Abstract: In order to solve the shortcomings that traditional network security risk assessment can not evaluate the network security risk effectively and dynamically, according to the characteristics of network security, the network security risk assessment method combined with attack graph and  hidden Markov model was proposed. The attack graph generated the network attack path,the attack threat level was quantified from the aspects of complexity and defense ability, the attack success rate of the attack path was calculated using a hidden Markov model, the network security risk value was determined with the importance of network assets. The research example showed that the method can improve the accuracy of network security risk assessment, analyze effectively the network security situation, and has higher practicability