[go: up one dir, main page]

CN113422787B - Intelligent anti-attack method for passive optical network system - Google Patents

Intelligent anti-attack method for passive optical network system Download PDF

Info

Publication number
CN113422787B
CN113422787B CN202110971575.8A CN202110971575A CN113422787B CN 113422787 B CN113422787 B CN 113422787B CN 202110971575 A CN202110971575 A CN 202110971575A CN 113422787 B CN113422787 B CN 113422787B
Authority
CN
China
Prior art keywords
attack
module
processing
processing module
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110971575.8A
Other languages
Chinese (zh)
Other versions
CN113422787A (en
Inventor
于晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Leying Information Technology Co ltd
Original Assignee
Guangzhou Leying Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Leying Information Technology Co ltd filed Critical Guangzhou Leying Information Technology Co ltd
Priority to CN202110971575.8A priority Critical patent/CN113422787B/en
Publication of CN113422787A publication Critical patent/CN113422787A/en
Application granted granted Critical
Publication of CN113422787B publication Critical patent/CN113422787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q11/0067Provisions for optical access or distribution networks, e.g. Gigabit Ethernet Passive Optical Network (GE-PON), ATM-based Passive Optical Network (A-PON), PON-Ring

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an intelligent anti-attack method of a passive optical network system, which relates to the technical field of passive optical network anti-attack, identifying whether there is an attack by an attack identification module and acquiring an attack source when there is an attack, and acquiring a history of attack behavior in a cyber attack identification log when there is an attack, preliminarily determining the attack level according to the number of attack messages of the attack source, comparing the attack behavior of the attack source acquired by the attack identification module with the historical record of the attack behavior in the network attack identification log to acquire the similarity between the attack behavior of the attack source and the attack behavior in the network attack identification log, whether the processing action of the attack processing module is adjusted or not is judged according to the obtained similarity, so that the recognition precision of the attack is improved, the accuracy of the attack processing is further improved, and the anti-attack quality of the optical network is further improved.

