Abstract: The dynamic creditability evaluation of software has become a hot issue in the information security field. In order to improve the accuracy of evaluation, a creditability evaluation model based on software behavior trace (CEMSBT) is demonstrated in this paper. We introduce software behavior trace (SBT) to describe the software behavior. Given that the operational process and background of running software are key factors in creditability evaluation, SBT consists of operation trace and function trace. Operation trace is the operation sequences of the running software, which can be denoted by ordered check point vectors; function trace is depicted by a series of scenes which have the ability of characterizing the software functions. With the purpose of reducing the time and space overheads of creditability evaluation, we give reduction rules of SBT. Our model applies identification evaluation rule and scene evaluation rules to check the practical behavior of software. The branch point brings software some randomness which can be used by intruders, so it is necessary to judge which branch will be run next. We propose the scene similarity method to determine the direction of the branch, which can reduce the false negatives. The simulation results indicate the accuracy and efficiency of CEMSBT.