There is an increasing volume and sophistication of cyber attacks, particularly those aimed at web applications and servers, which deal in high-value traffic. Insecure applications and servers can lead to customer loss, financial loss, damaged reputation and legal conflicts. In an attempt to detect cyber attacks from a group of attackers, for example, a company may use attack signatures. However, attack signatures are reactive in that they only block attacks that trigger an existing signature and, in some instances, after some damage has already been done by the attacker. Moreover, attackers may alter the network traffic such that the attacker's traffic no longer matches the signature, thereby defeating the signature and preventing the security devices from blocking the attack.