Host violation is a such behaviour that it either breaks the security of the host and its information system or reveals the important information on the host.In this paper,a host violation checking method is proposed,which discriminates the underlying probability of single evidence resource aiming at the evidence information of each violation of host independently,and then fuses them based on D-S evidence theory,and attains violation coefficient of the host behaviour according to calculation,that will be considered as the discrimination basis for violation checking.Experiments indicate that by using this method,the application demand in host violation checking is able to be met with lower false alarm rate and missing rate.