Security incidents occur frequently in the network environment, and the situation of network and information security is very severe. Many countries have gradually deployed network security protection from the aspects of national strategy, organization and infrastructure construction. The traditional network defense system mainly includes security detection tools such as firewall, intrusion detection system, security evaluation system and anti-virus software. Its disadvantage is that only known intrusion attacks can be detected, but unknown attacks cannot be detected. In this regard, this paper further explores the active defense of cloud platform network attacks based on K-means algorithm, and constructs a defense model in this paper. By recording the attacker's actions through K-means algorithm, it is convenient to analyze all the information when his actions occur, find out the existing loopholes, and then grasp the attacker's intentions to realize defense and deployment. In order to promote the initiative and enthusiasm of network environment attack defense, and promote the comprehensive improvement of network environment security defense capability.