Abstract: Cyber situation awareness is one of the foundations to achieve command and control in cyberspace, which aims to identify the attack behaviors appearing in cyberspace from partial, trivial and distributed information. It can provide high level situation knowledge for commanders and assist them to make reasonable decisions. In order to solve the problem of attack scenario awareness and inference, a cyber-attack scenario awareness and inference technology based on probability transition is proposed in this paper. Firstly, the alert stream is clustered based on the sliding window. Then after analyzing the cluster sets, various attack scenarios appearing in cyberspace are inferred and generated. We use the Markov chain model to represent attack scenarios, the cyber-attack situation can be presented to commanders directly in this way. Finally, we test and assess the approaches proposed in this paper based on the botnet of Zeus, and the experimental results show that the approaches are feasible and advanced.