As a key technique to break through the bottleneck of passive defense, network active defense becomes a hotspot in network information security. To solve the blindness problem of hopping mechanism in the course of network defense, we propose a novel active defense mechanism based on network security situation awareness. Firstly, a network security situational awareness method based on scanning flow entropy is designed, which enhances the targeted defense by discriminating the adversary scanning strategy. Based on this, an active defense mechanism based on endpoint information transformation is proposed. It can increase the difficulty and the cost of attacks by randomly changing network topology dynamically through transforming endpoint information. Theoretical and experimental analyses show that the proposed active defense technique can be employed efficiently under different scanning strategies.