The invention discloses a security analysis framework based on network traffic meta data. The framework comprises a data layer, an analysis layer, a supporting layer and a displaying layer; the meta data of users, application, location, operation and time relevant to network traffic are acquired, compressed and stored, by means of the key technology, core algorithm, assistant resource and model database of the supporting layer, the secure analysis and displaying of the network meta data are implemented. According to the framework, the network traffic is acquired, the traffic meta data are extracted, the suspected malicious attacks existing in the network traffic are detected by the big data technology, the accuracy of malicious attack detection can be improved, the emergency responding time can be prolonged, and the security of the IT environment is guaranteed effectively; the theoretical basis and guidance are provided for deep security analysis of the network big data, and the significant value can be brought to malicious unknown attack detection, attack tracing and forensic analysis, network security situation awareness and other aspects.