Description

Intelligent anti-attack method for passive optical network system
Technical Field
The invention relates to the technical field of passive optical network anti-attack, in particular to an intelligent anti-attack method of a passive optical network system.
Background
A Passive Optical Network (PON) is a pure medium Network, which has advantages of preferentially avoiding electromagnetic interference and lightning impact of external devices, reducing faults of lines and external devices, and improving reliability of Optical Network lines.
The existing optical network anti-attack technology mostly achieves the aim of preventing attacks by manually identifying attacks and intervening, the method is high in labor cost and low in attack defense degree, more labor cost is needed in the face of complex attacks, the defense force of an optical network is low, the attack complexity and the concealment are higher and higher along with the continuous development of the network technology, and the network safety is difficult to guarantee through manual identification attacks.
Chinese patent publication No.: CN 103716305B. An intelligent anti-attack method for a passive optical network system is disclosed. The method comprises the following steps: 1. configuring an action for processing an attack source when detecting the existence of the attack; 2. regularly detecting whether the attack occurs or not and the level of the attack behavior; if yes, skipping to the step 3, otherwise, continuing to detect; 3. and processing the optical network unit of the attack source, and continuing to detect after the processing is finished. The invention can automatically complete the operation of the attack source when the attack occurs and the recovery of the service when the attack disappears, does not need manual interference, saves human resources and cost, and realizes intelligent operation. It can be seen that the intelligent anti-attack method for the passive optical network system is provided. There are the following problems: the attack level is determined only by the number of the attack messages, and the judgment of the optical network is not accurate when the optical network faces complex attacks.
Disclosure of Invention
Therefore, the invention provides an intelligent anti-attack method for a passive optical network system. The method is used for solving the problem that attack identification is not accurate enough when complex attacks are faced due to the fact that attack cannot be accurately identified in the prior art.
In order to achieve the above object, the present invention provides an intelligent anti-attack method for a passive optical network system, including:
step S1, the attack identification module identifies whether there is attack in the system, and acquires the attack source and the attack message quantity when identifying that there is attack in the system;
step S2, when the attack identification module identifies that there is attack in the system, the log obtaining module obtains the network attack identification log;
step S3, the comparison module compares the attack source with the network attack identification log;
step S4, the attack processing module makes corresponding anti-attack processing according to the number of the attack messages, the attack source and the comparison result of the comparison module;
when the attack identification module identifies that the network system has an attack, the attack identification module performs preliminary judgment on the attack level of the attack source according to the acquired attack message quantity and selects a corresponding processing action according to the preliminary judgment result of the attack level;
when the attack identification module completes the initial determination of the attack level of the attack source, the attack identification module sends the attack behavior of the attack source to the comparison module, the comparison module acquires the network attack identification log acquired by the log acquisition module, comparing the attack behavior of the attack source with the network attack identification log obtained by the log obtaining module, determining whether the attack behavior of the attack source has similarity with the network attack identification log according to the comparison result by the comparison module, if so, calculating the similarity Q between the attack behavior of the attack source and the network attack identification log by the comparison module, the comparison module compares the similarity Q with a preset similarity, and after the comparison is completed, the comparison module sends a comparison result to the attack processing module, and the attack processing module determines whether the processing action needs to be adjusted according to the comparison result;
when the processing action is adjusted by the attack processing module, the processing action is corrected by the comparison module according to the comparison result of the attack action of the attack source and the hit number of the attack actions under the corresponding similarity in the network attack identification log.
Further, when the attack identification module identifies that the attack exists, the attack identification module acquires the attack message quantity E, compares the attack message quantity E with a preset attack message quantity and preliminarily judges the attack level of the attack source according to the comparison result,
wherein the attack identification module is provided with a first preset attack message quantity E1, a second preset attack message quantity E2, a third preset attack message quantity E3, a first attack level U1, a second attack level U2 and a third attack level U3, wherein E1 is more than E2 and less than E3, U1 is more than U2 and less than U3,
when E < E1, the attack identification module preliminarily determines the attack level of the attack source as a first attack level U1;
when E1 is less than or equal to E < E2, the attack recognition module preliminarily determines the attack level of the attack source as a second attack level U2;
when E2 is less than or equal to E < E3, the attack recognition module preliminarily determines the attack level of the attack source as a third attack level U3;
when the attack identification module preliminarily determines the attack level of the attack source as the ith attack level Ui, setting i =1, 2, 3, and sending the preliminarily determined attack level Ui to the attack processing module by the attack identification module;
the attack processing module is further provided with actions corresponding to the attack levels for processing the attack source, wherein the action corresponding to U1 for processing the attack source is used as limiting port bandwidth, the action corresponding to U2 for processing the attack source is used as port closing, and the action corresponding to U3 for processing the attack source is used as temporarily taking down a user corresponding to the port.
Further, when the attack processing module determines that the processing action needs to be adjusted, the attack processing module selects a corresponding adjustment coefficient according to a comparison result of the similarity Q between the attack behavior of the attack source and the network attack identification log to adjust the processing action;
the comparison module is also provided with a first preset similarity Q1, a second preset similarity Q2, a third preset similarity Q3, a first adjusting coefficient K1, a second adjusting coefficient K2 and a third adjusting coefficient K3, wherein Q1 is more than Q2 and more than Q3, 1 is more than K1 and more than K2 and more than K3 and less than 2,
when Q < Q1, the attack processing module determines not to adjust the processing action;
when Q1 is not less than Q < Q2, the attack processing module judges that the processing action is adjusted, and selects a first adjusting coefficient K1 to adjust the processing action;
when Q2 is not less than Q < Q3, the attack processing module judges that the processing action is adjusted, and selects a second adjustment coefficient K2 to adjust the processing action;
and when Q is larger than or equal to Q3, the attack processing module judges to adjust the processing action, and selects a third adjusting coefficient K3 to adjust the processing action.
Further, the attack processing module adjusting the processing action comprises:
