
Administration module links to each other with described rule model database and scheduler module, is used for described rule model is managed.
Preferably, described administration module when carrying out described management, is packaged into storage format with editing data and is stored into described rule model database, notifies described scheduler module to be written into rule model in the described rule model database again.
In order to solve the problems of the technologies described above, the present invention also provides a kind of security event associative analysis method of rule-based model, comprising:
Obtain original alert event;
Call matching algorithm, all effective statuses in the state queue of described original alert event and rule model are mated corresponding to rule model;
If it fails to match, then the initial state of described original alert event and described rule model is mated once more, describedly once more described initial state is joined described state queue after the match is successful;
Then safeguard described state queue earlier if the match is successful, carry out described coupling once more then; Described maintenance comprises the incident after the association analysis that generates.
Preferably, safeguard described state queue, comprise and revising in the described state queue, judge whether the state of described state node arrives a state threshold, generate incident after the described association analysis during arrival by the state information of the state node on the coupling.
Preferably, described rule model is stored in tree-like mode.
Preferably, this method further comprises:
Described rule model is managed, store after the editing data during with described management is packaged into storage format, and be written into described rule model again.
Compared with prior art, the security event correlation analysis system of rule-based model provided by the invention and method by the common treatment to rule model, have reduced the engineering construction cost under the more rules model supports.Can on the original alert event that gets access in real time, use all self-defining rule models, the original alert event that gets access to is fully finished coupling and can not had omission.The new security incident content that is generated after the association analysis, also can define voluntarily by the user fully, provide unified generating mode to incident after the self-defining association analysis, incident after the self-defined association analysis of create-rule model correspondence, thereby unlimited many rule models can draw more comprehensive analysis result in view of the above on the support theory.
Description of drawings
Fig. 1 is the composition schematic diagram of security event correlation analysis system embodiment of the present invention.
Fig. 2 is the schematic flow sheet of security event associative analysis method embodiment of the present invention.
Fig. 3 is the tree-shaped correlation rule schematic diagram in the application example of the present invention.
Fig. 4 to Fig. 7 is an association analysis process schematic diagram.
Fig. 8 is incident schematic diagram after the association analysis that application example of the present invention generated.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical problem to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.
Fig. 1 is the composition schematic diagram that the present invention is based on the security event correlation analysis system embodiment of rule model.As shown in Figure 1, this system embodiment mainly comprises rule model database 110, matching algorithm module 120, scheduler module 130, incident generation module 140 and administration module 150, wherein:
Above-mentioned scheduler module 130, be responsible for the total activation of matching algorithm module 120 and incident generation module 140 these two functional modules, input, output and the data flow of control whole system, also be responsible for the rule model in current each use is set up a state queue and safeguarded original alert event residing state in model that record obtains in real time.The original alert event that each bar is newly got access to, whether the incident of all checking respectively mates effective state node in the current rule model state queue, and the initial rule that whether satisfies rule model, match the incident subsequence of a rule model of all possible complete coupling in the original alert event sequence with this, and incident after the association analysis of create-rule model specification.
Above-mentioned incident generation module 140 can be resolved the expression formula that comprises simple operation, common type transfer function and network function commonly used etc. in the event attribute.
In the visualized operation interface that above-mentioned administration module 150 provides, show rule model with tree-structure mode, and also rule model is stored in the database with tree-structure mode.Mode such as allow the user to use to comprise logical operator commonly used, subordinate and contain create matched rule, allow the user to set to comprise time, statistical counting, quote and the various key elements of hierarchical relationship etc.
Fig. 2 is the schematic flow sheet that the present invention is based on the security event associative analysis method embodiment of rule model.Please refer to system embodiment shown in Figure 1, this method embodiment shown in Fig. 2 mainly comprises the steps:
Step S210 gets access to an original alert event, comprises complete event attribute set in this original alert event;
Step S220, call matching algorithm corresponding to rule model, all effective statuses in the state queue of this original alert event and current rule model are mated, if the state node that can mate is arranged, illustrate that then this alert event is to satisfy one of incident in the sequence of events of rule model of this state node correspondence, execution in step S230, otherwise execution in step S260;
Step S230 revises in the rule model state queue by the state information of the state node on the coupling;
Step S240 judges whether the state of the state node that is modified has arrived a default state threshold, is then to illustrate the event matches that rule model carried out of state node correspondence has been finished, execution in step S250, otherwise execution in step S260;
Step S250, incident after the association analysis of create-rule model correspondence, execution in step S260 then;
Step S260 mates the initial state of this original alert event and rule model once more, if on mating then illustrate that this original alert event also may be the initial of new round rule model coupling, and execution in step S270, otherwise finish.
