The invention relates to a software behavior credibility detecting method based on a diagram. A detecting system is divided into five modules including a data preprocessing module, a state diagram training module, a behavior detecting module, a real-time monitoring module and an abnormal warning module, wherein the data preprocessing module is in charge of processing preliminary data; the state diagram training module is used for training a normal behavior base; the behavior detecting module is in charge of detecting behaviors according to the built diagram, and the detection module is divided into two layers, the first layer is used for detecting states and paths, and the second layer is mainly used for detecting weights; the real-time monitoring module dynamically stores detection results in a log mode; and the abnormal warning module warns when the detecting module detects abnormal conditions, and stops running software. A detecting model can monitor software behaviors in real time, and detects behaviors which do not belong to the software, aggressive behaviors and illegal input.