when the preliminarily determined attack level is a first attack level U1, the attack processing module limits the port bandwidth and selects a corresponding adjusting coefficient to adjust the maximum bandwidth of the port, the attack processing module sets the adjusted maximum bandwidth of the port to be D and sets D = Dc- (Dc × Ki-Dc), wherein Dc is the initial bandwidth of the port, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is a second attack level U2, the attack processing module adjusts the closing time length of the port and selects a corresponding adjusting coefficient to adjust and increase the closing time length of the port, the attack processing module sets the adjusted closing time length of the port to ta ', and sets ta' = ta × Ki, wherein ta is the initial port closing time length, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is the third attack level U3, the attack processing module adjusts the temporary offline time length of the user and selects a corresponding adjustment coefficient to adjust and increase the temporary offline time length of the user, the attack processing module sets the temporary offline time length of the user to be tb ', and sets tb' = tb × Ki, wherein tb is the temporary offline time length of the initial user, Ki is the adjustment coefficient, and i =1, 2, 3 is set.
Further, when the attack processing module finishes adjusting the processing action, the comparison module obtains the hit number R of the attack action of the attack source and the attack action under the corresponding similarity in the network attack identification log, and compares the hit number R with a preset hit number R0, if R is not more than R0, the attack processing module does not modify the processing action, and if R is more than R0, the attack processing module modifies the processing action.
Further, when the attack processing module corrects the processing action, the attack processing module calculates a difference Δ Ra between the hit number R and a preset hit number R0 and selects a corresponding correction coefficient according to a comparison result of the Δ Ra and the preset hit number difference to correct the processing action, sets Δ Ra = R-R0,
wherein the attack processing module is further provided with a first preset hit number difference value delta R1, a second preset hit number difference value delta R2, a third preset hit number difference value delta R3, a first correction coefficient X1, a second correction coefficient X2 and a third correction coefficient X3, wherein delta R1 is more than delta R2 and less than delta R3, 1 is more than X1 and more than X2 and less than X3 and less than 2,
when the delta Ra is less than the delta R1, the attack processing module does not modify the processing action;
when the delta R1 is not less than the delta Ra is less than the delta R2, the attack processing module selects a first correction coefficient X1 to correct the processing action;
when the delta R2 is not less than the delta Ra is less than the delta R3, the attack processing module selects a second correction coefficient X2 to correct the processing action;
when the delta Ra is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to correct the processing action.
Further, when the attack processing module completes the adjustment of the processing action, the comparison module obtains the adjusted or corrected port bandwidth D, and compares the port bandwidth with a preset minimum port bandwidth Dmin, and if D is less than or equal to Dmin, the attack processing module sets the processing action to be changed from limiting the port bandwidth to closing the port.
Further, the comparison module is further provided with a preset maximum similarity Qmax and a preset maximum number of hits Rmax, when the comparison module finishes the similarity between the attack behavior of the attack source and the network attack identification log, the comparison module compares the obtained similarity Q with the preset maximum similarity Qmax, when Q is greater than Qmax, the attack behavior of the attack source and the number of hits of the attack behavior in the network attack identification log under the corresponding similarity are compared, the comparison module compares the number of hits R with the preset maximum number of hits Rmax, and if R is greater than Rmax, the attack processing module adjusts the processing action corresponding to the attack level to the processing action corresponding to the next attack level.
Further, when R is larger than Rmax, the attack processing module calculates the difference value Delta Rb between the hit number R and the preset maximum hit number, selects a corresponding correction coefficient according to the comparison result of the difference value and the preset hit number difference value to carry out secondary correction on the processing action, sets Delta Rb = R-Rmax,
when the delta R1 is not less than the delta Rb is less than the delta R2, the attack processing module selects a first correction coefficient X1 to carry out secondary correction on the processing action;
when the delta R2 is not more than delta Rb is less than the delta R3, the attack processing module selects a second correction coefficient X2 to carry out secondary correction on the processing action;
and when the delta Rb is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to carry out secondary correction on the processing action.
Furthermore, the attack identification module also comprises an attack identification unit for identifying whether an attack exists and an attack source acquisition unit for acquiring an attack source IP, an attack target IP, an attack behavior of an attack source and the quantity of attack messages;
the log acquisition module also comprises a storage unit for storing the network attack identification log and a recording unit for recording the attack;
the attack processing module also comprises an attack processing unit used for carrying out corresponding processing on the attack and an adjusting unit used for adjusting the processing action.
Compared with the prior art, the method has the advantages that whether attack exists or not is identified through the attack identification module, the attack source is obtained when the attack exists, the historical records of the attack behaviors in the network attack identification log are obtained when the attack exists, the attack level is preliminarily determined according to the number of the attack messages of the attack source, the attack behaviors of the attack source obtained by the attack identification module are compared with the historical records of the attack behaviors in the network attack identification log, the similarity between the attack behaviors of the attack source and the attack behaviors in the network attack identification log is obtained, whether the processing actions of the attack processing module are adjusted or not is judged according to the obtained similarity, the identification precision of the attack is improved, the precision of attack processing is further improved, and the anti-attack quality of the optical network is further improved.
Furthermore, by setting the number of the preset attack messages and the attack level in the attack identification module, when the attack exists, the attack level is determined according to the comparison result of the actual number of the attack messages of the attack source and the number of the preset attack messages, so that the accuracy of attack processing is further improved, and the anti-attack quality of the optical network is further improved.
Further, by obtaining the similarity between the attack behavior of the attack source and the attack behavior of the network attack identification log, calculating the similarity, comparing the similarity with a preset similarity, and judging whether to adjust the processing action according to the comparison result, when the adjustment is judged to be needed, selecting a corresponding adjustment coefficient according to the comparison result of the similarity and the preset similarity to adjust the processing action, the accuracy of the attack processing is further improved, and the anti-attack quality of the optical network is further improved.
Furthermore, the accuracy of attack processing is further improved by setting a preset number of hits in the attack processing module, and when the comparison module obtains the attack behavior of the attack source and the network attack identification log, determining whether to modify the processing action according to the comparison result of the number of hits and the preset number of hits, so as to further improve the quality of preventing the attack of the optical network.
Furthermore, the accuracy of attack processing is further improved by setting a difference value of the number of preset hits in the attack processing module, calculating the difference value between the number of hits and the number of preset hits when judging that the processing action is corrected, and selecting a corresponding correction coefficient according to the comparison result of the difference value and the difference value of the number of preset hits to correct the processing action, thereby further improving the quality of the optical network for preventing the attack.
