Which evasion technique complicates packet reassembly for an IDS by pausing between sending parts of an attack to hope the IDS times out before the target computer responds?

Timing-based evasion hinges on exploiting how an IDS reassembles fragmented traffic. IDSs typically gather the fragments and wait for a complete sequence within a certain time window to inspect the payload. By pausing between sending parts of the attack, you increase the chance that the IDS times out before all fragments arrive or before reassembly completes. When that timeout occurs, the IDS may discard incomplete data, allowing parts of the attack to slip through uninspected while the target system proceeds with normal processing. This approach is different from simply sending fragments out of order or fragmenting packets to confuse reassembly, which focus on disrupting the reassembly process itself rather than leveraging the IDS’s timing window. Encrypting the payload hides content from inspection but does not specifically exploit IDS reassembly timeouts.