Abstract: A model of network security risk assessment system both with a quantitative evaluation theory are presented in this paper.And each relevant index,such as asset,vulnerability,threat and risk,is built up with a quantitative measurement.Design and mechanism of each module of this system are specified in this article.This model can detect unknown threats by using intrusion detection technology based on immunity in threat evaluation module.And the efficiency and the extendibility of vulnerability evaluation module are ensured by using the plug-in technology.At the end,the experiment shows that the quantitative model of risk assessment is effective approach to the evaluate network security state.