DETECTION AND MITIGATION OF TIME-DELAY BASED NETWORK ATTACKS

摘要

Systems and methods for mitigation of time-delay based network attacks are provided. According to one embodiment, an email directed to a user of an enterprise and containing a potentially malicious link is received by a mail server of the enterprise. At a first time, a file to which the potentially malicious link points is evaluated within a sandbox environment and a first hash value is generated based on contents of the file. At a second time, a file to which the potentially malicious link points is again evaluated, including downloading the file to which the potentially malicious link points to at the second time and generating a second hash value based on contents of the file. When the two hash values differ, then the file is treated by the mail server as a suspicious or high risk file or is caused to be evaluated within the sandbox environment.