Drawings
Fig. 1 is a flowchart of an intelligent attack prevention method for a passive optical network system according to the present invention;
fig. 2 is a logic block diagram of the system of the intelligent attack prevention method for the passive optical network system according to the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described below with reference to examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
It should be noted that in the description of the present invention, the terms of direction or positional relationship indicated by the terms "upper", "lower", "left", "right", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, which are only for convenience of description, and do not indicate or imply that the device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Referring to fig. 1 and fig. 2, fig. 1 is a flowchart illustrating an intelligent anti-attack method for a passive optical network system according to the present invention; fig. 2 is a logic block diagram of the intelligent attack prevention method for the passive optical network system according to the present invention.
The invention discloses an intelligent anti-attack method for a passive optical network system, which comprises the following steps:
step S1, the attack identification module identifies whether there is attack in the system, and acquires the attack source and the attack message quantity when identifying that there is attack in the system;
step S2, when the attack identification module identifies that there is attack in the system, the log obtaining module obtains the network attack identification log;
step S3, the comparison module compares the attack source with the network attack identification log;
step S4, the attack processing module makes corresponding anti-attack processing according to the number of the attack messages, the attack source and the comparison result of the comparison module;
when the attack identification module identifies that the network system has an attack, the attack identification module performs preliminary judgment on the attack level of the attack source according to the acquired attack message quantity and selects a corresponding processing action according to the preliminary judgment result of the attack level;
when the attack identification module completes the initial determination of the attack level of the attack source, the attack identification module sends the attack behavior of the attack source to the comparison module, the comparison module acquires the network attack identification log acquired by the log acquisition module, comparing the attack behavior of the attack source with the network attack identification log obtained by the log obtaining module, determining whether the attack behavior of the attack source has similarity with the network attack identification log according to the comparison result by the comparison module, if so, calculating the similarity Q between the attack behavior of the attack source and the network attack identification log by the comparison module, the comparison module compares the similarity Q with a preset similarity, and after the comparison is completed, the comparison module sends a comparison result to the attack processing module, and the attack processing module determines whether the processing action needs to be adjusted according to the comparison result;
when the processing action is adjusted by the attack processing module, the processing action is corrected by the comparison module according to the comparison result of the attack action of the attack source and the hit number of the attack actions under the corresponding similarity in the network attack identification log.
Specifically, whether an attack exists or not is identified through an attack identification module, an attack source is obtained when the attack exists, a historical record of attack behaviors in a network attack identification log is obtained when the attack exists, the attack level is preliminarily determined according to the number of attack messages of the attack source, the attack behaviors of the attack source obtained by the attack identification module are compared with the historical record of the attack behaviors in the network attack identification log, the similarity between the attack behaviors of the attack source and the attack behaviors in the network attack identification log is obtained, whether the processing action of an attack processing module is adjusted or not is judged according to the obtained similarity, the identification precision of the attack is improved, the precision of attack processing is further improved, and the anti-attack quality of the optical network is further improved.
The intelligent anti-attack method for the passive optical network system of the invention, when the attack identification module identifies the existence of the attack, the attack identification module obtains the attack message quantity E, compares the attack message quantity E with the preset attack message quantity and carries out the preliminary judgment on the attack level of the attack source according to the comparison result,
wherein the attack identification module is provided with a first preset attack message quantity E1, a second preset attack message quantity E2, a third preset attack message quantity E3, a first attack level U1, a second attack level U2 and a third attack level U3, wherein E1 is more than E2 and less than E3, U1 is more than U2 and less than U3,
when E < E1, the attack identification module preliminarily determines the attack level of the attack source as a first attack level U1;
when E1 is less than or equal to E < E2, the attack recognition module preliminarily determines the attack level of the attack source as a second attack level U2;
when E2 is less than or equal to E < E3, the attack recognition module preliminarily determines the attack level of the attack source as a third attack level U3;
when the attack identification module preliminarily determines the attack level of the attack source as the ith attack level Ui, setting i =1, 2, 3, and sending the preliminarily determined attack level Ui to the attack processing module by the attack identification module;
the attack processing module is further provided with actions corresponding to the attack levels for processing the attack source, wherein the action corresponding to U1 for processing the attack source is used as limiting port bandwidth, the action corresponding to U2 for processing the attack source is used as port closing, and the action corresponding to U3 for processing the attack source is used as temporarily taking down a user corresponding to the port.
Specifically, the preset attack message quantity and the attack level are set in the attack identification module, and when the attack exists, the attack level is determined according to the comparison result of the actual attack message quantity of the attack source and the preset attack message quantity, so that the accuracy of attack processing is further improved, and the anti-attack quality of the optical network is further improved.
According to the intelligent anti-attack method for the passive optical network system, when the attack processing module determines that the processing action needs to be adjusted, the attack processing module selects a corresponding adjusting coefficient according to the similarity Q comparison result of the attack action of the attack source and the network attack identification log to adjust the processing action;
the comparison module is also provided with a first preset similarity Q1, a second preset similarity Q2, a third preset similarity Q3, a first adjusting coefficient K1, a second adjusting coefficient K2 and a third adjusting coefficient K3, wherein Q1 is more than Q2 and more than Q3, 1 is more than K1 and more than K2 and more than K3 and less than 2,
when Q < Q1, the attack processing module determines not to adjust the processing action;
when Q1 is not less than Q < Q2, the attack processing module judges that the processing action is adjusted, and selects a first adjusting coefficient K1 to adjust the processing action;
when Q2 is not less than Q < Q3, the attack processing module judges that the processing action is adjusted, and selects a second adjustment coefficient K2 to adjust the processing action;
and when Q is larger than or equal to Q3, the attack processing module judges to adjust the processing action, and selects a third adjusting coefficient K3 to adjust the processing action.
Specifically, the attack processing module adjusting the processing action includes:
