The alert correlation approach based causal relationship has the problems that it cannot be able to process massive alerts in time and the attack scenario graphs split. In order to solve the problem, a novel real-time alert correlation approach based on Attack Planning Graph (APG) was proposed. Firstly, the definition of APG and Attack Planning Tree (APT) were presented. The real-time alert correlation algorithm based on APG was proposed by creating APG model on basis of priori knowledge to reconstruct attack scenario. And then, the attack scenario was completed and the attack was predicted by applying alert inference mechanism. The experimental results show that, the proposed approach is effective in processing massive alerts and rebuilding attack scenarios with better performance in terms of real-time. The proposed approach can be applied to analyze intrusion attack intention and guide intrusion responses.