With each passing day, cyber-attacks are becoming increasingly sophisticated. A large number of attacks are targeted to exploit specific vulnerabilities in specific applications. These attacks are not discernible at the network layer because they do not trigger network activity that appears to be overtly malicious. In order to deal with these targeted attacks, many vendors have deployed products, such as next generation firewalls which attempt to trace the behavior of the application or sandboxing technologies which attempt to run suspicious code in a sandbox and wait for the suspicious code to perform malicious activity. However, in these scenarios, malware simply adapts its behavior slightly or waits for a longer period of time to carry out its malicious intent. These changes in behavior hamper these products' ability to recognize the behavior of the attack and therefore their ability to detect the malware is greatly diminished.