CN108628721B - Abnormality detection method, device, storage medium and electronic device of user data value - Google Patents
Abnormality detection method, device, storage medium and electronic device of user data value Download PDFInfo
- Publication number
- CN108628721B CN108628721B CN201810411145.9A CN201810411145A CN108628721B CN 108628721 B CN108628721 B CN 108628721B CN 201810411145 A CN201810411145 A CN 201810411145A CN 108628721 B CN108628721 B CN 108628721B
- Authority
- CN
- China
- Prior art keywords
- value
- data
- data value
- user
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
- G06F11/3072—Monitoring arrangements determined by the means or processing involved in reporting the monitored data where the reporting involves data filtering, e.g. pattern matching, time or event triggered, adaptive or policy-based reporting
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
本发明公开了一种用户数据值的异常检测方法、装置、存储介质及电子装置。其中,该方法包括:从用户日志文件中提取待检测的用户数据值;从待检测的用户数据值中获取未落入目标数据范围内的第一数据值;确定第一数据值中每个数据值对应的偏离值,其中,偏离值用于指示每个数据值偏离第二数据值的偏离程度,第二数据值为第一数据值中与每个数据值之间的距离满足目标条件的数据值,偏离值越大偏离程度越高;将第一数据值中偏离值高于或者等于目标值的数据值确定为用户数据值中的异常数据值。本发明解决了相关技术中对异常的用户数据值的检测效率较低的技术问题。
The invention discloses a method, device, storage medium and electronic device for abnormal detection of user data value. The method includes: extracting user data values to be detected from a user log file; obtaining first data values that do not fall within the target data range from the user data values to be detected; determining each data value in the first data value The deviation value corresponding to the value, wherein the deviation value is used to indicate the deviation degree of each data value from the second data value, and the second data value is the data whose distance from the first data value and each data value satisfies the target condition The larger the deviation value, the higher the deviation degree; the data value whose deviation value is higher than or equal to the target value in the first data value is determined as an abnormal data value in the user data value. The invention solves the technical problem of low detection efficiency for abnormal user data values in the related art.
Description
Technical Field
The invention relates to the field of computers, in particular to a method and a device for detecting abnormality of a user data value, a storage medium and an electronic device.
Background
In the conventional abnormal detection of the user data value, data is counted in the modes of data spot check, data distribution, data interval distribution and the like, and whether an abnormal value exists is judged by combining operator experience and service meaning. This approach is inefficient in detecting outliers.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a method and a device for detecting the abnormity of a user data value, a storage medium and an electronic device, which are used for at least solving the technical problem of low detection efficiency of the abnormal user data value in the related technology.
According to an aspect of the embodiments of the present invention, there is provided a method for detecting an anomaly of a user data value, including: extracting a user data value to be detected from a user log file; acquiring a first data value which does not fall into a target data range from the user data values to be detected; determining a deviation value corresponding to each of the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of the first data value, the distance between the first data value and each data value meets a target condition, and the larger the deviation value is, the higher the deviation degree is; determining a data value of the first data values for which the deviation value is higher than or equal to a target value as an abnormal data value of the user data values.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for detecting an anomaly of a user data value, including: the extraction module is used for extracting a user data value to be detected from a user log file; the first acquisition module is used for acquiring a first data value which does not fall into a target data range from the user data values to be detected; a first determining module, configured to determine a deviation value corresponding to each of the first data values, where the deviation value is used to indicate a deviation degree of each of the first data values from a second data value, where the second data value is a data value of the first data values whose distance from each of the first data values satisfies a target condition, and the larger the deviation value is, the higher the deviation degree is; a second determining module, configured to determine, as an abnormal data value in the user data values, a data value in the first data values, where the deviation value is higher than or equal to a target value.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium, characterized in that the storage medium stores therein a computer program, wherein the computer program is configured to execute the method described in any one of the above when executed.
According to another aspect of the embodiments of the present invention, there is also provided an electronic apparatus, including a memory and a processor, wherein the memory stores therein a computer program, and the processor is configured to execute the method described in any one of the above through the computer program.
In the embodiment of the invention, a user data value to be detected is extracted from a user log file; acquiring a first data value which does not fall into a target data range from user data values to be detected; determining a deviation value corresponding to each data value in the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of the first data value, the distance between the first data value and each data value meets a target condition, and the larger the deviation value is, the higher the deviation degree is; determining the data values with deviation values higher than or equal to the target value in the first data values as abnormal data values in the user data values, determining the first data values which are not in the target data range in the user data values to be detected and extracted from the user log file as data values with possible abnormality, preliminarily reducing the screening range of the abnormal data values, and then determining the deviation value corresponding to each data value in the first data values, determining a data value having a deviation value higher than or equal to a target value from the first data values as an abnormal data value based on the deviation value, thereby accurately extracting abnormal data values from the user data values, realizing the technical effect of improving the detection efficiency of detecting abnormal user data values, and simultaneously realizing the abnormal detection of mass user data values, and the technical problem of low detection efficiency of abnormal user data values in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of an alternative method of anomaly detection of user data values in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram of an application environment of an alternative method for detecting an anomaly in a user data value according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an application environment of an alternative method for detecting anomalies in user-data values, according to an embodiment of the invention;
FIG. 4 is a schematic diagram of an alternative method of anomaly detection of user data values, according to an alternative embodiment of the present invention;
FIG. 5 is a schematic diagram of an alternative user data value anomaly detection apparatus according to an embodiment of the present invention;
fig. 6 is a first schematic view of an application scenario of an alternative user data value anomaly detection method according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an application scenario of an alternative user data value anomaly detection method according to an embodiment of the present invention; and
FIG. 8 is a schematic diagram of an alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of the embodiments of the present invention, there is provided a method for detecting an anomaly of a user data value, as shown in fig. 1, the method including:
s102, extracting a user data value to be detected from a user log file;
s104, acquiring a first data value which does not fall into a target data range from the user data values to be detected;
s106, determining a deviation value corresponding to each data value in the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of which the distance between the first data value and each data value meets a target condition, and the larger the deviation value is, the higher the deviation degree is;
and S108, determining the data value with the deviation value higher than or equal to the target value in the first data values as an abnormal data value in the user data values.
