[go: up one dir, main page]

CN114039747B - DDOS data retransmission attack prevention method, device, equipment and storage medium - Google Patents

DDOS data retransmission attack prevention method, device, equipment and storage medium Download PDF

Info

Publication number
CN114039747B
CN114039747B CN202111228917.3A CN202111228917A CN114039747B CN 114039747 B CN114039747 B CN 114039747B CN 202111228917 A CN202111228917 A CN 202111228917A CN 114039747 B CN114039747 B CN 114039747B
Authority
CN
China
Prior art keywords
message
dyeing
mark
sent
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111228917.3A
Other languages
Chinese (zh)
Other versions
CN114039747A (en
Inventor
丁毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN202111228917.3A priority Critical patent/CN114039747B/en
Publication of CN114039747A publication Critical patent/CN114039747A/en
Application granted granted Critical
Publication of CN114039747B publication Critical patent/CN114039747B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Color Image Communication Systems (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)
  • Sewing Machines And Sewing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a DDOS data retransmission attack prevention method, a device, equipment and a readable storage medium, wherein a socket object corresponding to a suspicious message is enabled to enter an emergency control state and a dyeing sub-state by identifying the suspicious message; carrying out dyeing marking on a message to be sent according to socket objects entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message; and determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message. By enabling the socket object to enter an emergency control state and a dyeing sub-state, effective anti-attack processing is carried out on an attack source, excessive computing resources are avoided, and service safety is improved.

Description

DDOS data retransmission attack prevention method, device, equipment and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for preventing DDOS data retransmission attack.
Background
The distributed denial of service attack (Distribution Denial of Service DDOS) is generally initiated by combining a plurality of client hosts as an attack platform in a centralized manner for one server, as shown in fig. 1, since DDOS attack initiators often use huge amounts of operated client software to initiate burst cluster attacks at appointed time ends, the legal hosts initiate retransmission of confirm characters (Acknowledgement ACK) like synchronization sequence numbers (Synchronize Sequence Numbers SYN) or common data, and since related messages are all legal messages, the existing firewall or anti-attack software is difficult to effectively identify the authenticity of the attack, not only cannot play the effect of safety protection, but also cause a great amount of computing resource consumption.
Disclosure of Invention
The application provides a DDOS data retransmission attack prevention method, device, equipment and readable storage medium, which are used for solving the problems that the conventional firewall or attack prevention software is difficult to effectively identify the authenticity of attack, the effect of safety protection cannot be achieved, and a large amount of computing resources are consumed.
In order to achieve the above object, an embodiment of the present invention provides a method for preventing DDOS data retransmission attack, the method including the following steps:
identifying suspicious messages, and enabling socket objects corresponding to the suspicious messages to enter an emergency control state and a dyeing sub-state;
carrying out dyeing marking on a message to be sent according to socket objects entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message;
and determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message.
In order to achieve the above object, an embodiment of the present invention further provides a DDOS data retransmission attack prevention device, where the DDOS data retransmission attack prevention device includes:
the identification module is used for identifying the suspicious message and enabling a socket object corresponding to the suspicious message to enter an emergency control state and a dyeing sub-state;
The generation module is used for carrying out dyeing marking on the message to be sent according to the socket object entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message;
and the determining module is used for determining an attack message according to the dyeing mark message and implementing a black hole strategy on the attack message.
To achieve the above object, an embodiment of the present invention further provides a computer device, where the computer device includes a processor, a memory, and a computer program stored on the memory and executable by the processor, where the computer program when executed by the processor implements the steps of the DDOS data retransmission attack prevention method described above.
To achieve the above object, an embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored on the computer readable storage medium, where the computer program when executed by a processor implements the steps of the DDOS data retransmission attack prevention method described above.
The application discloses a DDOS data retransmission attack prevention method, a device, equipment and a readable storage medium, wherein a socket object corresponding to a suspicious message is enabled to enter an emergency control state and a dyeing sub-state by identifying the suspicious message; carrying out dyeing marking on a message to be sent according to socket objects entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message; and determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message. By enabling the socket object to enter an emergency control state and a dyeing sub-state, effective anti-attack processing is carried out on an attack source, excessive computing resources are avoided, and service safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic scene diagram of a DDOS data retransmission attack principle provided in an embodiment of the present application;
fig. 2 is a schematic flow chart of a method for preventing DDOS data retransmission attack according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating the substeps of the method for preventing DDOS data retransmission attack in FIG. 2;
FIG. 4 is a schematic view of an urgent mark of the urgent agent provided in the embodiment of the present application;
FIG. 5 is a schematic diagram of a data byte label of a urgent pointer according to an embodiment of the present application;
FIG. 6 is a diagram of urgent data bytes pointed to by urgent pointers according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a staining data format provided in an embodiment of the present application;
fig. 8 is a flow chart of another method for preventing DDOS data retransmission attack according to an embodiment of the present application;
fig. 9 is a schematic block diagram of a DDOS data retransmission attack prevention device provided in an embodiment of the present application;
Fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
The embodiment of the application provides a DDOS data retransmission attack prevention method, a DDOS data retransmission attack prevention device, computer equipment and a computer readable storage medium. The DDOS data retransmission attack prevention method can be applied to computer equipment, and the computer equipment can be electronic equipment such as a server.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
Referring to fig. 2, fig. 2 is a schematic flowchart of a method for preventing DDOS data retransmission attack according to an embodiment of the present application.
