To be sure, that a program behaves correctly at runtime; the behavior of the program should be verified. Where the program source code is available, it is possible to extract the operational logic (i.e., behavior) of the program. But in this paper, programs are considered as black boxes, so no information is available about the operational logic of programs. However, some efforts are spent to learn inductively the operational logic of programs by executing them successfully (i.e., correctly) for many (i.e., > 1000) times and logging their system calls implicitly. Therefore, in the first phase, few mechanisms are developed to discover inductively the loops and branching points of a program using its log system calls. Then, the operational logic of the program is constructed in system call level abstraction by applying a novel method. In the second phase, any deviation of the program execution (in system call level abstraction) from its operational logic (in system call level abstraction) is detected, just like white box approaches. Two major applications for the proposed approach are suggested: (1) to make critical programs somehow, detect their misuses (i.e., buffer overflow attack) by themselves, and (2) to protect programs against their runtime faults. The effectiveness of the proposed approach is demonstrated by some experiments.