The invention relates to a multi-step attack prediction method based on a cause-and-effect Byesian network. First of all, a multi-step attack mode in an attack scene sample is mined by use of a frequent mode, the multi-step attack mode is depicted through a cause-and-effect Byesian network mode, based on this, a probability of future attacks is calculated through attack evidence, and thus next-step attack behaviors of network multi-step attacks and attack intensions of attackers can be predicted. According to the invention, a multi-step attack prediction method of manually constructing a network attack structure graph is optimized, the multi-step attack mode is mined automatically based on a frequent sequence mode, by means of the cause-and-effect Byesian network mode, the attack mode is depicted, network parameters are learnt, next-step attacks and the attack attentions are predicted, the attack prediction capability for unknown changing multi-step attack modes is improved, next-step attack means and a final attack attention of the multi-step attacks can be rapidly and accurately predicted, and the method has great realistic significance for safeguarding network and computer information security.