As shown in fig. 2, the present embodiment provides a method for preventing DDOS data retransmission attack, which includes the following steps:
step S101: and identifying suspicious messages, and enabling socket objects corresponding to the suspicious messages to enter an emergency control state and a dyeing sub-state.
The method comprises the steps of receiving a message sent by a client, identifying the message, and if the message is identified as a suspicious message, acquiring a first preset contract, wherein a socket object corresponding to the suspicious message enters an emergency control state and a dyeing sub-state through the first preset contract. The method for identifying the message comprises the steps of identifying attribute information of the message, and determining the message as a suspicious message if the attribute information is not preset attribute information; or, identifying the link information of the message, if the link information of the message is not preset link information, determining the message as suspicious message.
When the message is identified as suspicious, a first preset contract is acquired, and a socket object corresponding to the suspicious message is enabled to enter an emergency control state and a dyeing sub-state through the first preset contract. The message is carried out in a socket session between the server and the client, the first preset convention is to set a socket object in advance, and when the suspicious message is identified, the socket object enters an emergency control state and a dyeing sub-state. For example, when a suspicious message is identified, a socket object corresponding to the suspicious message is marked urgently through a first preset convention, so that the socket object enters an emergency control state, and when the socket object enters the emergency control state, whether a dyeing sub-state needs to be entered is determined. And when the situation that the socket object needs to enter the dyeing sub-state is determined, performing dyeing marking on the socket object, enabling the socket object to enter the dyeing sub-state, and recording dyeing information of the dyeing mark, wherein the dyeing information comprises the dyeing mark and data information corresponding to the dyeing mark, and the emergency mark and the dyeing mark comprise color marks or data marks and the like.
Socket is a Socket, which is an abstraction of endpoints that perform bi-directional communication between application processes on different hosts in a network. One socket is the end of the network where processes communicate, providing a mechanism for application layer processes to exchange data using network protocols. In terms of the position, the socket is connected with the application process in an upper mode, and the socket is connected with the network protocol stack in a lower mode, so that the socket is an interface for the application program to communicate through the network protocol, and is an interface for the application program to interact with the network protocol root.
Specifically, a message sent by a client is received, and ACK ID information carried by the message is identified; determining whether the message is a retransmission data message in a preset sampling period according to the ACK ID information; if the message is determined to be a retransmission data message, the message is determined to be a suspicious message.
Exemplary, the message sent by the client is received, the ACK ID information carried by the message is identified, and the message sent by the client carries the ACK ID information, so that the message sent by the client is also carried with the ACK ID information. In an embodiment, a message sent to a client is preset to carry ACK ID information, where the ACK ID information is preset sequence information, and the sequence information includes, for example, 0x5A0xB50x5C0x5D.
And after the ACK ID information is acquired, determining whether the message retransmits the data in a preset sampling period or not according to the ACK ID information. In an embodiment, the ACK ID information is preset sequence information, a preset sampling period is 3 periods, a message that is continuously sent by a Socket object corresponding to the message three times is obtained, or a message that is continuously sent is obtained, sequence information in each message is obtained, and if the sequence information is the preset sequence information, the current message is determined to be a retransmission data message. If the sequence information is not the preset sequence information, determining that the current message is not the retransmission data message. For example, if the sequence information of the message which is continuously or intermittently sent is obtained to be 0x5A0xB50x5C, determining that the message is a retransmission data message; if the sequence information of the message which is continuously or intermittently sent is obtained to be 0x5A0xB50x5D, determining that the message is not a retransmission data message.
And determining that the message is a retransmission data message at the server, wherein the retransmission data message is a high frequency which is received from the client for a plurality of times continuously and accords with the preset period convention, taking the retransmission data message as a suspicious message, and monitoring the socket object.
Step S102: and carrying out dyeing marking on the message to be sent according to the socket object entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message.
When the message is identified as suspicious, a first preset contract is acquired, and a socket object corresponding to the suspicious message is enabled to enter an emergency control state and a dyeing sub-state through the first preset contract. The message is carried out in a socket session between the server and the client, the first preset convention is to set a socket object in advance, and when the suspicious message is identified, the socket object enters an emergency control state and a dyeing sub-state.
The socket object after entering the emergency control state performs emergency marking on the message to be sent, for example, urgent marking is performed on the message to be sent as shown in fig. 4, urgent marking is a universal marking, and urgent data transmitted by conventional TCP protocol standard contract is distinguished. The manner of marking is shown in FIG. 5, and marks the data bytes of the TCP header pointer.
When it is determined that the socket object enters the emergency control state, the socket object enters a dyeing sub-state through a first preset, and a message to be sent is dyed through the socket object entering the dyeing sub-state, for example, as shown in fig. 6, the message to be sent is expanded, and an emergency data area is obtained. By defining the dyeing data format within the urgent data area in the urgent data byte of the previous byte pointed to by the urgent pointer as shown in fig. 5. As shown in fig. 7, the dyeing data format is 8 bits, and the dyeing data format includes a control code and a dyeing code, wherein the first three bits of the 8 bits are the control code, and the last five bits are the dyeing code. For example, the dyeing data format is 01011101, wherein 010 is a control code and 11101 is a dyeing code.