Alternatively, in this embodiment, the above-mentioned method for detecting an anomaly of a user data value may be applied to a hardware environment formed by the server 202 shown in fig. 2. As shown in fig. 2, the server 202 extracts user data values to be detected from the user log file, obtains first data values that do not fall within a target data range from the user data values to be detected, determines a deviation value corresponding to each of the first data values, and determines a data value, of the first data values, whose deviation value is higher than or equal to a target value as an abnormal data value among the user data values.
Alternatively, in this embodiment, the above-mentioned method for detecting an anomaly of a user data value may be applied to a hardware environment formed by the application server 302, the user log server 304 and the anomaly detection server 306 shown in fig. 3. As shown in fig. 3, the application server 302 reports the collected user data to the log server 304. The log server 304 generates a user log file. The anomaly detection server 306 extracts user data values to be detected from the user log file, acquires first data values that do not fall within a target data range from the user data values to be detected, determines deviation values corresponding to each data value in the first data values, and determines data values of which the deviation values are higher than or equal to the target value in the first data values as anomalous data values in the user data values.
Optionally, in this embodiment, the above-mentioned method for detecting an anomaly of a user data value may be, but is not limited to, applied in a scenario where an anomaly detection is performed on a user data value. The above-mentioned anomaly detection method for user data values can be applied to various types of applications, such as online education applications, instant messaging applications, community space applications, game applications, shopping applications, browser applications, financial applications, multimedia applications, live broadcast applications, and the like. Specifically, the method may be applied to, but not limited to, a scenario in which an anomaly is detected in the game application, or may also be applied to, but not limited to, a scenario in which an anomaly is detected in the instant messaging application, so as to improve detection efficiency of detecting an anomalous user data value. The above is only an example, and this is not limited in this embodiment.
Alternatively, in the present embodiment, the user data value may be, but is not limited to, data of a continuous type variable. For example: user data values may include, but are not limited to: user online time, user participation times, user payment amount, user output consumption, etc.
Optionally, in this embodiment, the target data range may be, but is not limited to, preset, and may also be, but is not limited to, automatically identified according to the user data value to be detected. Such as: and training an artificial intelligence model according to a historical detection result, and automatically identifying a target data range matched with the data value of the user to be detected by the trained model.
Optionally, in this embodiment, the deviation value corresponding to each data value may be, but is not limited to, represented by a Local anomaly Factor (LOF), which determines an Outlier according to a deviation degree (Local deviation degree) of the inspection object from its neighborhood, and further detects an Outlier according to the deviation condition.
Optionally, in this embodiment, the target value may be, but is not limited to, preset, and may also be, but is not limited to, automatically identified according to the user data value to be detected. Such as: and training an artificial intelligence model according to the deviation degree in the historical detection data, and automatically identifying a target value matched with the data value of the user to be detected by the trained model.
In an optional embodiment, taking the example of performing anomaly detection on the online duration within one year of the user, the online duration data values of the user are extracted from the user log file, the first data values obtained from the online duration data values of the user, which are less than 1 hour or greater than 6570 hours, are 0.5 hour corresponding to the user 1, 0.75 hour corresponding to the user 2, … …, 6600 hour corresponding to the user i, 6659 hour corresponding to the user i +1, … …, and 7800 hour corresponding to the user N, respectively, and the deviation value corresponding to each data value in the first data values is determined, for example: the deviation value corresponding to the user 1 is 2, the deviation value corresponding to the user 2 is 4, … …, the deviation value corresponding to the user i is 5.5, the deviation value corresponding to the user i +1 is 2.8, … …, the deviation value corresponding to the user N is 7, and the data value with the deviation value higher than or equal to 4 in the first data value is determined as the abnormal data value in the online duration data values of the user.
Therefore, through the steps, the first data value which is not in the target data range in the user data values to be detected and extracted from the user log file is judged as the data value which is possibly abnormal, the abnormal data value screening range is preliminarily reduced, the deviation value corresponding to each data value in the first data value is determined, the data value of which the deviation value is higher than or equal to the target value is determined as the abnormal data value from the first data value according to the deviation value, and therefore the abnormal data value in the user data values is accurately extracted, the technical effect of improving the detection efficiency of detecting the abnormal user data values is achieved, meanwhile, the abnormal detection of mass user data values is achieved, and the technical problem that the detection efficiency of detecting the abnormal user data values in the related technology is low is solved.
