As a model-based vulnerability analysis technology, attack graphs can identify network vulnerabilities and their interactions; they can also reveal all possible attack paths and potential threats. Based on the attack graphs, alert correlation graphs are proposed in the paper. An alert correlation graph maps real-time IDS alerts into attack paths using prior knowledge encoded in attack graph, and reveals attack progresses and attackers’ intention dynamically. A novel quantitative network vulnerability assessment method is presented based on the alert correlation graph, which analyzes network vulnerabilities by dynamically computing the weight of alert correlation edges. The research also demonstrates, by examples, that the proposed method combines static prior knowledge about network vulnerabilities with dynamic attackers’ intentions, and reveals the change of network vulnerability under real-time attacks.