提出了一种基于多维度信息散度的僵尸网络快速检测方法.首先将网络流量中多个流量属性的概率分布按时间序列表征为多维信息散度向量,然后建立自回归滑动平均(ARMA)模型以检测该向量是否异常,藉此判断网络流量中是否含有僵尸网络C&C(命令与控制)流量.实验表明:该方法不依赖先验知识,能高效准确地检测出网络流量中是否含有僵尸网络C&C流量,具有很好的通用性、实时性以及较低的误检率. A fast botnet detection method based on multidimensional information divergence is proposed.Firstly, the probability distributions of multiple traffic attributes in network traffic are characterized by time series as multidimensional information divergence vectors, and then an ARMA model is established (Command and control) traffic in the network traffic.Experiments show that this method can detect the network traffic with the botnet C & C efficiently and accurately without relying on prior knowledge, Traffic, with good versatility, real-time and low false positive rate.