As an optional scheme, obtaining, from the user data values to be detected, a first data value that does not fall within the target data range includes:
s1, determining a target data range according to a first maximum value and a first minimum value in the user data values to be detected;
s2, determining the data value which does not fall into the target data range in the user data values to be detected as a first data value;
s3, a first data value is extracted from the user data values to be detected.
Optionally, in this embodiment, the target data range may be, but is not limited to, determined according to the user data value to be detected. For example: the target data range is determined from a first maximum value and a first minimum value in the user data values.
For example: taking the online time of the game user as an example, if the first maximum value in the acquired online time data of the game user in one year is 7000 hours and the first minimum value is 3 hours, the target data range can be determined according to the first maximum value of 7000 and the first minimum value of 3.
As an optional scheme, determining the target data range according to the maximum value and the minimum value in the user data values to be detected includes:
s1, determining a difference between the first maximum value and the first minimum value;
s2, dividing the difference between the first maximum value and the first minimum value into equal parts of a first number to obtain division points of a second number;
s3, determining the difference value between the second maximum value and the second minimum value in the numerical values corresponding to the second number of dividing points as the sub-distance of the user data value to be detected;
s4, determining a target difference value between the first minimum value and the sub-position distance of the target multiple, and a target sum value between the first maximum value and the sub-position distance of the target multiple;
s5, a difference value falling between the target and the target sum value is determined to fall within the target data range.
Optionally, in this embodiment, the first number may be, but is not limited to, a positive integer greater than or equal to 3. In this embodiment, the first number is 4 as an example.
Alternatively, in the present embodiment, the second number may be, but is not limited to, a positive integer greater than or equal to 2. In this embodiment, the second number is 3 as an example.
Alternatively, in the present embodiment, the target multiple may be, but is not limited to, a positive number. In this embodiment, the target multiple is 1.5.
In an alternative embodiment, a boxplot is made of the user data values. And finding out the data value corresponding to the user outside the inner limit as the user data value corresponding to the user with possible abnormality. Specifically, the user data values are arranged from small to large and divided into four equal parts. The three separation points are sequentially a first quartile (Q1), a second quartile (Q2) and a third quartile (Q3). The inner limits are calculated and are Q1-1.5 IQR and Q3+1.5IQR respectively. Lying between the inner limits are normal data, those lying outside the inner limits (less than Q1-1.5 IQR or greater than Q3+1.5IQR) are likely outliers. Wherein, the box diagram is 1.5 times of the standard accumulated by a great deal of analysis and experience. Has statistical significance and is of reference value.
As an alternative, determining the deviation value corresponding to each of the first data values includes:
s1, determining a third number of data values with the smallest distance between each data value in the first data values as the second data value corresponding to each data value;
s2, determining the reachable distance between each second data value and each data value;
s3, determining local reachable density between each data value and each second data value according to the reachable distance;
and S4, determining a local abnormal factor corresponding to each data value according to the local reachable density, and determining the local abnormal factor as a deviation value corresponding to each data value.
Optionally, in this embodiment, the neighborhood of each data value is found by determining a third number of data values of the first data values having the smallest distance from each data value as the second data value corresponding to each data value. Such as: for data value a of the first data values, 10 data values (data value 1 to data value 10) of the first data values having the smallest distance from the data value a are determined as the second data values corresponding to the data value a, and the 10 data values (data value 1 to data value 10) constitute the neighborhood of the data value a.
Optionally, in this embodiment, the local reachable density between each data value and each second data value in its neighborhood is determined according to the reachable distance between each data value and each second data value in its neighborhood, and then the local anomaly factor corresponding to each data value is determined according to the local reachable density, where the local anomaly factor may represent the deviation value of each data value.
For example: in the above optional embodiment, a neighborhood-based density method (LOF) is performed on users who may be abnormal outside the internal limit, and whether the local abnormality is present is determined by the local abnormality factor LOF, so as to find out an abnormal data value. The specific process is as follows:
and calculating the distance between each user A and the nearest mth user, and recording the distance as m-distance (A). The reachable distance from point p to a is calculated as max (m-distance (a), d (p, a)). Where d (p, A) represents the Euclidean distance of user A from p. For example, as shown in fig. 4, when m is set to 3, the distance from D to a is relatively long, so the reachable distance from D to a may be an euclidean distance therebetween, and C is close to a, so m-distance (a) is taken as the reachable distance therebetween. The local achievable density lrd (q) for user a is calculated as the inverse of the average achievable distance of object a from all points in its k-neighborhood. The formula of the local reachable density lrd (q) corresponding to the user a is as follows:
wherein, | Nk(A) And | represents the reachable distance between k points in the neighborhood.
For each user B in the neighborhoodThe sum of the reachable distances from user a.
