The network security testbed mapping problem was formally defined and a new mapping heuristics based on K -partition was presented. The insight of the heuristic is that the tightly connected nodes of the logic topology should be mapped in the same switch in order to save more network resources. This novel mapping determines the initial state by greedy method, and moves nodes according to the defined cost function. The iteration partition of subgraph is in progress until that the number of subgraph nodes is not more than the port capacity of the physical switch. The problem that the result is influenced by the random initial partition in K-L partition is resolved by the K -partition mapping heuristics. The experiment result shows that the runtime is far less than the genetic algorithm, and the proposed algorithm can find near-optimal solutions in shorter period.