Abstract: A model is developed fusing all network security information together for analyzing and predicting security events to meet the requirements of network security management. The model can verify, aggregate and correlate with the network security information that comes mainly from IDSes, with the rest from various security devices and the log systems of key hosts. The model can also evaluate the security status of the target network according to network security mission, and analyze the key threat to the network. Besides, it can predict possible security event in future according to a certain attack scenario and realize the latent threat as soon as possible, which means winning valuable time for effective response.