Fuente: Wipo "BigData" The invention provides a user behavior analysis method based on a big data platform audit log, which comprises the following steps of collecting logs, preprocessing, obtaining the frequent item sets and establishing association rules. The method of the invention carries out the data mining based on user behavior from big data platform audit log, which is more accurate than traditional keyword-based filtering, and reduces false positives and false negatives of security events, is an automatic and fast user behavior analysis method, does not require human intervention and is suitable for automatic analysis of massive logs on big data platform. The method can be used for background processing of safe operation and maintenance management on big data platform. The behavior pattern obtained by the method can be used for pre-warning, in-event analysis and post-event traceability of security events, so as to give full play to the efficacy of logs and improve the level of security management.