In one embodiment, referring specifically to fig. 3, step S102 includes: substep S1021 to substep S1024.
S1021, performing emergency marking on the first message to be sent through a first socket object entering the emergency control state and the dyeing sub-state;
the socket object includes a first socket object, the message to be sent includes a first message to be sent, the first socket object is located at the server, and the first message to be sent is a message of the server sending client. When it is determined that the first socket object enters an emergency control state, whether dyeing is required or not is determined through the emergency mark. For example, the emergency mark comprises a first emergency mark and a second emergency mark, and when the emergency mark is the first emergency mark, the first message to be sent is determined to be required to be dyed; when the emergency mark is a second emergency mark, the first message to be sent is determined not to be dyed. And when determining that the first message to be sent needs to be dyed, carrying out emergency marking on the first message to be sent. In an embodiment, when the urgent flag is urgent flag as urgent flag shown in fig. 4, urgent flag is universal flag, and urgent data transmitted by conventional TCP protocol standard contract is distinguished. The first message to be sent is marked by the urgent pointer in the manner shown in fig. 5, and the data bytes of the urgent pointer of the TCP header are marked.
And step 1022, expanding an emergency data area for the first message to be sent, and generating the first dyeing mark message corresponding to the first message to be sent, wherein the emergency data area comprises a control code and a dyeing code.
After the first message to be sent is marked in an emergency mode, an emergency data area is expanded for the first message to be sent, and dyeing is carried out on the emergency data area. For example, as shown in fig. 6, the first message to be sent is expanded to obtain an urgent data area. By defining the dyeing data format within the urgent data area in the urgent data byte of the previous byte pointed to by the urgent pointer as shown in fig. 5. As shown in fig. 4, the dyeing data format is 8 bits, and the dyeing data format includes a control code and a dyeing code, wherein the first three bits of the 8 bits are the control code, and the last five bits are the dyeing code. For example, the dyeing data format is 01011101, wherein 010 is a control code and 11101 is a dyeing code. And generating a first dyeing mark message corresponding to the first message to be sent by expanding an emergency data area of the first message to be sent.
Step S1023, the first dyeing mark message is sent to a client, so that a second socket object of the client reads the emergency mark in the first dyeing mark message and enters the emergency controlled state and the dyeing sub-state.
The socket object includes a second socket object, where the second socket object is located at the client. The dyeing mark message comprises a first dyeing mark message, and when the generated first dyeing mark message is obtained, the first dyeing mark message is sent to the client through a socket session. When the client receives the first dyeing mark message, the client acquires an emergency mark in the first dyeing mark message, and the second socket object enters an emergency control state through the emergency mark. When the second socket object enters an emergency control state, a control code in an emergency control area in the first dyeing marking message is acquired, and whether the second socket object is enabled to enter dyeing is determined through the control code. For example, the control code is obtained, the control code is compared with the preset control code, and the mark information corresponding to the preset target control code in the preset control code corresponding to the control code is obtained. For example, as shown in table one below:
sequence number Emergency control code (binary system) Meaning of
1 000 Reservation of
2 001 Dyeing enabling
3 010 Reservation of
4 011 Reservation of
5 100 Reservation of
6 101 Reservation of
7 110 Reservation of
8 111 Reservation of
And when the acquired control code is 001, determining that the second socket object is enabled to be dyed. And determining that the second socket object is enabled to be dyed, so that the second socket object enters a dyeing sub-state. For example, when determining that the second socket object is enabled to be dyed, setting the socket session through preset setting, so that the second socket object enters a dyeing sub-state.
And step 1024, receiving the second dyeing mark message generated after the second socket object entering the emergency controlled state and the dyeing sub-state performs dyeing mark on the second message to be sent.
The dyeing mark message comprises a second dyeing mark message, and the message to be sent comprises a second message to be sent. And when the second socket object enters an emergency control state and a dyeing sub-state, acquiring and recording dyeing code information in an emergency data area of the first dyeing mark message, wherein the dyeing code information comprises a control code and a dyeing code, and correlating the acquired dyeing code information with the second socket object.
And when determining that the second message to be sent needs to be sent to the server, determining whether the mark of the second message to be sent is controlled. For example, when the second message to be sent is detected to enter the SCK, it is determined that the second message to be sent needs to be sent to the server. And when determining that the second message to be sent needs to be sent to the server, marking the second message to be sent. Detecting whether the mark of the second message to be sent is an emergency mark, and writing the emergency mark when the second message to be sent is determined to be the emergency message. For example, when the second message to be sent is determined to be an Urgent flag, the merge flag is written. And expanding an emergency data area in the second message to be sent, and writing the dyeing code information acquired before in the emergency data area, wherein the dyeing code information comprises a control code and a dyeing code.
Step S103: and determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message.
Exemplary, when the receiving client sends the second dyeing mark message through the socket session by using the second socket object, determining the attack message through the second dyeing mark message, and implementing the black hole policy on the determined attack message. For example, when a second dyeing mark message is received, checking the second dyeing message, obtaining dyeing information in the second dyeing mark message, and determining whether the dyeing information is preset dyeing information; if the dyeing information is not preset dyeing information, determining that the second dyeing mark message is an attack message; if the dyeing information is preset dyeing information, determining that the second dyeing mark message is not an attack message. And discarding the second dyeing mark message when the second dyeing mark message is determined to be an attack message.
