The invention provides a behavior threat analysis method for machine learning automatic behavior analysis. The method comprises the following steps: taking over all program execution pipelines of a system kernel; monitoring a user instruction sequence and sending the user instruction sequence to a user instruction sequence library established through machine learning for comparison; dividing the user instruction sequence into a sequence combination with a shorter length and obtaining a judgment value; and if the behavior information is lower than the threshold value, the system gives an alarm,the behavior information of the process and the kernel is captured in the internal channel of the operating system, and the suspicious degree of the behavior is analyzed in a machine learning mode bycapturing a user instruction sequence, so that advanced persistent threats are detected, the detection efficiency is high, and the behavior condition of an attack on a system level can be comprehensively analyzed.