How to quantify the threat probability of network security risk is an important problem to be solved.The nature of attack and defense against network security can be abstracted as mutual influence of both strategies.Whether the defense strategy adopted by defenders is valid not only depend on their own behavior,but also depend on the strategy of the attacker and the defense system.The decision to implement the attack of an attack is a trade-off between income and the potential consequences.The defender's security strategy depends on understanding of the intent of the attacker.This paper presents the possibility of an offensive and defensive game model to quantify the threat to construct a risk assessment framework.Based on cost-benefit analysis,we define the payoff matrix method developed and analyzed the balance of the model.