Traditional defense methods can only evaluate a single security element and cannot determine the threat of Advanced Persistent Threat (APT) according to multi-source data. This paper proposes a network security situation awareness (NSSA) model to get the network situation under APT attacks based on knowledge graph. Firstly, the vulnerability knowledge graph and APT attack knowledge graph are constructed using public security databases and ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge), and the targeted knowledge graph APT-NSKG is obtained by combining the two using Bidirectional Encoder Representations from Transformers (BERT). Then, according to the Endsley model and the characteristics of APT , the NSSA model for APT is proposed. The model uses APTNSKG to obtain situation elements, and then comprehensively assesses and predicts the network situation from the perspectives of network asset dimension, vulnerability dimension, security dimension and threat dimension. Finally, the effectiveness of the model is verified by the data from the U.S. Cybersecurity and Infrastructure Security Agency.