when the preliminarily determined attack level is a first attack level U1, the attack processing module limits the port bandwidth and selects a corresponding adjusting coefficient to adjust the maximum bandwidth of the port, the attack processing module sets the adjusted maximum bandwidth of the port to be D and sets D = Dc- (Dc × Ki-Dc), wherein Dc is the initial bandwidth of the port, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is a second attack level U2, the attack processing module adjusts the closing time length of the port and selects a corresponding adjusting coefficient to adjust and increase the closing time length of the port, the attack processing module sets the adjusted closing time length of the port to ta ', and sets ta' = ta × Ki, wherein ta is the initial port closing time length, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is the third attack level U3, the attack processing module adjusts the temporary offline time length of the user and selects a corresponding adjustment coefficient to adjust and increase the temporary offline time length of the user, the attack processing module sets the temporary offline time length of the user to be tb ', and sets tb' = tb × Ki, wherein tb is the temporary offline time length of the initial user, Ki is the adjustment coefficient, and i =1, 2, 3 is set.
Specifically, when the attack level is U1 and Q1 is more than or equal to Q < Q2, the attack processing module selects a first adjusting coefficient K1 to adjust the port bandwidth;
when the attack level is U2 and Q1 is more than or equal to Q < Q2, the attack processing module selects a first adjusting coefficient K1 to adjust the port closing time length;
when the attack level is U3 and Q1 is more than or equal to Q < Q2, the attack processing module selects a first adjusting coefficient K1 to adjust the temporary offline time length of the user;
when the attack level is U1 and Q2 is more than or equal to Q < Q3, the attack processing module selects a second adjusting coefficient K2 to adjust the port bandwidth;
when the attack level is U2 and Q2 is more than or equal to Q < Q3, the attack processing module selects a second adjusting coefficient K2 to adjust the port closing time length;
when the attack level is U3 and Q2 is more than or equal to Q < Q3, the attack processing module selects a second adjusting coefficient K2 to adjust the temporary offline time length of the user;
when the attack level is U1 and Q is more than or equal to Q3, the attack processing module selects a third adjusting coefficient K3 to adjust the port bandwidth;
when the attack level is U2 and Q is more than or equal to Q3, the attack processing module selects a third adjusting coefficient K3 to adjust the port closing time length;
when the attack level is U3 and Q is more than or equal to Q3, the attack processing module selects a third adjusting coefficient K3 to adjust the temporary offline time length of the user;
specifically, by obtaining the similarity between the attack behavior of the attack source and the attack behavior of the network attack recognition log, calculating the similarity, comparing the similarity with a preset similarity, and determining whether to adjust the processing action according to the comparison result, when it is determined that adjustment is needed, selecting a corresponding adjustment coefficient according to the comparison result of the similarity and the preset similarity to adjust the processing action, the accuracy of attack processing is further improved, and the quality of preventing the attack of the optical network is further improved.
According to the intelligent anti-attack method for the passive optical network system, when the attack processing module finishes adjusting the processing action, the comparison module obtains the hit number R of the attack action of the attack source and the attack action under the corresponding similarity in the network attack identification log, compares the hit number R with the preset hit number R0, if R is not more than R0, the attack processing module does not modify the processing action, and if R is more than R0, the attack processing module modifies the processing action.
Specifically, the attack processing module is provided with a preset number of hits, and when the comparison module obtains the attack behavior of the attack source and the network attack identification log, the number of hits of the attack behavior under the corresponding similarity is determined, and whether the processing action is modified or not is determined according to the comparison result of the number of hits and the preset number of hits, so that the accuracy of attack processing is further improved, and the quality of preventing the optical network from being attacked is further improved.
The intelligent anti-attack method for the passive optical network system comprises the steps that when the attack processing module judges that the processing action is corrected, the attack processing module calculates the difference value Delta Ra between the hit number R and the preset hit number R0, selects the corresponding correction coefficient according to the comparison result of the difference value Delta Ra and the preset hit number to correct the processing action, sets Delta Ra = R-Ra,
wherein the attack processing module is further provided with a first preset hit number difference value delta R1, a second preset hit number difference value delta R2, a third preset hit number difference value delta R3, a first correction coefficient X1, a second correction coefficient X2 and a third correction coefficient X3, wherein delta R1 is more than delta R2 and less than delta R3, 1 is more than X1 and more than X2 and less than X3 and less than 2,
when the delta Ra is less than the delta R1, the attack processing module does not modify the processing action;
when the delta R1 is not less than the delta Ra is less than the delta R2, the attack processing module selects a first correction coefficient X1 to correct the processing action;
when the delta R2 is not less than the delta Ra is less than the delta R3, the attack processing module selects a second correction coefficient X2 to correct the processing action;
when the delta Ra is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to correct the processing action.
Specifically, the modification of the processing action by the attack processing module includes:
when the attack level is a first attack level U1, the attack processing module corrects the adjusted port bandwidth and selects a corresponding correction coefficient to reduce the maximum bandwidth of the port;
when the attack level is a second attack level U2, the attack processing module corrects the adjusted port closing time length and selects a corresponding correction coefficient to increase the port closing time length;
and when the attack level is the third attack level U3, the attack processing module corrects the adjusted user temporary offline time length and selects a corresponding correction coefficient to increase the user temporary offline time length.
Specifically, the attack processing module is provided with a preset hit number difference, the attack behavior of the attack source is compared with the attack behavior hit number R under the corresponding similarity in the network attack recognition log, when the comparison result of the hit number and the preset hit number is used for correcting the processing action, the difference between the hit number and the preset hit number is calculated, and a corresponding correction coefficient is selected according to the comparison result of the difference and the preset hit number difference to correct the processing action on the basis of the adjustment, so that the accuracy of attack processing is further improved, and the anti-attack quality of the optical network is further improved.
According to the intelligent anti-attack method for the passive optical network system, when the attack processing module completes the adjustment of the processing action, the comparison module obtains the adjusted or corrected port bandwidth D and compares the port bandwidth with the preset minimum port bandwidth Dmin, and if D is less than or equal to Dmin, the attack processing module sets the processing action to be changed from limiting the port bandwidth to closing the port.
Specifically, the preset minimum port bandwidth is set in the attack processing module, and the processing action is determined to be modified into another processing action according to the comparison result of the actually adjusted or modified port bandwidth and the preset minimum port bandwidth, so that the accuracy of attack processing is further improved, and the quality of the optical network attack prevention is further improved.