And calculating a local abnormal factor LOF, and judging whether the local abnormal factor LOF deviates from the neighborhood or not and is abnormal or not. The formula of the local anomaly factor LOF is as follows:
as an alternative, determining a data value of the first data values whose deviation value is higher than or equal to the target value as an abnormal data value of the user data values includes:
s1, the data value whose local abnormality factor is higher than or equal to 4 is determined as the abnormal data value.
Alternatively, in this embodiment, a data value having a local abnormality factor higher than or equal to 4 is determined as an abnormal data value, and the abnormal data value can be determined more accurately.
As an optional scheme, after determining, as an abnormal data value in the user data values, a data value in the first data values whose deviation value is higher than or equal to the target value, the method further includes:
s1, acquiring a target operation corresponding to the target data type of the user data value to be detected from the data types and operations with the corresponding relation;
and S2, executing target operation on the user corresponding to the abnormal data value.
Optionally, in this embodiment, for the determined abnormal data values, but not limited to, determining subsequent operations performed on the users corresponding to the abnormal data values according to the data types of the user data values. For example: for abnormal data values in the online time data values of the users, the users with the abnormal data values can be monitored to determine whether illegal operations exist or not.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for detecting an abnormality of a user data value, which is used for implementing the method for detecting an abnormality of a user data value, as shown in fig. 5, the apparatus includes:
an extracting module 52, configured to extract a user data value to be detected from the user log file;
a first obtaining module 54, configured to obtain, from the user data values to be detected, a first data value that does not fall within a target data range;
a first determining module 56, configured to determine a deviation value corresponding to each of the first data values, where the deviation value is used to indicate a deviation degree of each of the first data values from a second data value, where the second data value is a data value of the first data values whose distance from each of the first data values meets a target condition, and the larger the deviation value is, the higher the deviation degree is;
a second determining module 58, configured to determine a data value of the first data values whose deviation value is higher than or equal to the target value as an abnormal data value of the user data values.
Alternatively, in this embodiment, the above-mentioned user data value anomaly detection apparatus may be applied in a hardware environment formed by the server 202 shown in fig. 2. As shown in fig. 2, the server 202 extracts user data values to be detected from the user log file, obtains first data values that do not fall within a target data range from the user data values to be detected, determines a deviation value corresponding to each of the first data values, and determines a data value, of the first data values, whose deviation value is higher than or equal to a target value as an abnormal data value among the user data values.
Alternatively, in this embodiment, the above-mentioned user data value anomaly detection apparatus may be applied in a hardware environment formed by the application server 302, the user log server 304 and the anomaly detection server 306 shown in fig. 3. As shown in fig. 3, the application server 302 reports the collected user data to the log server 304. The log server 304 generates a user log file. The anomaly detection server 306 extracts user data values to be detected from the user log file, acquires first data values that do not fall within a target data range from the user data values to be detected, determines deviation values corresponding to each data value in the first data values, and determines data values of which the deviation values are higher than or equal to the target value in the first data values as anomalous data values in the user data values.
Optionally, in this embodiment, the above-mentioned user data value anomaly detection apparatus may be applied, but not limited, to a scenario in which anomaly detection is performed on a user data value. The above-mentioned anomaly detection method for user data values can be applied to various types of applications, such as online education applications, instant messaging applications, community space applications, game applications, shopping applications, browser applications, financial applications, multimedia applications, live broadcast applications, and the like. Specifically, the method may be applied to, but not limited to, a scenario in which an anomaly is detected in the game application, or may also be applied to, but not limited to, a scenario in which an anomaly is detected in the instant messaging application, so as to improve detection efficiency of detecting an anomalous user data value. The above is only an example, and this is not limited in this embodiment.
Alternatively, in the present embodiment, the user data value may be, but is not limited to, data of a continuous type variable. For example: user data values may include, but are not limited to: user online time, user participation times, user payment amount, user output consumption, etc.
Optionally, in this embodiment, the target data range may be, but is not limited to, preset, and may also be, but is not limited to, automatically identified according to the user data value to be detected. Such as: and training an artificial intelligence model according to a historical detection result, and automatically identifying a target data range matched with the data value of the user to be detected by the trained model.
Optionally, in this embodiment, the deviation value corresponding to each data value may be, but is not limited to, represented by a Local anomaly Factor (LOF), which determines an Outlier according to a deviation degree (Local deviation degree) of the inspection object from its neighborhood, and further detects an Outlier according to the deviation condition.
Optionally, in this embodiment, the target value may be, but is not limited to, preset, and may also be, but is not limited to, automatically identified according to the user data value to be detected. Such as: and training an artificial intelligence model according to the deviation degree in the historical detection data, and automatically identifying a target value matched with the data value of the user to be detected by the trained model.
In an optional embodiment, taking the example of performing anomaly detection on the online duration within one year of the user, the online duration data values of the user are extracted from the user log file, the first data values obtained from the online duration data values of the user, which are less than 1 hour or greater than 6570 hours, are 0.5 hour corresponding to the user 1, 0.75 hour corresponding to the user 2, … …, 6600 hour corresponding to the user i, 6659 hour corresponding to the user i +1, … …, and 7800 hour corresponding to the user N, respectively, and the deviation value corresponding to each data value in the first data values is determined, for example: the deviation value corresponding to the user 1 is 2, the deviation value corresponding to the user 2 is 4, … …, the deviation value corresponding to the user i is 5.5, the deviation value corresponding to the user i +1 is 2.8, … …, the deviation value corresponding to the user N is 7, and the data value with the deviation value higher than or equal to 4 in the first data value is determined as the abnormal data value in the online duration data values of the user.