Specifically, the dyeing mark message includes a second dyeing mark message, and the determining the attack message according to the dyeing mark message includes: and verifying the second dyeing mark message according to a preset verification strategy, and determining the second dyeing mark message as an attack message.
The method includes the steps that a preset verification strategy is obtained after a second dyeing mark message sent by a client is received, the second dyeing mark message is verified through the preset verification strategy, and the second dyeing mark message is determined to be an attack message. In an embodiment, obtaining dyeing information of the second dyeing mark message, and verifying the dyeing information through the preset verification strategy to determine whether the dyeing information meets a preset dyeing rule; if the dyeing information meets the preset dyeing rule, determining that the second dyeing mark message is not an attack message; and if the second dyeing mark message is determined to not meet the preset dyeing rule, determining that the second dyeing mark message is an attack message.
In the embodiment of the application, a suspicious message is identified, so that a first socket object corresponding to the suspicious message enters an emergency control state and a dyeing sub-state, a first message to be sent is subjected to dyeing marking through the first socket object entering the emergency control state and the dyeing sub-state, a corresponding first dyeing marking message is generated, the first dyeing marking message is sent to a client, so that a second socket object of the client enters the emergency control state and the human dyeing sub-state, dyeing marking is carried out on a second message to be sent, a second dyeing marking message is generated, an attack message is determined according to the received second dyeing marking message, and a black hole strategy is implemented on the attack message. Therefore, effective attack prevention processing is carried out on the attack source, excessive computing resources are avoided being consumed, and service safety is improved.
Referring to fig. 8, fig. 8 is a schematic flow chart of another method for preventing DDOS data retransmission attack according to an embodiment of the present application.
Step 201, detecting whether the second dyeing mark message is a dyeing enabling message.
Exemplary, when receiving the second dyeing mark message sent by the client, it is detected whether the second dyeing mark is a dyeing enabling message. In an embodiment, a control code in an emergency data area of a message to be dyed with a second mark is obtained, and whether the second mark is a dyeing enabling message is determined by the control code. For example, as shown in table one below:
sequence number Control code (binary system) Meaning of
1 000 Reservation of
2 001 Dyeing enabling
3 010 Reservation of
4 011 Reservation of
5 100 Reservation of
6 101 Reservation of
7 110 Reservation of
8 111 Reservation of
When the control code is 000, determining that the second dyeing mark message is not a dyeing enabling message through preset information; when the control code is 001, determining that the second dyeing mark message is a dyeing enabling message through preset information.
Step S202, if the second dyeing mark message is determined to be a dyeing enabling message, dyeing information of the second dyeing mark message and dyeing information of the first dyeing mark message are respectively obtained.
Exemplary, when the acquired control code is a preset control code, the second dyeing mark message is determined to be a dyeing enabling message. And when the second dyeing mark message is determined to be a dyeing enabling message, respectively acquiring dyeing information from an emergency data area in the first dyeing mark message and acquiring dyeing information from the emergency data area of the second dyeing mark message, wherein the dyeing information comprises a control code and a dyeing code.
Step S203, determining whether the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message.
For example, when the dyeing information is acquired from the urgent data area in the first dyeing mark text and the dyeing information is acquired from the urgent data area in the second dyeing mark message, the dyeing information in the urgent data area in the first dyeing mark text is compared with the dyeing information in the urgent data area in the second dyeing mark message. In an embodiment, the control code of the dyeing information packet and the dyeing code compare the control code in the urgent data area of the first dyeing mark message with the control code in the urgent data area of the second dyeing mark message; or comparing the dyeing code in the emergency data area of the first dyeing mark message with the dyeing code in the emergency data area of the second dyeing mark message; or comparing the control code in the emergency data area of the first dyeing mark message with the control code in the emergency data area of the second dyeing mark message, and comparing the dyeing code in the emergency data area of the first dyeing mark message with the dyeing code in the emergency data area of the second dyeing mark message.
Step S204, if the dyeing information of the second dyeing mark message is inconsistent with the dyeing information of the first dyeing mark message, determining that the second dyeing mark message is an attack message.
Exemplary, if it is determined that the dyeing information in the urgent data area of the second dyeing mark message is inconsistent with the dyeing information in the first dyeing mark message, determining that the second dyeing mark message is an attack message. In an embodiment, if the control code in the urgent data area of the first dyeing mark message is inconsistent with the control code in the urgent data area of the second dyeing mark message, determining that the second dyeing mark message is an attack message. For example, when the dyeing information in the emergency data area of the first dyeing mark message is 00111010 and the dyeing information in the emergency data area of the first dyeing mark message is 01111010, if the control code 001 of the first dyeing mark message is inconsistent with 011 of the second dyeing mark message, the second dyeing mark message is determined to be an attack message.
Or determining that the dyeing code in the emergency data area of the first dyeing mark message is inconsistent with the dyeing code in the emergency data area of the second dyeing mark message, and determining that the second dyeing mark message is an attack message. In an embodiment, when the dyeing information in the emergency data area of the obtained first dyeing mark message is 00111010, the dyeing information in the emergency data area of the first dyeing mark message is 00111011, and the control code 11010 of the first dyeing mark message is inconsistent with the control code 11011 of the second dyeing mark message, the second dyeing mark message is determined to be an attack message.
