Abstract Most of people in the world make use of the computer to communicate with other through rapid networking . Modern computer systems are plagued by security vulnerability. Whether it is the latest UNIX buffer overflow or bug in Microsoft Internet Explorer,our application and operating system are full of security flaws on many levels. We can incrementally improve secutity through the use of tools such as Intrusion Detection System(IDS).The IDS approach to secutity is based on the assumption that a system will not be secure,but that violations of security policy can be detected by monitoring and analying system behavior In this article,we will collect the log files from any program monitored by monitor module, filtering and comparing the commonly used API,observing the parameter called by the API Finally,We get some mean values and verify these values by statistics to see whether it can be available to be a justice standard base or not.