Step S270, the initial state adding rule model state queue with rule model finishes.
The present invention will be further described below in conjunction with a concrete application example.Wherein Fig. 3 is the tree-shaped correlation rule schematic diagram in this application example, and Fig. 4 to Fig. 7 is an association analysis process schematic diagram, and Fig. 8 is for should be with incident schematic diagram after the association analysis that example generated.
At first dispose a rule model as shown in Figure 3, wherein A, B, a, b, c, 1,2,3 are different correlation rules, A and B are the initial state rules of rule model, and R represents it is tree root on the correlation rule tree, and the state queue of hypothesis rule model this moment be a sky.
Be in operation, successively get access to two original alert event Alert1 and Alert2 (hereinafter to be referred as A1 and A2), wherein A1 satisfies correlation rule A, B and b, and A2 satisfies correlation rule B, c, a and 3.
In the process of carrying out association analysis, at first A1 is analyzed, the node in A1 and the model state formation is mated, because formation is empty at present, so Alert1 and rule model initial state rule A and B are mated.Because A1 satisfies regular A and B, so A and B are added into state queue, referring to Fig. 4.
Next A2 is analyzed, node in A2 and the model state formation is mated, be divided into two kinds of situations this moment: first kind of situation, state in the state queue does not arrive a state threshold, in having revised state queue, behind the status data of state A and B, again the initial state rule of A2 and rule model is mated so, because A2 satisfies regular B, so B is added state queue, referring to Fig. 5; Second kind of situation, state node in the state queue has arrived this state threshold, and A2 need mate with state node next the level rule in rule tree that arrives this state threshold, because A2 satisfies regular a and c, so a and c are added into state queue, referring to Fig. 6.A2 mates with the initial state rule of rule model more afterwards, will be added state queue by the regular B on the coupling, referring to Fig. 7.Incident after the association analysis of the state node correspondence of this state threshold of generation arrival at last is referring to Fig. 8.
The security event correlation analysis system of rule-based model provided by the invention and method by the common treatment to rule model, have reduced the engineering construction cost under the more rules model supports.Based on rule model can define voluntarily by the user fully, provide unified analysis mode to self-defining rule model.Can on the original alert event that gets access in real time, use all self-defining rule models, the original alert event that gets access to is fully finished coupling and can not had an omission, and can adjust the rule model of definition at any time and adjusted model in time is applied in the matching process and go.The new security incident content that is generated after the association analysis, also can define voluntarily by the user fully, provide unified generating mode to incident after the self-defining association analysis, incident after the self-defined association analysis of create-rule model correspondence, thereby unlimited many rule models can draw more comprehensive analysis result in view of the above on the support theory.
Though the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technical staff in any the technical field of the invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and on the details; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (9)
1. the security event correlation analysis system of a rule-based model is characterized in that, comprising:
The rule model database is used for tree-like mode storage rule model;
The matching algorithm module is used for storing the matching algorithm of each matched rule that may exist corresponding to described rule model;
Scheduler module, link to each other with described rule model database and matching algorithm module, be used to be written into described rule model and set up a state queue, obtain original alert event, calling matching algorithm from described matching algorithm module mates described original alert event, if it fails to match then the initial state of described original alert event and described rule model is mated once more, describedly once more described initial state is joined described state queue after the match is successful; Then safeguard described state queue earlier if the match is successful, carry out described coupling once more then;
The incident generation module links to each other with described scheduler module, when being used for described scheduler module and carrying out described the maintenance, generates incident after the association analysis corresponding with rule model.
2. the system as claimed in claim 1 is characterized in that:
Described scheduler module is safeguarded described state queue, comprises the state information of revising the state node on the quilt coupling in the described state queue, and judges whether the state of described state node arrives a state threshold;
Described incident generation module when the state of described state node arrives described state threshold, generates incident after the described association analysis.
3. the system as claimed in claim 1 is characterized in that:
Described rule model database is stored described rule model in tree-like mode.
4. the system as claimed in claim 1 is characterized in that, this system further comprises:
Administration module links to each other with described rule model database and scheduler module, is used for described rule model is managed.
5. method as claimed in claim 4 is characterized in that:
Described administration module when carrying out described management, is packaged into storage format with editing data and is stored into described rule model database, notifies described scheduler module to be written into rule model in the described rule model database again.
6. the security event associative analysis method of a rule-based model is characterized in that, comprising:
Obtain original alert event;
Call matching algorithm, all effective statuses in the state queue of described original alert event and rule model are mated corresponding to rule model;
If it fails to match, then the initial state of described original alert event and described rule model is mated once more, describedly once more described initial state is joined described state queue after the match is successful;
Then safeguard described state queue earlier if the match is successful, carry out described coupling once more then; Described maintenance comprises the incident after the association analysis that generates.
