Abstract: Although network security situation (NSS) becomes a hot topic, the investigation on situation awareness (SA) still lacks an approbatory standard. Based on Endsley's research, the paper presents a scalable NSS model, and improves situation extraction (SE) to fit the network environment. The proposed model utilizes knowledge bases to standardize the situation acquisition and model the situation as an entity. The incident frequency, incident time, and space information are contained in the model, and the situation acquisition is simplified. Finally, the simulation results prove the model's feasibility and efficiency.