The invention relates to an intelligent anti-attack method for a passive optical network system, wherein a comparison module is also provided with a preset maximum similarity Qmax and a preset maximum hit number Rmax, when the comparison module obtains the similarity between an attack behavior of an attack source and a network attack identification log, the comparison module compares the obtained similarity Q with the preset maximum similarity Qmax, and when Q is more than Qmax, the comparison module obtains the hit number of the attack behavior of the attack source and the hit number of the attack behavior in the network attack identification log under the corresponding similarity, the comparison module compares the hit number R with the preset maximum hit number Rmax, and if R is more than Rmax, the attack processing module adjusts the processing action corresponding to the attack level into the processing action corresponding to the next attack level.
Specifically, the preset maximum similarity and the preset maximum number of hits are set in the comparison module, the number of hits corresponding to the similarity and the similarity is compared with the preset maximum similarity and the preset maximum number of hits respectively, whether the processing action is adjusted or not is judged according to the comparison result, the accuracy of attack processing is further improved, and therefore the quality of the optical network for preventing the attack is further improved.
The invention relates to an intelligent anti-attack method for a passive optical network system, when Q is more than Qmax or R is more than Rmax, an attack processing module calculates the difference value Delta Rb between the hit number R and the preset maximum hit number, selects a corresponding correction coefficient to carry out secondary correction on the processing action according to the comparison result of the difference value and the preset hit number difference value, sets Delta Rb = R-Rmax,
when the delta R1 is not less than the delta Rb is less than the delta R2, the attack processing module selects a first correction coefficient X1 to carry out secondary correction on the processing action;
when the delta R2 is not more than delta Rb is less than the delta R3, the attack processing module selects a second correction coefficient X2 to carry out secondary correction on the processing action;
and when the delta Rb is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to carry out secondary correction on the processing action.
Specifically, when the comparison result between the similarity and the number of hits and the preset maximum similarity and the preset maximum number of hits respectively indicates that the similarity and the number of hits are both greater than the preset maximum similarity and the preset maximum number of hits, the difference between the number of hits and the preset number of hits is calculated, and a corresponding correction coefficient is selected according to the comparison result between the difference and the preset number of hits to perform secondary correction on the processing action, so that the accuracy of the attack processing is further improved, and the quality of the optical network attack prevention is further improved.
The invention relates to an intelligent anti-attack method for a passive optical network system, wherein an attack identification module also comprises an attack identification unit for identifying whether an attack exists and an attack source acquisition unit for acquiring an attack source IP, an attack target IP, an attack behavior of an attack source and the quantity of attack messages;
the log acquisition module also comprises a storage unit for storing the network attack identification log and a recording unit for recording the attack;
the attack processing module also comprises an attack processing unit used for carrying out corresponding processing on the attack and an adjusting unit used for adjusting the processing action.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention; various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. An intelligent anti-attack method for a passive optical network system, comprising:
step S1, the attack identification unit of the attack identification module identifies whether there is attack in the system, when the attack identification unit identifies that there is attack in the system, the attack source acquisition unit of the attack identification module acquires the attack source and the attack message quantity;
step S2, when the attack identification module identifies that there is attack in the system, the log obtaining module obtains the network attack identification log;
step S3, the comparison module compares the attack source with the network attack identification log;
step S4, the attack processing unit of the attack processing module makes corresponding anti-attack processing according to the number of the attack messages, the attack source and the comparison result of the comparison module, and the adjusting unit of the attack processing module makes corresponding adjustment to the processing action according to the comparison result of the comparison module;
when the attack identification module identifies that the network system has an attack, the attack identification module performs preliminary judgment on the attack level of the attack source according to the acquired attack message quantity and selects a corresponding processing action according to the preliminary judgment result of the attack level;
when the attack identification module completes the initial determination of the attack level of the attack source, the attack identification module sends the attack behavior of the attack source to the comparison module, the comparison module acquires the network attack identification log acquired by the log acquisition module, comparing the attack behavior of the attack source with the network attack identification log obtained by the log obtaining module, determining whether the attack behavior of the attack source has similarity with the network attack identification log according to the comparison result by the comparison module, if so, calculating the similarity Q between the attack behavior of the attack source and the network attack identification log by the comparison module, the comparison module compares the similarity Q with a preset similarity, and after the comparison is completed, the comparison module sends a comparison result to the attack processing module, and the attack processing module determines whether the processing action needs to be adjusted according to the comparison result;
when the processing action is adjusted by the attack processing module, the processing action is corrected by the comparison module according to the comparison result of the attack action of the attack source and the hit number of the attack actions under the corresponding similarity in the network attack identification log.
2. The intelligent anti-attack method for passive optical network system according to claim 1, wherein when the attack recognition module recognizes that there is an attack, the attack recognition module obtains the attack packet quantity E, compares the attack packet quantity E with a preset attack packet quantity, and performs a preliminary determination on the attack level of the attack source according to the comparison result,
wherein the attack identification module is provided with a first preset attack message quantity E1, a second preset attack message quantity E2, a third preset attack message quantity E3, a first attack level U1, a second attack level U2 and a third attack level U3, wherein E1 is more than E2 and less than E3, U1 is more than U2 and less than U3,
when E < E1, the attack identification module preliminarily determines the attack level of the attack source as a first attack level U1;
when E1 is less than or equal to E < E2, the attack recognition module preliminarily determines the attack level of the attack source as a second attack level U2;
when E2 is less than or equal to E < E3, the attack recognition module preliminarily determines the attack level of the attack source as a third attack level U3;
when the attack identification module preliminarily determines the attack level of the attack source as the ith attack level Ui, setting i =1, 2, 3, and sending the preliminarily determined attack level Ui to the attack processing module by the attack identification module;
the attack processing module is further provided with actions corresponding to the attack levels for processing the attack source, wherein the action corresponding to U1 for processing the attack source is used as limiting port bandwidth, the action corresponding to U2 for processing the attack source is used as port closing, and the action corresponding to U3 for processing the attack source is used as temporarily taking down a user corresponding to the port.
