The invention discloses a network security threat tracing method for an electric power monitoring system. The method comprises the following steps: establishing an event occurrence tree for an alarm event according to log information of the electric power monitoring system; splitting the event occurrence tree to obtain an event occurrence chain; calculating an event occurrence chain threat value;judging whether the event is a dangerous event or not according to the event occurrence chain threat value; and if the event is judged to be a dangerous event, performing visual display according to an event occurrence chain to obtain an attack graph, thereby realizing network security threat tracing. According to the invention, a network event attacker is searched in a mode of establishing an event occurrence chain in the power monitoring system, the position of an attack source is rapidly positioned, and tracing of network security threats of the power monitoring system is realized.