Aiming at the problem that the attack chain model for the attack phase is too small to indicate the means of attack, an Advanced Persistent Threat (APT) Hierarchical Attack Representation Model (APT-HARM) was proposed. By summarizing the analysis of a large number of published APT event reports and reference APT attack chain model and HARM, the APT attack was divided into into two layers, the upper layer attack chain and the lower layer attack tree, which were formally defined. Firstly, the APT attack was divided into four stages:reconnaissance, infiltration, operation and exfiltration and the characteristics of each stage were studied. Then, the attack methods in each stage were studied, and the attack tree was composed according to its logical relationship. APT attacks were carried out in stages according to the attack chain, and the attack of each stage was performed in accordance with the attack tree. The case study shows that the model has the advantages of reasonable granularity classification and better attack description compared to the attack chain model. APT-HARM formally defines the APT attack, which provides an idea for the prediction and prevention of APT attacks.