Abstract: More and more advanced persistent threats have led to many incidents of leakage of key information from high-value targets. Existing cyber defense frameworks and data fusion models cannot cope with such threats, because these models lack the means for multi-stage attacks with uncertain and conflicting information. Therefore, Markov related theories were used to optimize the transferable belief model to solve the multi-stage problem of network attacks and obtain previously uncertain network situational awareness. A new combination rule was adopted in the optimized model to provide a new method for cross-stage hypothesis evaluation and evidence combination. Experiments show that the proposed optimization model has good performance in the judgment and early warning of advanced persistent threats.