Analyzing attack graphs can provide network security hardening strategies for administrators. Concerning the problems of high time complexity and costly hardening strategies in previous methods, a method for generating low cost network security hardening strategies is proposed based on attack graphs. The authors' method assesses risks of attack paths according to path length and the common vulnerability scoring system, limits search scope with a threshold to reduce the time complexity, and lowers cost of hardening strategies by using a heuristic algorithm. The experimental results show that the authors' method has good scalability, and significantly reduces cost of network security hardening strategies with reasonable running time.