Function template based software behavior analysis method

The invention relates to a function template based software behavior analysis method and belongs to the field of information safety. The method comprises three steps of pretreatment, modeling and detection. Pretreatment comprises inserting a self-defined partition function to achieve software source code marking to obtain marked software source codes and marked software; modeling comprises setting a software source code function transform diagram according to the function calling relation in the marked source codes, and monitoring the called API by running the marked software to obtain a software API minimum function block transfer diagram; detection comprises performing pretreatment and modeling on to-be-tested software source codes to obtain a to-be-tested software source code function transfer diagram and a to-be-tested software API minimum function block transfer diagram, and comparing the to-be-tested software source code function transfer diagram and the to-be-tested software API minimum function block transfer diagram with the software source code function transfer diagram and the software API minimum function block transfer diagram to determine whether to-be-tested software behaviors are abnormal. The method is simple and easy to implement, and the software behaviors can be monitored effectively.