Security analysis and evaluation for security protocols are very important, yet it is usually hard to carry out. Almost all the existing research work concentrates on analyzing certain security properties of protocols on the open network environment, such as secrecy and authentication. To evaluate security protocols on capabilities of defending attacks more comprehensively, the classification of intruders' abilities is studied, and a new taxonomy of attacks on security protocols based on both intruders' capabilities and attack consequences is also presented. With the classification, the corresponding characteristics and mechanisms of every attack type are analyzed. Finally, a security evaluation framework for security protocols based on the 2-dimensions taxonomy is discussed, which helps to objectively evaluate capabilities of preventing attacks on security protocols and also helps to design new security protocols.