Abstract: Host-based Intrusion Detection System (IDS) are based on comparing the system call trace of a process against a set of k-grams. A simple extension to self-based IDS incorporates system call arguments and process privileges either to reduce or make Mimicry attacks more difficult. To avoid increasing the false positives supplied, specifications has to be used to abstract the system call arguments and process credentials. The specification takes into account what objects in the system that can be sensitive to potential attacks.