Aiming at the problem of low-level intelligence and low utilization of audit logs of the security audit system, a secure audit system based on association rule mining was proposed. The proposed system was able to take full advantage of the existing audit logs and establish the behavior pattern database of users and the system with data mining technique. The abnormal situation was discovered in a timely manner and the security of computer system was improved. An improved E-Apriori algorithm was proposed which could narrow the scanning range of the set of transactions, lower the time complexity, and refine the operating efficiency. The experimental results indicate that the lift of recognition capability to identify the type of attack can reach 10% in the secure audit system based on association rule mining, the proposed E-Apriori algorithm clearly outperforms the traditional Apriori algorithm and FP-GROWTH algorithm, and the maximum increase can reach 51% especially in the large sparse datasets.