In recent years, internet is an indispensable business resource. The security of network becomes a very important issue. Despite years of experience and experimentation, these firewall protection mechanisms are far from ideal. Due to the rapid changes of network environment, firewall policy rules must be regularly revised for maintaining system function and impring efficiency. Application of data mining techniques to analyze firewall logs can assist companies analyze the merits of the firewall policy table. Enterprise administrators are able to adjust the firewall device rules to enhance operational efficiency. This paper use a corporate firewall logging data to detect frequent characteristic rules through a network of association rules, such as identifying the frequently accessed destination address or blocked ip address. And joining, adjusting or removing rules by using Emerging Patterns, Added Patterns and Perished Patterns of Change mining methods to investigate association rules from two different period of time. Comparing with prior studies, using a analyzed enterprise firewall logging data can help administrators to find much more critical association rules, improve the firewall device efficiency. Compare to asscocitation rules analysis, the results of this study show that combing adjusted rule table through Change mining will effectively reducing the burdens on business administrator. Besides, integrated firewall policy rules can identify some specific unusal accesses of destination address, what’s more to find out the abnormal internal network source address.