In order to improve network security prevention capabilities, the network security situation awareness platform architecture is designed. It elaborates its architecture and functional module design, uses big data technology to store and process heterogeneous log source data, uses data mining and machine learning algorithms to analyze and integrate, and uses visualization technology to present the results to users. Through this platform, a dynamic security monitoring and defense system against unknown network threats can be established to avoid security issues such as data leakage and information system destruction caused by network attacks.