Therefore, through the device, the first data value which is not in the target data range in the user data values to be detected and extracted from the user log file is judged as the data value which is possibly abnormal, the abnormal data value screening range is initially reduced, the deviation value corresponding to each data value in the first data value is determined, the data value of which the deviation value is higher than or equal to the target value is determined as the abnormal data value from the first data value according to the deviation value, and therefore the abnormal data value in the user data values is accurately extracted, the technical effect of improving the detection efficiency of detecting the abnormal user data values is achieved, meanwhile, the abnormal detection of mass user data values is achieved, and the technical problem that the detection efficiency of detecting the abnormal user data values in the related technology is low is solved.
As an optional scheme, the obtaining module includes:
the first determining unit is used for determining a target data range according to a first maximum value and a first minimum value in the user data values to be detected;
the second determining unit is used for determining data values which do not fall into the target data range in the user data values to be detected as the first data values;
an extraction unit for extracting a first data value from the user data values to be detected.
Optionally, in this embodiment, the target data range may be, but is not limited to, determined according to the user data value to be detected. For example: the target data range is determined from a first maximum value and a first minimum value in the user data values.
For example: taking the online time of the game user as an example, if the first maximum value in the acquired online time data of the game user in one year is 7000 hours and the first minimum value is 3 hours, the target data range can be determined according to the first maximum value of 7000 and the first minimum value of 3.
As an alternative, the determining unit includes:
a first determining subunit configured to determine a difference between the first maximum value and the first minimum value;
the dividing subunit is used for dividing the difference value between the first maximum value and the first minimum value into equal parts of a first number to obtain dividing points of a second number;
the second determining subunit is used for determining a difference value between a second maximum value and a second minimum value in numerical values corresponding to the second number of segmentation points as a sub-bit distance of the user data value to be detected;
a third determining subunit, configured to determine a target difference between the first minimum value and the fractional bit distance of the target multiple, and a target sum between the first maximum value and the fractional bit distance of the target multiple;
a fourth determination subunit operable to determine that the difference value falls between the target and the sum value as falling within the target data range.
Optionally, in this embodiment, the first number may be, but is not limited to, a positive integer greater than or equal to 3. In this embodiment, the first number is 4 as an example.
Alternatively, in the present embodiment, the second number may be, but is not limited to, a positive integer greater than or equal to 2. In this embodiment, the second number is 3 as an example.
Alternatively, in the present embodiment, the target multiple may be, but is not limited to, a positive number. In this embodiment, the target multiple is 1.5.
In an alternative embodiment, a boxplot is made of the user data values. And finding out the data value corresponding to the user outside the inner limit as the user data value corresponding to the user with possible abnormality. Specifically, the user data values are arranged from small to large and divided into four equal parts. The three separation points are sequentially a first quartile (Q1), a second quartile (Q2) and a third quartile (Q3). The inner limits are calculated and are Q1-1.5 IQR and Q3+1.5IQR respectively. Lying between the inner limits are normal data, those lying outside the inner limits (less than Q1-1.5 IQR or greater than Q3+1.5IQR) are likely outliers. Wherein, the box diagram is 1.5 times of the standard accumulated by a great deal of analysis and experience. Has statistical significance and is of reference value.
As an alternative, the first determining module includes:
a third determining unit, configured to determine a third number of data values, which are the smallest in distance from each data value, in the first data values as second data values corresponding to each data value;
a fourth determining unit for determining an achievable distance between each second data value and each data value;
a fifth determining unit for determining a local reachable density between each data value and each second data value according to the reachable distance;
and the sixth determining unit is used for determining a local abnormal factor corresponding to each data value according to the local reachable density and determining the local abnormal factor as the deviation value corresponding to each data value.
Optionally, in this embodiment, the neighborhood of each data value is found by determining a third number of data values of the first data values having the smallest distance from each data value as the second data value corresponding to each data value. Such as: for data value a of the first data values, 10 data values (data value 1 to data value 10) of the first data values having the smallest distance from the data value a are determined as the second data values corresponding to the data value a, and the 10 data values (data value 1 to data value 10) constitute the neighborhood of the data value a.
Optionally, in this embodiment, the local reachable density between each data value and each second data value in its neighborhood is determined according to the reachable distance between each data value and each second data value in its neighborhood, and then the local anomaly factor corresponding to each data value is determined according to the local reachable density, where the local anomaly factor may represent the deviation value of each data value.