Or the control code in the emergency data area of the first dyeing mark message is inconsistent with the control code in the emergency data area of the second dyeing mark message, and the dyeing code in the emergency data area of the first dyeing mark message is inconsistent with the dyeing code in the emergency data area of the second dyeing mark message. In an embodiment, when the dyeing information in the emergency data area of the obtained first dyeing mark message is 00111010, the dyeing information in the emergency data area of the first dyeing mark message is 01111011, the control code 001 of the first dyeing mark message is inconsistent with 011 in the second dyeing mark message, and the control code 11010 of the first dyeing mark message is inconsistent with 11011 in the second dyeing mark message, the second dyeing mark message is determined to be an attack message.
Step 205, if it is determined that the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message, determining whether the second dyeing mark message is a retransmission data message.
For example, when it is determined that the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message, it is determined whether the second dyeing mark is a retransmission data message. In an embodiment, ACK ID information of a second dyeing mark message is obtained, the ACK ID information is matched with ACK ID information of messages of other socket objects, and if the ACK ID information of the messages of the other socket objects is consistent with the ACK ID information of the second dyeing mark message, the second dyeing mark message is determined to be a retransmission data message.
Step S206, if it is determined that the second dyeing mark message is not a dyeing enabling message, detecting whether the first socket object receives a correct dyeing code.
For example, in determining that the second dyeing flag message is not a dyeing enable message, it is detected whether the first socket object receives a correct dyeing code. For example, in determining that the second staining flag message is not a staining enabling message, by detecting whether the object to be first socket receives the correct staining code.
Step S207, if the first socket object receives the correct dyeing code, determining that the second dyeing mark message is an attack message.
Exemplary, when it is determined that the first socket object receives the correct dyeing code, the second dyeing mark message is determined to be an attack message. And discarding the second dyeing mark message when the second dyeing mark message is determined to be an attack message, and not receiving the second dyeing mark message.
Step S208, if the first socket object does not receive the correct dyeing code, determining whether the second dyeing mark message is a retransmission data message.
In an exemplary embodiment, after determining that the first socket object does not receive the correct dyeing code, it is determined whether the second dyeing flag message is a retransmission data message. In an embodiment, ACK ID information of a second dyeing mark message is obtained, the ACK ID information is matched with ACK ID information of messages of other socket objects, and if the ACK ID information of the messages of the other socket objects is consistent with the ACK ID information of the second dyeing mark message, the second dyeing mark message is determined to be a retransmission data message.
Step S209, if the second dyeing mark message is determined to be a retransmission data message, determining that the second dyeing mark message is an attack message.
Exemplary, when the second dyeing mark message is determined to be a retransmission data message, the second dyeing mark message is determined to be an attack message. And discarding the second dyeing mark message when the second dyeing mark message is determined to be an attack message, and not receiving the second dyeing mark message.
In the embodiment of the application, by determining whether the second dyeing mark message is a dyeing enabling message, when determining that the second dyeing mark message is a dyeing enabling message, determining whether the second dyeing mark message is a retransmission data message, and determining that the second dyeing mark message is an attack message by comparing the ACK ID sequences, and when determining that the retransmission data message is a retransmission data message, determining that the second dyeing mark message is an attack message. And when the second dyeing mark is determined not to be the dyeing enabling message, detecting whether the first socket object receives the correct dyeing code, and when the first socket object is determined to receive the correct dyeing code, determining that the second dyeing mark message is an attack message. And determining whether the second dyeing mark message is a retransmission data message or not when the socket object is determined to not receive the correct dyeing code, and determining that the second dyeing mark message is an attack message when the second dyeing mark message is determined to be the retransmission data message. And the second dyeing mark message is checked by a plurality of check modes in a preset check strategy, and an attack message is accurately detected, so that DOSS attack is avoided, and the service safety is improved.
Referring to fig. 9, fig. 9 is a schematic block diagram of a DDOS data retransmission attack prevention device according to an embodiment of the present application.
As shown in fig. 9, the DDOS data retransmission attack prevention apparatus 300 includes: an identification module 301, a generation module 302, a determination module 303.
The identifying module 301 is configured to identify a suspicious packet, so that a socket object corresponding to the suspicious packet enters an emergency control state and a dyeing sub-state;
the generating module 302 is configured to perform a dyeing marking on a message to be sent according to a socket object entering the emergency control state and the dyeing sub-state, and generate a dyeing marking message;
and the determining module 303 is configured to determine an attack packet according to the dyeing mark packet, and implement a black hole policy on the attack packet.
The generating module 302 is specifically further configured to:
the first message to be sent is subjected to emergency marking through a first socket object entering the emergency control state and the dyeing sub-state;
and expanding an emergency data area for the first message to be sent, and generating the first dyeing mark message corresponding to the first message to be sent, wherein the emergency data area comprises a control code and a dyeing code.
The DDOS data retransmission attack prevention device 300 is specifically further configured to:
The first dyeing mark message is sent to a client so that a second socket object of the client reads the emergency mark in the first dyeing mark message and enters the emergency controlled state and the dyeing sub-state;
and receiving the second dyeing mark message generated after the second socket object entering the emergency controlled state and the dyeing sub-state performs dyeing marking on the second message to be sent.
