According to the lack of the transition from qualitative risks to quantitative risks in the current cyber security risk assessment system, this paper proposed an intruder and asset risk assessment method based on multi-dimensional features. From the aspect of the intruder, this paper designed three dimensions to evaluate each intruder, and obtained the top-threat intruders. From the aspect of assets, this paper designed the dynamic scoring of threat dimensions and vulnerability dimensions. Combining the identification and value assignment of assets, we obtained the top-risk assets. The results of this paper can be used to display the current top-risk intruders and risked systems to security analysts, to maximize the existing defense countermeasure. The result is of theory significance and practical meanings.