According to the study of host abnormal detection based on system calls under UNIX-like systems, this paper completes the similar research via tracing the sequences of Windows Native APIs (Application Programming Interfaces, APIs) under Windows platform. In the process of abnormal sequence detection, the SVM(Support Vector Machine) method is used for its generalization capability in small-scale dataset and a high accuracy of detection is obtained. The experimental results show that Windows Native APIs are possible data source for the host abnormal detection system under Windows platform.

abnormal detection; support vector machine (SVM); Windows native application programming interface (API)