With each passing day, cyber-attacks are becoming increasingly sophisticated. Attacks are targeted to exploit specific vulnerabilities in specific applications. The cause and effects of such attacks are not discernible at the network layer because they do not trigger network activity that appears to be overtly malicious. Applications executed on enterprise systems are preferred targets for attackers since highly valuable information, such as credit card numbers, customer social security numbers, and other personally identifiable information, are accessible from these applications. In order to deal with these targeted attacks, many vendors have deployed cyber security products, such as next generation firewalls which attempt to learn the behavior of the user, or sandboxing technologies which attempt to run what appears to be suspicious code in a sandbox and waits for such suspicious code to perform malicious activities. In these scenarios, malware often adapts its behavior, such as waiting for a longer period of time to carry out its malicious intent. Since these products must give up attempting to detect the behavior at some point and deliver user traffic to the intended recipient, the attacks simply wait out this time of detection. These changes in behavior hamper the deployed cyber security products' ability to recognize the behavior of the attack and, therefore, their ability to detect the presence of malware is greatly diminished.