In　this　paper,　we　propose　a　new　trusted　modeling　approach　based　on　state　graphs.　We　introduce　a　novel　method　of　deriving　state-layer　from　a　system　call　sequence　in　terms　of　probability　and　statistics　theory,　and　we　identify　the　state　sequence　with　the　help　of　Hidden　Markov　Model　(HMM).　We　generate　state　transition　graph　according　to　software　executing　process　and　pruning　rules.　Then,　we　separate　local　function　graphs　according　to　software　specific　functions　by　semantic　analysis.　The　state-layer　is　a　bridge　between　the　basic　behaviors　and　the　upper　layer　functions　of　software　to　compensate　semantic　faults.　In　addition,　a　pruning　strategy　of　formulating　state　graphs　is　designed　to　precisely　describe　each　piece　of　software　functions.　Finally,　a　detecting　system　based　on　our　model　is　proposed,　and　a　case　study　of　RSS　software　reveals　how　our　system　works.　The　results　demonstrate　that　our　trusted　model　describes　software　behaviors　successfully　and　can　well　detect　un-trust　behaviors,　anomaly　behaviors,　and　illegal　input　behaviors.