The determining module 303 is specifically further configured to:
and verifying the second dyeing mark message according to a preset verification strategy, and determining the second dyeing mark message as an attack message.
The determining module 303 is specifically further configured to:
detecting whether the second dyeing mark message is a dyeing enabling message;
if the second dyeing mark message is determined to be a dyeing enabling message, respectively acquiring the dyeing information of the second dyeing mark message and the dyeing information of the first dyeing mark message;
determining whether the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message;
if the dyeing information of the second dyeing mark message is inconsistent with the dyeing information of the first dyeing mark message, determining that the second dyeing mark message is an attack message;
If the dyeing information is consistent with the dyeing information of the first dyeing mark message, determining whether the second dyeing mark message is a retransmission data message or not;
and if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
The determining module 303 is specifically further configured to:
if the second dyeing mark message is not the dyeing enabling message, detecting whether the first socket object receives a correct dyeing code or not;
if the first socket object receives the correct dyeing code, determining the second dyeing mark message as an attack message;
if the first socket object does not receive the correct dyeing code, determining whether the second dyeing mark message is a retransmission data message or not;
and if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
The DDOS data retransmission attack prevention device is specifically further used for:
it should be noted that, for convenience and brevity of description, the specific working process of the above-described apparatus and each module and unit may refer to the corresponding process in the foregoing embodiment of the DDOS data retransmission attack prevention method, which is not described herein again.
The apparatus provided by the above embodiments may be implemented in the form of a computer program which may be run on a computer device as shown in fig. 10.
Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device may be a terminal.
As shown in fig. 10, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a non-volatile storage medium and an internal memory.
The non-volatile storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause the processor to perform any one of a number of DDOS data retransmission attack prevention methods.
The processor is used to provide computing and control capabilities to support the operation of the entire computer device.
The internal memory provides an environment for the execution of a computer program in a non-volatile storage medium that, when executed by a processor, causes the processor to perform any one of the methods of preventing DDOS data retransmission attacks.
The network interface is used for network communication such as transmitting assigned tasks and the like. It will be appreciated by those skilled in the art that the structure shown in fig. 10 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field-programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein in one embodiment the processor is configured to run a computer program stored in the memory to implement the steps of:
identifying suspicious messages, and enabling socket objects corresponding to the suspicious messages to enter an emergency control state and a dyeing sub-state;
carrying out dyeing marking on a message to be sent according to socket objects entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message;
and determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message.
In one embodiment, the processor socket object includes a first socket object, the message to be sent includes a first message to be sent, the dyeing mark message includes a first dyeing mark message, and when the message to be sent is dyed and marked according to the socket object entering the emergency control state and the dyeing sub-state, the dyeing mark message is generated, the method is used for implementing:
The first message to be sent is subjected to emergency marking through a first socket object entering the emergency control state and the dyeing sub-state;
and expanding an emergency data area for the first message to be sent, and generating the first dyeing mark message corresponding to the first message to be sent, wherein the emergency data area comprises a control code and a dyeing code.
In one embodiment, the processor socket object includes a second socket object, the message to be sent includes a second message to be sent, the dyeing mark message includes a second dyeing mark message, and when the first dyeing mark message corresponding to the first message to be sent is generated and then implemented, the method is used for implementing:
the first dyeing mark message is sent to a client so that a second socket object of the client reads the emergency mark in the first dyeing mark message and enters the emergency controlled state and the dyeing sub-state;
and receiving the second dyeing mark message generated after the second socket object entering the emergency controlled state and the dyeing sub-state performs dyeing marking on the second message to be sent.
In one embodiment, the processor dye flag message includes a second dye flag message, and when the attack message implementation is determined according to the dye flag message, the processor dye flag message is used for implementing:
and verifying the second dyeing mark message according to a preset verification strategy, and determining the second dyeing mark message as an attack message.
In one embodiment, the processor dye mark message includes a first dye mark message, and when the second dye mark message is verified according to a preset verification policy and it is determined that the second dye mark message is implemented as an attack message, the processor dye mark message is used to implement:
detecting whether the second dyeing mark message is a dyeing enabling message;
if the second dyeing mark message is determined to be a dyeing enabling message, respectively acquiring the dyeing information of the second dyeing mark message and the dyeing information of the first dyeing mark message;
determining whether the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message;
if the dyeing information of the second dyeing mark message is inconsistent with the dyeing information of the first dyeing mark message, determining that the second dyeing mark message is an attack message;
If the dyeing information is consistent with the dyeing information of the first dyeing mark message, determining whether the second dyeing mark message is a retransmission data message or not;
and if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
In an embodiment, the processor is configured to, when the socket object includes a first socket object and the detecting whether the second dyeing flag packet is implemented after the dyeing enable packet is implemented, implement:
if the second dyeing mark message is not the dyeing enabling message, detecting whether the first socket object receives a correct dyeing code or not;
if the first socket object receives the correct dyeing code, determining the second dyeing mark message as an attack message;
if the first socket object does not receive the correct dyeing code, determining whether the second dyeing mark message is a retransmission data message or not;
and if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
In one embodiment, when the processor identifies a suspicious message implementation, the processor is configured to implement:
Receiving a message sent by a client, and identifying ACK ID information carried by the message;
determining whether the message is a retransmission data message in a preset sampling period according to the ACK ID information;
if the message is determined to be a retransmission data message, the message is determined to be a suspicious message.
