Secure intialization for detecting intrusions is disclosed. The secure
initialization includes receiving a behavior profile associated with an
application and reading the behavior profile associated with the
application. The secure initialization further includes monitoring
execution of the application, according to the behavior profile. If the
behavior of the application does not conform to the behavior profile, a
message is issued indicating that the application is not conforming to
the behavior profile. The behavior profile can be generated by a
developer of the intrusion detection system, a developer of the
application, and/or a third party developer. Additionally, the behavior
profile is generated by executing the system on a reference computer
system or by heuristic determination.