With each passing day, cyber-attacks are becoming increasingly sophisticated. Attacks are targeted to exploit specific vulnerabilities in specific applications. The cause and effects of such attacks are not discernible at the network layer because these attacks extend beyond the most simplistic attacks and do not trigger network activity that can be construed as overtly malicious. Enterprise databases are preferred targets for attackers since highly valuable information, such as credit card numbers, customer social security numbers, health records, other personally identifiable information, detailed customer lists, design plans, source code, and other intellectual property resides in these databases. In order to deal with these targeted attacks, many vendors have deployed cyber security products, such as next generation firewalls and web facing application firewalls which attempt to tie user access and behavior to markers in the application, or sandboxing technologies which attempt to run what the vendors consider to be suspicious code, in a sandbox and wait for such code to perform observable malicious activities. To cope with such detection mechanisms, malware often adapts its behavior, such as waiting for the detection engine to give up looking before the malware unleashes its malicious intent. These changes in behavior hamper the contemporary cyber security solution's ability to recognize the behavior of the attack and, therefore, their ability to detect the presence of malware in a timely fashion.