Cyber-attacks are often made up of multiple steps, not just one action. Attack patterns are limited, so researchers developed an algorithm to connect these steps and create attack scenarios. This algorithm uses a knowledge base to match alerts to attack models and evaluates the severity of the attack. By analyzing real-time data, the model can detect and update attack scenarios. Tests on a dataset showed the algorithm works effectively.