公开(公告)号：US20210109864A1

公开(公告)日：2021-04-15

申请号：US17128751

申请日：2020-12-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jinfeng Yuan ,  Jia Chen

IPC: G06F12/1009 ,  G06F12/1045 ,  G06F12/14 ,  G06F13/16

Abstract: A method for monitoring memory access behavior of a sample process is provided. A processing unit of a computer device determines a page table of the sample process based on a page directory base address of the sample process, where each entry of the page table includes first information, the first information indicates whether the entry has been assigned a guest physical address, the entry that has been assigned the guest physical address includes second information that is used to indicate an access permission of the assigned guest physical address; determines a target entry from the page table, the target entry has been assigned a guest physical address, and an access permission is execution allowed; determines a target host physical address corresponding to the target guest physical address that is assigned to the target entry; and monitors behavior of accessing memory space indicated by the target host physical address.

公开(公告)号：US20180129804A1

公开(公告)日：2018-05-10

申请号：US15866236

申请日：2018-01-09

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jia Chen

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/128 ,  G06F21/563 ,  G06F21/566 ,  H04L63/1483

Abstract: A threat detection method and apparatus, and a network system are disclosed. The threat detection apparatus obtains page code of a first display page group identified by the URL and an overall size occupied by the first display page group in a display area of the browser when loading a URL in a browser of a Web sandbox; inject preset dynamic code into the page code of the first display page group; parses and executes the page code that includes the preset dynamic code; sends a request message when a value of a display variable is greater than or equal to a preset value, to request to obtain page code of a second display page group; receives a response message that carries the page code of the second display page group; and detects in the Web sandbox, whether the page code of the second display page group carries attack code.