7. method as claimed in claim 6 is characterized in that:
Safeguard described state queue, comprise and revising in the described state queue, judge whether the state of described state node arrives a state threshold, generate incident after the described association analysis during arrival by the state information of the state node on the coupling.
8. method as claimed in claim 6 is characterized in that:
Described rule model is stored in tree-like mode.
9. method as claimed in claim 6 is characterized in that, this method further comprises:
Described rule model is managed, store after the editing data during with described management is packaged into storage format, and be written into described rule model again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100850378A CN101902336B (en) | 2009-05-27 | 2009-05-27 | Rule model-based security event correlation analysis system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100850378A CN101902336B (en) | 2009-05-27 | 2009-05-27 | Rule model-based security event correlation analysis system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101902336A true CN101902336A (en) | 2010-12-01 |
CN101902336B CN101902336B (en) | 2012-07-18 |
Family
ID=43227559
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009100850378A Expired - Fee Related CN101902336B (en) | 2009-05-27 | 2009-05-27 | Rule model-based security event correlation analysis system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101902336B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571469A (en) * | 2010-12-23 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Attack detecting method and device |
CN102724071A (en) * | 2012-06-19 | 2012-10-10 | 国网电力科学研究院 | Method and system for power communication failure early warning analysis based on network model and rule models |
CN102790981A (en) * | 2012-06-29 | 2012-11-21 | 石化盈科信息技术有限责任公司 | Real-time warning method under space-time dynamic mode of sensor network |
CN104731800A (en) * | 2013-12-20 | 2015-06-24 | ***股份有限公司 | Data analysis device |
CN104811452A (en) * | 2015-04-30 | 2015-07-29 | 北京科技大学 | Data mining based intrusion detection system with self-learning and classified early warning functions |
CN105184156A (en) * | 2015-06-26 | 2015-12-23 | 北京神州绿盟信息安全科技股份有限公司 | Security threat management method and system |
CN108243060A (en) * | 2017-01-19 | 2018-07-03 | 上海直真君智科技有限公司 | A kind of network security alarm risk determination method presorted based on big data |
CN110855676A (en) * | 2019-11-15 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Network attack processing method and device and storage medium |
CN111505416A (en) * | 2020-04-26 | 2020-08-07 | 伟宸科技(武汉)有限公司 | Comprehensive automatic test system for transformer substation |
CN111666270A (en) * | 2020-06-03 | 2020-09-15 | 北京软通智慧城市科技有限公司 | Event analysis system and event analysis method |
CN112688956A (en) * | 2020-12-29 | 2021-04-20 | 成都科来网络技术有限公司 | Real-time safety detection method and system based on association rule |
CN113765915A (en) * | 2021-09-06 | 2021-12-07 | 杭州安恒信息技术股份有限公司 | Network event analysis method, system, readable storage medium and computer equipment |
CN115632884A (en) * | 2022-12-21 | 2023-01-20 | 徐工汉云技术股份有限公司 | Network security situation perception method and system based on event analysis |
CN116226125A (en) * | 2023-02-07 | 2023-06-06 | 中国水利水电科学研究院 | Method and system for expressing industrial alarm information based on state association rule |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100571267C (en) * | 2005-10-31 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of method for associating general multiple protocols |
CN101383694A (en) * | 2007-09-03 | 2009-03-11 | 电子科技大学 | Defense method and system rejecting service attack based on data mining technology |
-
2009
- 2009-05-27 CN CN2009100850378A patent/CN101902336B/en not_active Expired - Fee Related
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571469A (en) * | 2010-12-23 | 2012-07-11 | 北京启明星辰信息技术股份有限公司 | Attack detecting method and device |
CN102724071A (en) * | 2012-06-19 | 2012-10-10 | 国网电力科学研究院 | Method and system for power communication failure early warning analysis based on network model and rule models |
CN102724071B (en) * | 2012-06-19 | 2015-12-16 | 国网电力科学研究院 | The power communication fault pre-alarming analytical method of model Sum fanction model Network Based and system thereof |
CN102790981A (en) * | 2012-06-29 | 2012-11-21 | 石化盈科信息技术有限责任公司 | Real-time warning method under space-time dynamic mode of sensor network |
CN102790981B (en) * | 2012-06-29 | 2015-04-22 | 石化盈科信息技术有限责任公司 | Real-time warning method under space-time dynamic mode of sensor network |
