The invention discloses a multi-step attack tracing method and system, a terminal and a readable storage medium. The tracing method comprises the following steps: formatting a log, extracting event features from the log, establishing a feature relationship, and constructing an event relationship graph according to the feature relationship; weighting the event relation graph through the weight vector to obtain a weighted relation graph; transmitting the weighted relation graph to a community detection module, performing relation division on the weighted relation graph through a community discovery algorithm, and discovering an attack community; after the community is found, based on the obtained attack community, according to the event logic relationship, establishing a sequence, and constructing an attack process. The invention also provides a system, a terminal and a readable storage medium for realizing the method, the problem of state explosion caused by relationship connection canbe solved by utilizing multiple log association analysis, the attack process of multi-step attack can be effectively analyzed, and the method can be used for multi-log-based attack analysis in varioussystems.