For example: in the above optional embodiment, a neighborhood-based density method (LOF) is performed on users who may be abnormal outside the internal limit, and whether the local abnormality is present is determined by the local abnormality factor LOF, so as to find out an abnormal data value. The specific process is as follows:
and calculating the distance between each user A and the nearest mth user, and recording the distance as m-distance (A). The reachable distance from point p to a is calculated as max (m-distance (a), d (p, a)). Where d (p, A) represents the Euclidean distance of user A from p. For example, as shown in fig. 4, when m is set to 3, the distance from D to a is relatively long, so the reachable distance from D to a may be an euclidean distance therebetween, and C is close to a, so m-distance (a) is taken as the reachable distance therebetween. The local achievable density lrd (q) for user a is calculated as the inverse of the average achievable distance of object a from all points in its k-neighborhood. The formula of the local reachable density lrd (q) corresponding to the user a is as follows:
wherein, | Nk(A) And | represents the reachable distance between k points in the neighborhood.
Is the sum of the reachable distances between each user B and user a within the neighborhood.
And calculating a local abnormal factor LOF, and judging whether the local abnormal factor LOF deviates from the neighborhood or not and is abnormal or not. The formula of the local anomaly factor LOF is as follows:
as an alternative, the second determining module is configured to:
a data value having a local anomaly factor higher than or equal to 4 is determined as an anomalous data value.
Alternatively, in this embodiment, a data value having a local abnormality factor higher than or equal to 4 is determined as an abnormal data value, and the abnormal data value can be determined more accurately.
As an optional solution, the apparatus further includes:
the second acquisition module is used for acquiring a target operation corresponding to a target data type of the user data value to be detected from the data type and the operation with the corresponding relation;
and the execution module is used for executing target operation on the user corresponding to the abnormal data value.
Optionally, in this embodiment, for the determined abnormal data values, but not limited to, determining subsequent operations performed on the users corresponding to the abnormal data values according to the data types of the user data values. For example: for abnormal data values in the online time data values of the users, the users with the abnormal data values can be monitored to determine whether illegal operations exist or not.
The application environment of the embodiment of the present invention may refer to the application environment in the above embodiments, but is not described herein again. The embodiment of the invention provides an optional specific application example of the connection method for implementing the real-time communication.
As an alternative embodiment, the above-mentioned method for detecting abnormality of user data value may be, but is not limited to, applied in a scenario of detecting abnormality of the augmentation strengthening times index of the user in the game as shown in fig. 6. In this scenario, as shown in fig. 6, user index data is obtained, box line graph judgment is performed on the index data, it is judged that the user index data is within or outside the inner limit of the box line graph, if so, the user is normal, if not, LOF judgment is performed, whether the LOF corresponding to each user index data is large or not is judged, if so, the user is determined to be normal, and if so, the user is determined to be abnormal.
In an alternative embodiment, whether an abnormality exists is analyzed for an augmentation reinforcement times index of the user in the game activity in the last year. And sequencing the amplification and reinforcement times indexes of all users in sequence, drawing a boxplot of the indexes, and dividing the sequenced data into four equal parts. The three division points are Q1-2 respectively; q2 ═ 7; q3 ═ 34. The quartering distance is Q3-Q1-32. The internal limits are Q1-1.5 IQR-46, Q3+1.5 IQR-82, respectively. Data less than-46 and data greater than 82 are both exception data A. And selecting points (k is 10) based on the nearest 10 neighborhoods from the data A by a neighborhood-based density method, calculating a local abnormal factor (LOF), finding out points with the LOF >4, and judging the points as abnormal users. As shown in fig. 7, when the amplification and strengthening times are more than 40 ten thousand, the data is obviously abnormal.
According to still another aspect of the embodiments of the present invention, there is also provided an electronic apparatus for implementing the above-mentioned anomaly detection of user data values, as shown in fig. 8, the electronic apparatus including: one or more processors 802 (only one of which is shown), in which a computer program is stored, a memory 804, in which a sensor 806, an encoder 808 and a transmission device 810 are arranged, wherein the processor is arranged to execute the steps of any of the above-described method embodiments by means of the computer program.
Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, extracting the user data value to be detected from the user log file;
s2, acquiring a first data value which does not fall into the target data range from the user data values to be detected;
s3, determining a deviation value corresponding to each data value in the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of the first data value, the distance between the first data value and each data value meets the target condition, and the larger the deviation value is, the higher the deviation degree is;
s4, determining a data value of the first data values having a deviation value higher than or equal to the target value as an abnormal data value of the user data values.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 8 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 8 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 8, or have a different configuration than shown in FIG. 8.
The memory 802 may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for detecting an anomaly of a user data value in the embodiment of the present invention, and the processor 804 executes various functional applications and data processing by running the software programs and modules stored in the memory 802, that is, implements the control method of the target component described above. The memory 802 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 802 can further include memory located remotely from the processor 804, which can be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmitting device 810 is used for receiving or transmitting data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 810 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 810 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
Wherein the memory 802 is used for storing, inter alia, application programs.
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, extracting the user data value to be detected from the user log file;
s2, acquiring a first data value which does not fall into the target data range from the user data values to be detected;
s3, determining a deviation value corresponding to each data value in the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of the first data value, the distance between the first data value and each data value meets the target condition, and the larger the deviation value is, the higher the deviation degree is;
s4, determining a data value of the first data values having a deviation value higher than or equal to the target value as an abnormal data value of the user data values.
