摘要 |
A method and device for detecting the botnets are provided. The method involves that: acquiring a data message in a network, performing security analysis on the executable program in the data message, and determining the dangerous executable program to be a malicious resource; monitoring whether the malicious resource has an access requirement; if yes, determining the host sending out the access requirement as a bot. The technical proposal determines the host sending out the access requirement as the bot by actively acquiring the data message in the network, performing the security analysis on the executable program in the data message, and monitoring the address of the host which requires to access the dangerous executable program, thus actively determining the position of the bot before the network is under the attack of the botnet, and detecting the existing of the botnet. |