Abstract: According to the problems of current intrusion detection methods, a new static detection approach towards software behavior trustworthiness was presented. Firstly, software behavior trustworthiness was discussed and defined formally, and was then described with instruction sequences. Secondly, a detection approach and its process were presented. Malicious behavior knowledge obtained through data mining on malware was organized as trustworthiness policy and used to detect and judge unknown software. Thirdly, the approach was implemented and verified by some behavior patterns on chosen samples. The experimental results show that the approach can detect malicious behavior in unknown software with a high success rate.