This study focuses on the problem of attack quantification in distribution automation systems (DASs) and proposes a quantitative model of attacks based on the common vulnerability scoring system (CVSS) and attack trees (ATs) to conduct a quantitative and systematic evaluation of attacks on a DAS. In the DAS security architecture, AT nodes are traversed and used to represent the attack path. The CVSS is used to quantify the attack sequence, which is the leaf node in an AT. This paper proposes a method to calculate each attack path probability and find the maximum attack path probability in DASs based on attacker behavior. The AT model is suitable for DAS hierarchical features in architecture. The experimental results show that the proposed model can reduce the influence of subjective factors on attack quantification, improve the probability of predicting attacks on the DASs, generate attack paths, better identify attack characteristics, and determine the attack path and quantification probability. The quantitative results of the model's evaluation can find the most vulnerable component of a DAS and provide an important reference for developing targeted defensive measures in DASs. these attack quantification results can also provide an important reference for security technicians to implement the DAS defense system.Quantification of the probability of an attack on a DAS directly affects the in-depth analysis of the system's security. Wang et al. [9] proposed a multilevel analysis and modeling method for a power system's communication network. Their case study showed that this method can be used to evaluate the static and dynamic relationships among power networks. Kateb et al. [10] developed an optimal structure tree method for risk assessment in a wide-area power system that can minimize the spread of network attacks. The authors in [9,10] provided a well-optimized evaluation of a specific power network. However, these evaluation neither reflected the attacker's behavior in terms of quantification of the probability of an attack nor provided suggestions for the protection of specific parts of the power system. The authors in [11] and the authors in [12] presented an attack assessment framework based on Bayes attributes-a stochastic game model and a fast modeling method for input data, respectively-which included network connection relationship and vulnerability information. However, the proposed methods were found to be inefficient when applied in DASs due to DAS architecture complexity and expansibility, and they could not generate attack path. The authors in [13] proposed a method for modeling network attacks with a multilevel-layered attack tree (MLL-AT), presented a description language based on the MLL-AT for attacks, and quantified the leaf nodes. This attack tree (AT) was found to be able to accurately model the attacks, especially multilevel network attacks, and can be used to assess system risks. However, the research is mainly based on cyberattacks, and there is no physical attacks involved. Besides, th...