In NIDS development, many methods were devised for detecting intrusion from network packet information. However most of NIDS events are false positive. Thus events are new burden for managing NIDS effciently. And priority of event doesn’t change after reforming vulnerability. The priority of the past events equals to that of the present events after correcting the vulnerability. The priority of event should be changed according to degree of correcting. We propose new priority calculating model in NIDS. The objective of this model is to reduce false positive and set priority of event dynamically. This model is using the information about attacker, that is, intention and knowledge of attacker. Basic events like scanning are stored to discriminate an attacker with intension. The attack ratio with respect to total requests is managed f or finding attacker’s intension. And recently announced attacks are classified a s higher priority than the older ones for judging knowledge of attacker. To reduce false positive, vulnerabilities of system are managed to separate false positive from events. By using this information, this model calculates priority of events.