(In order to evaluate the network security risks in real time, a Hidden Markov Model is built to describe the security status of the host. The alarm information of the intrusion/intrusion detection system is used as the model input to calculate the probability of the host being attacked. For attack alarm, a new attack success probability calculation method is proposed, and then the risk index of the host node/point is calculated according to the attack threat degree. Finally, the network risk is quantified by using the host node/point importance weight and the node/point risk index. The example analysis shows that this method can dynamically create the network security risk situation curve, which is beneficial to guide the security administrator to adjust the security policy in time.)