Cyber-attacks continue to pose a major threat to computing systems. As shown in FIG. 1, in a typical client-server computing system 100, a client device 102 interacts with a host computer 104 (e.g., a virtual machine, a host computer, etc.). A typical client device 102 is primarily concerned with accessing the application layer 106 of the host computer 104 (e.g., the application the user is attempting to access). The client device 102 typically does not directly interact with the application platform layer 108 or the operating system 110 of the host computer 104. Through the application layer 106, the client device 102 can access data stored in a data storage device 112. The data, for example, may relate to a database presented on the client device 102 via the application layer 106. Unlike the client device 102, an attacker device 114 (e.g., a device operated by a hacker) is not authorized to access the host computer 104. The attacker device 114 can attempt to interact with any of the application layer 106, the application platform layer 108, or the operating system 110 in an attempt to discover and exploit a vulnerability in the host computer 104 to gain access to data in the data storage device 112 or the client device 102.
In the client-server computing system 100, the host computer 104 remains relatively static creating a static environment. The operating system 110 and the application platform 108 code, although regularly updated, can remain in substantially the same form or state for days, weeks, months, or even years at a time between successive updates. Accordingly, the attacker device 114 has the opportunity to try multiple types of attacks on the various layers as long as the host computer 104 is online. For example, the attacker device 114 can continuously attempt to locate a new, unknown vulnerabilities in the software (e.g., the application layer 106, the application platform 108, the operating system 110, etc.) of the host computer 104 through a plurality of attack methods. If a vulnerability is located, the attacker device 114 can exploit the vulnerability to gain access to the host computer 104 and potentially to the client device 102 and the data storage device 112. If the user of the attacker device 114 is dedicated enough, the attacker device 114 can continuously attack the various layers of the host computer 104 until a vulnerability is located. Such static systems are particularly vulnerable to zero-day attacks (e.g., an attack that exploits a previously unidentified vulnerability).