Optionally, the storage medium is further configured to store a computer program for executing the steps included in the method in the foregoing embodiment, which is not described in detail in this embodiment.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A method for detecting an anomaly in a user data value, comprising:
extracting a user data value to be detected from a user log file of the game application; the user data value to be detected is data of a continuous variable;
determining a difference value between a first maximum value and a first minimum value of the user data value to be detected;
dividing the difference value between the first maximum value and the first minimum value into equal parts of a first number to obtain division points of a second number;
determining a difference value between a second maximum value and a second minimum value in the numerical values corresponding to the second number of segmentation points as a sub-bit distance of the user data value to be detected;
determining a target difference between the first minimum value and the fractional distance of a target multiple, and a target sum value between the first maximum value and the fractional distance of the target multiple;
determining that the difference value falls within a target data range;
determining data values which do not fall into the target data range in the user data values to be detected as first data values;
acquiring the first data value from the user data value to be detected;
determining a deviation value corresponding to each of the first data values, wherein the deviation value is used for indicating the deviation degree of each data value from a second data value, the second data value is the data value of the first data value, the distance between the first data value and each data value meets a target condition, and the larger the deviation value is, the higher the deviation degree is;
determining a data value of the first data values for which the deviation value is higher than or equal to a target value as an abnormal data value of the user data values.
2. The method of claim 1, wherein determining the deviation value for each of the first data values comprises:
determining a third number of the first data values having a smallest distance from each of the first data values as the second data value corresponding to each of the first data values;
determining an achievable distance between each of said second data values and said each data value;
determining a local reachable density between each of the data values and each of the second data values according to the reachable distance;
and determining a local abnormal factor corresponding to each data value according to the local reachable density, and determining the local abnormal factor as the deviation value corresponding to each data value.
3. The method of claim 2, wherein determining data values in the first data values for which the deviation value is higher than or equal to a target value as anomalous data values in the user data values comprises:
determining a data value for which the local anomaly factor is higher than or equal to 4 as the anomalous data value.
4. The method of claim 1, wherein after determining data values in the first data values for which the deviation value is higher than or equal to a target value as anomalous data values in the user data values, the method further comprises:
acquiring a target operation corresponding to the target data type of the user data value to be detected from the data types and operations with the corresponding relation;
and executing the target operation on the user corresponding to the abnormal data value.
5. An apparatus for detecting an anomaly in a user data value, comprising:
the extraction module is used for extracting a user data value to be detected from a user log file of the game application; the user data value to be detected is data of a continuous variable;
the first determining unit is used for determining a target data range according to a first maximum value and a first minimum value in the user data values to be detected;
the first determination unit includes:
a first determining subunit configured to determine a difference between the first maximum value and the first minimum value;
the dividing subunit is configured to divide the difference between the first maximum value and the first minimum value into equal parts of a first number, so as to obtain division points of a second number;
a second determining subunit, configured to determine, as the sub-bit distance of the user data value to be detected, a difference between a second maximum value and a second minimum value of the numerical values corresponding to the second number of segmentation points;
a third determining subunit, configured to determine a target difference between the first minimum value and the fractional distance of a target multiple, and a target sum value between the first maximum value and the fractional distance of the target multiple;
a fourth determination subunit operable to determine that the difference value falls between the target difference value and the target sum value as falling within the target data range;
a second determining unit, configured to determine, as the first data value, a data value that does not fall within the target data range in the to-be-detected user data values;
the first acquisition module is used for acquiring the first data value from the user data value to be detected;
a first determining module, configured to determine a deviation value corresponding to each of the first data values, where the deviation value is used to indicate a deviation degree of each of the first data values from a second data value, where the second data value is a data value of the first data values whose distance from each of the first data values satisfies a target condition, and the larger the deviation value is, the higher the deviation degree is;
a second determining module, configured to determine, as an abnormal data value in the user data values, a data value in the first data values, where the deviation value is higher than or equal to a target value.
6. The apparatus of claim 5, wherein the first determining module comprises:
a third determining unit, configured to determine, as the second data value corresponding to each data value, a third number of data values in the first data value, where a distance between each data value is the smallest;
a fourth determining unit for determining an achievable distance between each of the second data values and each of the data values;
a fifth determining unit, configured to determine a local reachable density between each of the data values and each of the second data values according to the reachable distance;
a sixth determining unit, configured to determine, according to the local reachable density, a local anomaly factor corresponding to each data value, and determine the local anomaly factor as the deviation value corresponding to each data value.
7. The apparatus of claim 6, wherein the second determining module is configured to:
determining a data value for which the local anomaly factor is higher than or equal to 4 as the anomalous data value.
8. The apparatus of claim 5, further comprising:
the second acquisition module is used for acquiring the target operation corresponding to the target data type of the user data value to be detected from the data types and operations with the corresponding relation;
and the execution module is used for executing the target operation on the user corresponding to the abnormal data value.
9. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 4 when executed.
10. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 4 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810411145.9A CN108628721B (en) | 2018-05-02 | 2018-05-02 | Abnormality detection method, device, storage medium and electronic device of user data value |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810411145.9A CN108628721B (en) | 2018-05-02 | 2018-05-02 | Abnormality detection method, device, storage medium and electronic device of user data value |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108628721A CN108628721A (en) | 2018-10-09 |
| CN108628721B true CN108628721B (en) | 2021-07-27 |
Family
ID=63695129
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810411145.9A Active CN108628721B (en) | 2018-05-02 | 2018-05-02 | Abnormality detection method, device, storage medium and electronic device of user data value |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108628721B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109304034A (en) * | 2018-10-25 | 2019-02-05 | 珠海市君天电子科技有限公司 | A kind of game cheat detection method and relevant device |
| CN110223102A (en) * | 2019-05-08 | 2019-09-10 | 五八有限公司 | Lead referral method, apparatus, electronic equipment and storage medium |
| CN110491106B (en) * | 2019-07-22 | 2022-03-18 | 深圳壹账通智能科技有限公司 | Data early warning method and device based on knowledge graph and computer equipment |
| CN112532972B (en) * | 2020-11-26 | 2023-10-03 | 北京百度网讯科技有限公司 | Fault detection method and device for live broadcast service, electronic equipment and readable storage medium |
| CN113343056A (en) * | 2021-05-21 | 2021-09-03 | 北京市燃气集团有限责任公司 | Method and device for detecting abnormal gas consumption of user |
| CN118641988B (en) * | 2024-08-14 | 2024-11-08 | 成都赛力斯科技有限公司 | Battery voltage abnormality detection method, device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193824A (en) * | 2016-03-14 | 2017-09-22 | 阿里巴巴集团控股有限公司 | Abnormal deviation data examination method and device |
| CN107733921A (en) * | 2017-11-14 | 2018-02-23 | 深圳中兴网信科技有限公司 | Network flow abnormal detecting method, device, computer equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9672242B2 (en) * | 2012-12-24 | 2017-06-06 | Korea Institute Of Science & Technology Information | System for automatically detecting abnormalities statistical data on usage, method therefor, and apparatus applied to same |
| US10135850B2 (en) * | 2014-11-18 | 2018-11-20 | International Business Machines Corporation | Data resource anomaly detection |
| US10257211B2 (en) * | 2016-05-20 | 2019-04-09 | Informatica Llc | Method, apparatus, and computer-readable medium for detecting anomalous user behavior |
| CN107256237A (en) * | 2017-05-23 | 2017-10-17 | 中国电子科技集团公司第二十八研究所 | The LOF cluster datas abnormal point detecting method and detecting system optimized based on dynamic grid |
-
2018
- 2018-05-02 CN CN201810411145.9A patent/CN108628721B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107193824A (en) * | 2016-03-14 | 2017-09-22 | 阿里巴巴集团控股有限公司 | Abnormal deviation data examination method and device |
| CN107733921A (en) * | 2017-11-14 | 2018-02-23 | 深圳中兴网信科技有限公司 | Network flow abnormal detecting method, device, computer equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 基于密度的局部离群点挖掘及在入侵检测中应用研究;秦浩;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20160715;第I138-750页 * |
| 基于密度的局部离群点检测算法的研究与改进;赵新想;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20140915;第I138-754页 * |
| 异常值检测;sam-X;《https://blog.csdn.net/u010945683/article/details/79639664》;20180321;第1页至第4页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108628721A (en) | 2018-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108628721B (en) | Abnormality detection method, device, storage medium and electronic device of user data value | |
| EP3761187B1 (en) | Method and apparatus for matching multimedia resource, and storage medium and electronic device | |
| CN114722091B (en) | Data processing method, device, storage medium and processor | |
| CN108985954B (en) | Method for establishing association relation of each identifier and related equipment | |
| CN104184763B (en) | A kind of feedback information processing method and system, service equipment | |
| CN111949702B (en) | Method, device and device for identifying abnormal transaction data | |
| CN108345601A (en) | Search result ordering method and device | |
| CN108491714A (en) | The man-machine recognition methods of identifying code | |
| CN109104688A (en) | Generate Wireless Network Access Point Models Using Aggregation Techniques | |
| CN112437034B (en) | False terminal detection method and device, storage medium and electronic device | |
| CN108768753A (en) | Localization method, device, storage medium and the electronic device of alarm source | |
| US20160246896A1 (en) | Methods and systems for identifying target users of content | |
| CN110896488A (en) | A recommended method for a live broadcast room and related equipment | |
| CN112053151B (en) | Behavior determination method and device, storage medium, and electronic device | |
| CN114245185A (en) | Video recommendation method, model training method, device, electronic equipment and medium | |
| CN110300089B (en) | Target account processing method and device, storage medium and electronic device | |
| CN112187710A (en) | Method and device for sensing threat intelligence data, electronic device and storage medium | |
| CN108053247A (en) | A kind of false amount identification model generation method, false amount recognition methods and computing device | |
| CN110929141B (en) | Group mining method, device, equipment and storage medium | |
| CN109726808B (en) | Neural network training method and device, storage medium and electronic device | |
| CN106685749A (en) | Method and device for inspecting network traffic | |
| CN109120955B (en) | Recommendation method for live broadcast room and related equipment | |
| CN112232853A (en) | Conversion rate calculation method and device, storage medium, electronic device | |
| CN109165347B (en) | Data pushing method and device, storage medium and electronic device | |
| CN111382626B (en) | Method, device and equipment for detecting illegal image in video and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |