In recent years, many network users has been the serious impact by the intrusion of the Internet, there are many attack events occur at the present time. On the Internet, the intruders usually launch attacks from the stepping stone that they previously compromised. In this way, the attackers can reduce their risk of directly detected. Even if the network managers detect the invasion that still can't identify the true attack intruders IP location through the observation records. And there are many network attacks using a large amount of stepping stone to launch a joint flooding attack at the same time. The victim computer or Web site will not bear this kind large flood traffic that make the servers cannot work properly to provide normal Internet services. The problem of stepping stone has being caused serious impact on network security. In this study, we use the association rules mining technique to establish an automatically stepping stone detection module. By collect the connecting records in the local network to gather the information of source and destination IP addresses in the same period. The traffic data analyse by association rule algorithms trying to figure out the transmission characteristics of the stepping stone. By identifying the suspicious IP addresses of stepping stone will be helpful for the network security administrators to improve the security of network.