Abstract: In order to correlate and analyze multi-source security events, this paper has proposed a security event correlation analysis method which is based on Environment Awareness Dempster-Shafer evidence theory (EA-DS). The method combined various security sensor data in the network environment for evidence fusion, computed threat state confidence of network service, and detected high threat state of the service rapidly. Extensive experiments show that EA-DS has good ability to find high risk threat in the real network environment.