Abstract: The defender needs to predict, detect and understand attacks, and makes good decisions about defense strategies. Because the target of attackers and defenders is oppositional and their strategies are interdependent, the selection of optimal defense strategy is a complex issue. In this paper, the issue of optimal defense strategy selection is defined and formalized. A new attack-defense stochastic game model is proposed to describe the offensive and defensive conflict of attackers and defenders in network security and address the issue of optimal defense strategy selection. The model is a dynamic multi-player and multi-state model which is expanded by normal attack-defense game and Markov decision process. By viewing privilege state in node of attacker as elements in attack-defense stochastic game, we can model the dynamic transition of attack and defense state and compute the probabilities of attacker and defender behavior. This paper analyzes the cost factors related to attack and defense and provides a cost-benefit analysis method that helps defender evaluate and select defense strategies. An algorithm for defense strategy selection based on those models is proposed. A representative network example is provided to illustrate our models and demonstrate the efficacy of our models in the prediction of attack behaviors and decision of optimal defense strategies.