Visualization of network security threats, deep integration of network status, and attack patterns, combine the security situational awareness and visualization technology, can realize the visualization representation of the global network under the trusted state. The technologies of network threat visualization still have the problem of limited representation ability of traditional data models, and the low availability of state feature redundancy and dispersion. In this study, dynamic threat data model and visual perception are proposed, which combines the ontology theory and the situation evolution. Unified attack behavior model with three solid states can help improve the problem of unclear description of network security characteristics. By designing deep content detection based on ontology features, the tight relationship characteristics set reduces the redundancy of security features. The refined network threat data will pass through the situation ladder to achieve the smooth gradient of the graphical representation of the attack behavior. The tests on Zunyi Power Supply Bureau of Guizhou Province verify the proposed method to improve the network security threat monitoring error by 4%.