The methods are both based on data mining (DM) technique, and use sequence patterns to represent the normal behavior profile of a program according to the supports or confidences of the patterns in the training data.