3. The intelligent anti-attack method for a passive optical network system according to claim 2, wherein when the attack processing module determines that the processing action needs to be adjusted, the attack processing module selects a corresponding adjustment coefficient to adjust the processing action according to a comparison result of similarity Q between the attack behavior of the attack source and the network attack identification log;
the comparison module is also provided with a first preset similarity Q1, a second preset similarity Q2, a third preset similarity Q3, a first adjusting coefficient K1, a second adjusting coefficient K2 and a third adjusting coefficient K3, wherein Q1 is more than Q2 and more than Q3, 1 is more than K1 and more than K2 and more than K3 and less than 2,
when Q < Q1, the attack processing module determines not to adjust the processing action;
when Q1 is not less than Q < Q2, the attack processing module judges that the processing action is adjusted, and selects a first adjusting coefficient K1 to adjust the processing action;
when Q2 is not less than Q < Q3, the attack processing module judges that the processing action is adjusted, and selects a second adjustment coefficient K2 to adjust the processing action;
and when Q is larger than or equal to Q3, the attack processing module judges to adjust the processing action, and selects a third adjusting coefficient K3 to adjust the processing action.
4. The intelligent anti-attack method for passive optical network system according to claim 3, wherein the attack processing module adjusting the processing action comprises:
when the preliminarily determined attack level is a first attack level U1, the attack processing module limits the port bandwidth and selects a corresponding adjusting coefficient to adjust the maximum bandwidth of the port, the attack processing module sets the adjusted maximum bandwidth of the port to be D and sets D = Dc- (Dc × Ki-Dc), wherein Dc is the initial bandwidth of the port, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is a second attack level U2, the attack processing module adjusts the closing time length of the port and selects a corresponding adjusting coefficient to adjust and increase the closing time length of the port, the attack processing module sets the adjusted closing time length of the port to ta ', and sets ta' = ta × Ki, wherein ta is the initial port closing time length, Ki is the adjusting coefficient, and i =1, 2, 3 is set;
when the preliminarily determined attack level is the third attack level U3, the attack processing module adjusts the temporary offline time length of the user and selects a corresponding adjustment coefficient to adjust and increase the temporary offline time length of the user, the attack processing module sets the temporary offline time length of the user to be tb ', and sets tb' = tb × Ki, wherein tb is the temporary offline time length of the initial user, Ki is the adjustment coefficient, and i =1, 2, 3 is set.
5. The intelligent anti-attack method for a passive optical network system according to claim 4, wherein when the attack processing module completes adjustment of the processing action, the comparison module obtains the number of hits R of the attack behavior of the attack source and the attack behavior under the corresponding similarity in the network attack identification log, and compares the number of hits R with a preset number of hits R0, if R is not greater than R0, the attack processing module does not modify the processing action, and if R is greater than R0, the attack processing module modifies the processing action.
6. The intelligent anti-attack method for PON system of claim 5, wherein when the attack processing module corrects the processing action, the attack processing module calculates the difference Δ Ra between the hit number R and the predetermined hit number R0 and selects the corresponding correction coefficient to correct the processing action according to the comparison result between Δ Ra and the predetermined hit number difference, and sets Δ Ra = R-R0,
wherein the attack processing module is further provided with a first preset hit number difference value delta R1, a second preset hit number difference value delta R2, a third preset hit number difference value delta R3, a first correction coefficient X1, a second correction coefficient X2 and a third correction coefficient X3, wherein delta R1 is more than delta R2 and less than delta R3, 1 is more than X1 and more than X2 and less than X3 and less than 2,
when the delta Ra is less than the delta R1, the attack processing module does not modify the processing action;
when the delta R1 is not less than the delta Ra is less than the delta R2, the attack processing module selects a first correction coefficient X1 to correct the processing action;
when the delta R2 is not less than the delta Ra is less than the delta R3, the attack processing module selects a second correction coefficient X2 to correct the processing action;
when the delta Ra is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to correct the processing action;
the attack processing module correcting the processing action comprises:
when the attack level is a first attack level U1, the attack processing module corrects the adjusted port bandwidth and selects a corresponding correction coefficient to reduce the maximum bandwidth of the port;
when the attack level is a second attack level U2, the attack processing module corrects the adjusted port closing time length and selects a corresponding correction coefficient to increase the port closing time length;
and when the attack level is the third attack level U3, the attack processing module corrects the adjusted user temporary offline time length and selects a corresponding correction coefficient to increase the user temporary offline time length.
7. The intelligent anti-attack method for a pon system according to claim 6, wherein when the attack processing module completes the adjustment of the processing action, the comparison module obtains the adjusted or modified port bandwidth D and compares the port bandwidth with a preset minimum port bandwidth Dmin, and if D is less than or equal to Dmin, the attack processing module sets the processing action to be modified from limiting the port bandwidth to closing the port.
8. The intelligent anti-attack method for the passive optical network system according to claim 7, wherein the comparison module further has a preset maximum similarity Qmax and a preset maximum number of hits Rmax, when the comparison module obtains the similarity between the attack behavior of the attack source and the network attack recognition log, the comparison module compares the obtained similarity Q with the preset maximum similarity Qmax, when Q is greater than Qmax, the comparison module obtains the number of hits of the attack behavior of the attack source and the attack behavior in the network attack recognition log at the corresponding similarity, the comparison module compares the number of hits R with the preset maximum number of hits Rmax, and if R is greater than Rmax, the attack processing module adjusts the processing action corresponding to the attack level to the processing action corresponding to the next attack level.
9. The intelligent anti-attack method for a passive optical network system according to claim 8, wherein when R > Rmax, the attack processing module calculates a difference Δ Rb between the number of hits R and a preset maximum number of hits and selects a corresponding correction coefficient to perform a secondary correction on the processing action according to a comparison result between the difference and the preset number of hits, and sets Δ Rb = R-Rmax,
when the delta R1 is not less than the delta Rb is less than the delta R2, the attack processing module selects a first correction coefficient X1 to carry out secondary correction on the processing action;
when the delta R2 is not more than delta Rb is less than the delta R3, the attack processing module selects a second correction coefficient X2 to carry out secondary correction on the processing action;
and when the delta Rb is larger than or equal to the delta R3, the attack processing module selects a third correction coefficient X3 to carry out secondary correction on the processing action.
10. The intelligent attack prevention method for a passive optical network system according to claim 9, wherein the log obtaining module further comprises a storage unit for storing a network attack identification log and a recording unit for recording the current attack.
CN202110971575.8A 2021-08-24 2021-08-24 Intelligent anti-attack method for passive optical network system Active CN113422787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110971575.8A CN113422787B (en) 2021-08-24 2021-08-24 Intelligent anti-attack method for passive optical network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110971575.8A CN113422787B (en) 2021-08-24 2021-08-24 Intelligent anti-attack method for passive optical network system