CN104731800B (en) * | 2013-12-20 | 2018-10-23 | ***股份有限公司 | Data analysis set-up |
CN104731800A (en) * | 2013-12-20 | 2015-06-24 | ***股份有限公司 | Data analysis device |
CN104811452A (en) * | 2015-04-30 | 2015-07-29 | 北京科技大学 | Data mining based intrusion detection system with self-learning and classified early warning functions |
CN105184156B (en) * | 2015-06-26 | 2018-01-12 | 北京神州绿盟信息安全科技股份有限公司 | A kind of security threat management method and system |
CN105184156A (en) * | 2015-06-26 | 2015-12-23 | 北京神州绿盟信息安全科技股份有限公司 | Security threat management method and system |
CN108243060A (en) * | 2017-01-19 | 2018-07-03 | 上海直真君智科技有限公司 | A kind of network security alarm risk determination method presorted based on big data |
CN110855676A (en) * | 2019-11-15 | 2020-02-28 | 腾讯科技(深圳)有限公司 | Network attack processing method and device and storage medium |
CN111505416B (en) * | 2020-04-26 | 2023-02-28 | 伟宸科技(武汉)有限公司 | Comprehensive automatic test system for transformer substation |
CN111505416A (en) * | 2020-04-26 | 2020-08-07 | 伟宸科技(武汉)有限公司 | Comprehensive automatic test system for transformer substation |
CN111666270A (en) * | 2020-06-03 | 2020-09-15 | 北京软通智慧城市科技有限公司 | Event analysis system and event analysis method |
CN112688956A (en) * | 2020-12-29 | 2021-04-20 | 成都科来网络技术有限公司 | Real-time safety detection method and system based on association rule |
CN112688956B (en) * | 2020-12-29 | 2023-04-28 | 科来网络技术股份有限公司 | Real-time security detection method and system based on association rule |
CN113765915A (en) * | 2021-09-06 | 2021-12-07 | 杭州安恒信息技术股份有限公司 | Network event analysis method, system, readable storage medium and computer equipment |
CN113765915B (en) * | 2021-09-06 | 2023-04-21 | 杭州安恒信息技术股份有限公司 | Network event analysis method, system, readable storage medium and computer device |
CN115632884A (en) * | 2022-12-21 | 2023-01-20 | 徐工汉云技术股份有限公司 | Network security situation perception method and system based on event analysis |
CN116226125A (en) * | 2023-02-07 | 2023-06-06 | 中国水利水电科学研究院 | Method and system for expressing industrial alarm information based on state association rule |
Also Published As
Publication number | Publication date |
---|---|
CN101902336B (en) | 2012-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101902336B (en) | Rule model-based security event correlation analysis system and method | |
WO2020062211A1 (en) | Method and system for mimicry storage tamper-proof log fused with blockchain technology | |
CN112468472A (en) | Security policy self-feedback method based on security log association analysis | |
CN110278211A (en) | A kind of data checking method and device based on block chain | |
US11699116B2 (en) | System and method for custom security predictive methods | |
JP2016533564A (en) | An event model that correlates the state of system components | |
CN108804613A (en) | A kind of Various database real time fusion system and its fusion method | |
CN106453417A (en) | Network attack target prediction method based on neighbor similarity | |
WO2015044155A1 (en) | Method, apparatus, and computer program product for data quality analysis | |
CN110545276A (en) | threat event warning method and device, warning equipment and machine-readable storage medium | |
US9794278B1 (en) | Network-based whitelisting approach for critical systems | |
CN108183897B (en) | Safety risk assessment method for information physical fusion system | |
CN105117315A (en) | CEP-based alarm processing system and method | |
US10163060B2 (en) | Hierarchical probability model generation system, hierarchical probability model generation method, and program | |
CN113132392A (en) | Industrial control network flow abnormity detection method, device and system | |
Wirz et al. | Design and development of a cloud-based ids using apache KAFKA and spark streaming | |
Gao et al. | Querying streaming system monitoring data for enterprise system anomaly detection | |
CN109873980A (en) | Video monitoring method, device and terminal device | |
CN109255238B (en) | Terminal threat detection and response method and engine | |
CN115809179A (en) | Alarm method, system, equipment and storage medium based on application performance data | |
US10909242B2 (en) | System and method for detecting security risks in a computer system | |
Wu et al. | An Intelligent Security Detection and Response Scheme Based on SBOM for Securing IoT Terminal devices | |
Pavlikov et al. | Architecture and security tools in distributed information systems with Big Data | |
Zhuang et al. | Applying data fusion in collaborative alerts correlation | |
CN1549116A (en) | Alarm signal processing method based on information queue |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120718 Termination date: 20180527 |