Abstract: This paper proposes a network based on attack graph model approach to estimate the possible intrusion. This method first before every successful network intrusion behavior as the change of network state at a time, and on this basis to define the network attack graph, the path of network intrusion, and network attacks, and to predict the likelihood of the attacker next invasion target and chose the path of the invasion of possibility, on the basis of the integration in the known and potential threat of network intrusion factors to build atomic attack library network intrusion, computing system under the network environment the invaders attack pressure and earnings expectations, facing the network invaders attack intend to quantify in decision-making, on the basis of the quantitative results after establishing network may be invaded to estimate risk model, by using the model given network intrusion estimates may be quantitative risk value, effectively completed the estimate of the network may be invaded. Experimental simulation show that based on network attack graph model approach to estimate the possible intrusion has good feasibility and effectiveness, and greatly reduce the amount of untrusted alarm.