Embodiments of the present application further provide a computer readable storage medium, where a computer program is stored, where the computer program includes program instructions, and a method implemented when the program instructions are executed may refer to various embodiments of the DDOS data retransmission attack prevention method of the present application.
The computer readable storage medium may be an internal storage unit of the computer device according to the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, which are provided on the computer device.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments. While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. The method for preventing DDOS data retransmission attack is characterized by being applied to a server side, and comprises the following steps:
identifying suspicious messages, and enabling socket objects corresponding to the suspicious messages to enter an emergency control state and a dyeing sub-state;
carrying out dyeing marking on a message to be sent according to socket objects entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message;
determining an attack message according to the dyeing mark message, and implementing a black hole strategy on the attack message;
the socket object comprises a first socket object, the message to be sent comprises a first message to be sent, the dyeing mark message comprises a first dyeing mark message, the message to be sent is dyed and marked according to the socket object entering the emergency control state and the dyeing sub-state, and the generation of the dyeing mark message comprises the following steps:
The first message to be sent is subjected to emergency marking through a first socket object entering the emergency control state and the dyeing sub-state;
expanding an emergency data area for the first message to be sent, and generating the first dyeing mark message corresponding to the first message to be sent, wherein the emergency data area comprises a control code and a dyeing code; the socket object comprises a second socket object, the message to be sent comprises a second message to be sent, the dyeing mark message comprises a second dyeing mark message, and after the first dyeing mark message corresponding to the first message to be sent is generated, the method further comprises the steps of:
the first dyeing mark message is sent to a client so that a second socket object of the client reads the emergency mark in the first dyeing mark message and enters the emergency control state and the dyeing sub-state;
and receiving the second dyeing mark message generated after the second socket object entering the emergency control state and the dyeing sub-state performs dyeing marking on the second message to be sent.
2. The method for preventing DDOS data retransmission attacks according to claim 1, wherein the dye-flag message includes a second dye-flag message, and the determining an attack message according to the dye-flag message includes:
And verifying the second dyeing mark message according to a preset verification strategy, and determining the second dyeing mark message as an attack message.
3. The method for preventing DDOS data retransmission attack according to claim 2, wherein the dyeing mark message includes a first dyeing mark message, the verifying the second dyeing mark message according to a preset verification policy, determining that the second dyeing mark message is an attack message, includes:
detecting whether the second dyeing mark message is a dyeing enabling message;
if the second dyeing mark message is determined to be a dyeing enabling message, respectively acquiring the dyeing information of the second dyeing mark message and the dyeing information of the first dyeing mark message;
determining whether the dyeing information of the second dyeing mark message is consistent with the dyeing information of the first dyeing mark message;
if the dyeing information of the second dyeing mark message is inconsistent with the dyeing information of the first dyeing mark message, determining that the second dyeing mark message is an attack message;
if the dyeing information is consistent with the dyeing information of the first dyeing mark message, determining whether the second dyeing mark message is a retransmission data message or not;
And if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
4. The method for preventing DDOS data retransmission attack according to claim 3, wherein the socket object includes a first socket object, and after detecting whether the second dyeing flag packet is a dyeing enable packet, further comprising:
if the second dyeing mark message is not the dyeing enabling message, detecting whether the first socket object receives a correct dyeing code or not;
if the first socket object receives the correct dyeing code, determining the second dyeing mark message as an attack message;
if the first socket object does not receive the correct dyeing code, determining whether the second dyeing mark message is a retransmission data message or not;
and if the second dyeing mark message is determined to be a retransmission data message, determining the second dyeing mark message as an attack message.
5. The method for preventing DDOS data retransmission attacks according to claim 1, wherein the identifying the suspicious packet comprises:
receiving a message sent by a client, and identifying ACK ID information carried by the message;
Determining whether the message is a retransmission data message in a preset sampling period according to the ACK ID information;
if the message is determined to be a retransmission data message, the message is determined to be a suspicious message.
6. A DDOS data retransmission attack prevention apparatus, comprising:
the identification module is used for identifying the suspicious message and enabling a socket object corresponding to the suspicious message to enter an emergency control state and a dyeing sub-state;
the generation module is used for carrying out dyeing marking on the message to be sent according to the socket object entering the emergency control state and the dyeing sub-state, and generating a dyeing marking message;
the determining module is used for determining an attack message according to the dyeing mark message and implementing a black hole strategy on the attack message;
the socket object comprises a first socket object, the message to be sent comprises a first message to be sent, the dyeing mark message comprises a first dyeing mark message, the message to be sent is dyed and marked according to the socket object entering the emergency control state and the dyeing sub-state, and the generation of the dyeing mark message comprises the following steps:
the first message to be sent is subjected to emergency marking through a first socket object entering the emergency control state and the dyeing sub-state;
Expanding an emergency data area for the first message to be sent, and generating the first dyeing mark message corresponding to the first message to be sent, wherein the emergency data area comprises a control code and a dyeing code; the socket object comprises a second socket object, the message to be sent comprises a second message to be sent, the dyeing mark message comprises a second dyeing mark message, and after the first dyeing mark message corresponding to the first message to be sent is generated, the method further comprises the steps of:
the first dyeing mark message is sent to a client so that a second socket object of the client reads the emergency mark in the first dyeing mark message and enters the emergency control state and the dyeing sub-state;
and receiving the second dyeing mark message generated after the second socket object entering the emergency control state and the dyeing sub-state performs dyeing marking on the second message to be sent.
