Fortinet, Inc.
DETECTION AND MITIGATION OF TIME-DELAY BASED NETWORK ATTACKS

Abstract:

Systems and methods are described for mitigation of time-delay based network attacks that seek to avoid detection by email security solutions employing sandboxing. According to one embodiment, a potentially malicious link associated with a communication is received from a computer system by a sandbox device. A link evasion technique, in which a first file to which the potentially malicious link points to at a first time is replaced with a second file on or before a second time, is subverted by the sandbox by evaluating the potentially malicious link at multiple times including generating a first hash value of the contents of the first file, generating a second hash value of the contents of the second file, assigning a threat level to the communication when the hash values differ, and informing the computer system of the threat level assigned to the communication.