Many existing academic researches and empirical studies show that, network attacking is composite by multiple steps of attacks. The attacker should consider and combine multiple various attacking skills and do stepwise attacking to approach the objective. On the other hand, the defender must take care of many possible attacked paths simultancely to defense the system. However, this multiple aspects situation is difficult to approach since the real case of network environment is complex and changeable and the integrated complexity of multiple aspects situation is more complex than usually limitation of study. Besides, the feature of multi-stage and complex of attacking behavior make it difficult to handle. It results that how to combine attack stage correctly becomes a key factor of successful attack. We propose a game-theory based model to describe this complex situation. The procedure of network attack is described by state transfer graphs first. It is then transferred to a data form which the game-theory can handle. The executed strategies and procedure of both attacker and defender are then evaluated by the game theory. The calculated result plays a role of basis of decision-making. Two examples are show to explain its method and performance. The simpler one show the fitness of applying game theory to attack model. It also shows the reasonable result of computing model.