Publications (2)

Publication Number Publication Date
CN113422787A CN113422787A (en) 2021-09-21
CN113422787B true CN113422787B (en) 2021-11-09

Family

ID=77719875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110971575.8A Active CN113422787B (en) 2021-08-24 2021-08-24 Intelligent anti-attack method for passive optical network system

Country Status (1)

Country Link
CN (1) CN113422787B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175927A (en) * 2008-01-23 2009-08-06 Nec Corp File management method, file management device, and program
CN103716305A (en) * 2013-12-13 2014-04-09 上海斐讯数据通信技术有限公司 Intelligent anti-attack method for passive optical network system
CN107241352A (en) * 2017-07-17 2017-10-10 浙江鹏信信息科技股份有限公司 A kind of net security accident classificaiton and Forecasting Methodology and system
CN108092948A (en) * 2016-11-23 2018-05-29 中国移动通信集团湖北有限公司 A kind of recognition methods of network attack mode and device
CN109308409A (en) * 2018-10-16 2019-02-05 国网湖南省电力有限公司 An attack path reconstruction method based on similarity calculation
CN110519251A (en) * 2019-08-20 2019-11-29 新华三信息安全技术有限公司 A kind of attack detection method and device
CN111565199A (en) * 2020-07-14 2020-08-21 腾讯科技(深圳)有限公司 Network attack information processing method and device, electronic equipment and storage medium
CN111726774A (en) * 2020-06-28 2020-09-29 北京百度网讯科技有限公司 Method, device, device and storage medium for defending against attacks
CN112329014A (en) * 2020-11-27 2021-02-05 杭州安恒信息技术股份有限公司 A virus identification and defense method, device, storage medium and device
CN112351031A (en) * 2020-11-05 2021-02-09 中国电子信息产业集团有限公司 Generation method and device of attack behavior portrait, electronic equipment and storage medium
CN112953917A (en) * 2021-01-29 2021-06-11 中国农业银行股份有限公司 Network attack source identification method and device, computer equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH693921A5 (en) * 2001-08-07 2004-04-15 Ip Online Gmbh Attack identification and defense method for server system of network service provider or operator uses electronic unit integrated in computer network
JP4545647B2 (en) * 2005-06-17 2010-09-15 富士通株式会社 Attack detection / protection system
CN112134897B (en) * 2020-09-27 2023-04-18 奇安信科技集团股份有限公司 Network attack data processing method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175927A (en) * 2008-01-23 2009-08-06 Nec Corp File management method, file management device, and program
CN103716305A (en) * 2013-12-13 2014-04-09 上海斐讯数据通信技术有限公司 Intelligent anti-attack method for passive optical network system
CN108092948A (en) * 2016-11-23 2018-05-29 中国移动通信集团湖北有限公司 A kind of recognition methods of network attack mode and device
CN107241352A (en) * 2017-07-17 2017-10-10 浙江鹏信信息科技股份有限公司 A kind of net security accident classificaiton and Forecasting Methodology and system
CN109308409A (en) * 2018-10-16 2019-02-05 国网湖南省电力有限公司 An attack path reconstruction method based on similarity calculation
CN110519251A (en) * 2019-08-20 2019-11-29 新华三信息安全技术有限公司 A kind of attack detection method and device
CN111726774A (en) * 2020-06-28 2020-09-29 北京百度网讯科技有限公司 Method, device, device and storage medium for defending against attacks
CN111565199A (en) * 2020-07-14 2020-08-21 腾讯科技(深圳)有限公司 Network attack information processing method and device, electronic equipment and storage medium
CN112351031A (en) * 2020-11-05 2021-02-09 中国电子信息产业集团有限公司 Generation method and device of attack behavior portrait, electronic equipment and storage medium
CN112329014A (en) * 2020-11-27 2021-02-05 杭州安恒信息技术股份有限公司 A virus identification and defense method, device, storage medium and device
CN112953917A (en) * 2021-01-29 2021-06-11 中国农业银行股份有限公司 Network attack source identification method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN113422787A (en) 2021-09-21

Similar Documents

Publication Publication Date Title
CN109587179B (en) SSH (Single sign indicating) protocol behavior pattern recognition and alarm method based on bypass network full flow
KR20030049078A (en) Intrusion detection method using adaptive rule estimation in nids
US11784902B2 (en) Network management device, network management system and network management method
CN113422787B (en) Intelligent anti-attack method for passive optical network system
CN103856367A (en) Safe and quick detection method of IP network route and route analysis server
CN119324837B (en) Data security exchange system and method based on self-learning
CN114726648B (en) Terminal security cloud control system based on Internet of things
US8413234B1 (en) Communications-service fraud detection using special social connection
CN113709083A (en) Network attack detection control method, device, base station and computer storage medium
CN113411353B (en) Network security protection method and system
CN110753053B (en) Flow abnormity prejudging method based on big data analysis
CN112672140A (en) Camera identification method and device
CN116866024A (en) Network security monitoring method based on user analysis
CN116760935A (en) Data fence system based on image data transmission
CN117579344A (en) Network structure characteristic abnormality detection system
CN115942352A (en) Channel election method for short message service based on channel priority
CN113709156B (en) A kind of NIDS network penetration detection method, computer and storage medium
CN117201366A (en) Bode rate detection method and device based on LIN bus
CN113285910B (en) Remote office business authorization method and device and computer equipment
CN113938852B (en) Data traffic monitoring method, SMF network element, PSA network element and readable storage medium
CN113496028A (en) Software offline authentication method with time limit function
CN117390707B (en) Data security detection system and detection method based on data storage equipment
KR101506982B1 (en) System and method for detecting and bclocking illegal call through data network
CN120321728B (en) Adaptive network switching method and device for mobile Internet of Things devices
CN107395785B (en) Method and device for acquiring real address of network equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: An Intelligent Anti Attack Method for Passive Optical Network Systems

Effective date of registration: 20231017

Granted publication date: 20211109

Pledgee: Bank of China Limited by Share Ltd. Guangzhou Baiyun Branch

Pledgor: GUANGZHOU LEYING INFORMATION TECHNOLOGY CO.,LTD.

Registration number: Y2023980061341

PE01 Entry into force of the registration of the contract for pledge of patent right