7. A computer device comprising a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program when executed by the processor implements the steps of the DDOS data retransmission attack prevention method according to any of claims 1 to 5.
8. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, wherein the computer program, when executed by a processor, implements the steps of the DDOS data retransmission attack prevention method according to any of claims 1 to 5.
CN202111228917.3A 2021-10-21 2021-10-21 DDOS data retransmission attack prevention method, device, equipment and storage medium Active CN114039747B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111228917.3A CN114039747B (en) 2021-10-21 2021-10-21 DDOS data retransmission attack prevention method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111228917.3A CN114039747B (en) 2021-10-21 2021-10-21 DDOS data retransmission attack prevention method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114039747A CN114039747A (en) 2022-02-11
CN114039747B true CN114039747B (en) 2023-05-16

Family

ID=80135090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111228917.3A Active CN114039747B (en) 2021-10-21 2021-10-21 DDOS data retransmission attack prevention method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114039747B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729513A (en) * 2008-10-27 2010-06-09 成都市华为赛门铁克科技有限公司 Network authentication method and device
CN109842631A (en) * 2019-03-21 2019-06-04 安徽威尔信通信科技有限责任公司 A kind of network information security intelligent analysis system
CN110035031A (en) * 2018-01-11 2019-07-19 阿里巴巴集团控股有限公司 A kind of detection method and data processing method of SQL injection
CN110213204A (en) * 2018-03-13 2019-09-06 腾讯科技(深圳)有限公司 Attack guarding method and device, equipment and readable storage medium storing program for executing
CN110912904A (en) * 2019-11-27 2020-03-24 腾讯科技(深圳)有限公司 Malicious device identification method and device, storage medium and computer device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030123394A1 (en) * 2001-11-13 2003-07-03 Ems Technologies, Inc. Flow control between performance enhancing proxies over variable bandwidth split links
US7992192B2 (en) * 2006-12-29 2011-08-02 Ebay Inc. Alerting as to denial of service attacks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729513A (en) * 2008-10-27 2010-06-09 成都市华为赛门铁克科技有限公司 Network authentication method and device
CN110035031A (en) * 2018-01-11 2019-07-19 阿里巴巴集团控股有限公司 A kind of detection method and data processing method of SQL injection
CN110213204A (en) * 2018-03-13 2019-09-06 腾讯科技(深圳)有限公司 Attack guarding method and device, equipment and readable storage medium storing program for executing
CN109842631A (en) * 2019-03-21 2019-06-04 安徽威尔信通信科技有限责任公司 A kind of network information security intelligent analysis system
CN110912904A (en) * 2019-11-27 2020-03-24 腾讯科技(深圳)有限公司 Malicious device identification method and device, storage medium and computer device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于IPv6的大规模网络异常流量检测系统设计;王劲松;李军燕;张洪玮;宫良一;;计算机工程(10);全文 *

Also Published As

Publication number Publication date
CN114039747A (en) 2022-02-11

Similar Documents

Publication Publication Date Title
CN111865557B (en) Verification code generation method and device
CN104038490B (en) A kind of communication security method of calibration and its device
US10298508B2 (en) Communication system, receiving-side apparatus and transmission-side apparatus
CN113434474B (en) Flow auditing method, equipment and storage medium based on federal learning
CN103581156A (en) Trusted network and operating method thereof
CN108683606B (en) IPsec anti-replay method, device, network equipment and readable storage medium
CN110619022B (en) Node detection method, device, equipment and storage medium based on block chain network
CN114039747B (en) DDOS data retransmission attack prevention method, device, equipment and storage medium
US9241048B2 (en) Mechanism for processing network event protocol messages
EP3748913A1 (en) Link bandwidth utilization rate acquisition method and device, and terminal
Zhang et al. A systematic approach to formal analysis of QUIC handshake protocol using symbolic model checking
CN114070801A (en) Message processing method, message transmission method, device and electronic equipment
CN105099930B (en) Encrypting traffic flow control methods and device
CN107223322A (en) The method, apparatus and system of signature verification
EP4460058A1 (en) Authentication and/or key management method, first device, terminal and communication device
CN113079027B (en) Block data generation and verification method based on hash value
CN104579557A (en) Data integrity transmission method among multiple nodes
CN114065302A (en) Data processing method, device, equipment, medium and block chain network
CN114006761B (en) Communication method and device for vulnerability detection and electronic equipment
CN111212396A (en) Vehicle system and method for vehicle-to-ambient information interaction (V2X) communication
CN115277112B (en) Data processing method, device, electronic device and storage medium
CN116614493B (en) Blockchain tracking method, device, equipment and storage medium for data transmission and reception process
US20250200150A1 (en) Image classification of communication channel for identifyingsender
CN118410093B (en) Multi-protocol data integrated control method, device, system and storage medium
EP3361670A1 (en) Multi-ttp-based method and device for verifying validity of identity of entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant