Abstract: In recent years, advanced persistent threat (APT) has become one of the most important factors threatening cyber security. However, due to the complicated attacking method and strong conceal ability of APT, it is very hard to predict APT using the common boundary protection technique based on feature matching. To solve the problem of APT attack detection and defense, we propose an APT attacks prediction method based on tree structure. An APT exfiltration model of an attack target combing the kill chain model with stage characteristics is first constructed. And then the correlation analysis of massive logs is conducted to formulate attack events context, and the credibility ratio and DS evidence theory are introduced to determine true attack events. Finally, all possible attack paths are calculated. Experimental results show that our proposed method can predict APT attacks, and it can obtain good scalability and practicability.