**Abstract**

The current network security faces a serious threat, which has been brought about by the large-scale proliferation of botnet, and its detection has become one of the important tasks of the existing cyberspace security. At present, although network administrators have firewalls, intrusion detection systems, intrusion prevention systems, and other technical means to achieve partial network protection, they are still confronted with severe challenges in the detection and prevention of a botnet known as a threatening attack platform. The new botnet is characterized by its large scale and multifunction. Further, it is hard to detect, and it may cause a sharp decline in the normal defense level of the protected object in a short period of time. In this chapter, we propose a method of botnet threat assessment based on evidence chain. The DS evidence theory is used for network security situational awareness. On the basis of determining the recognition framework, all possible results are considered, and each evidence is assigned a basic credibility, and the final credibility of the target is fused by using the composition rule. The experiments show that this method can work efficiently and detect the major threats in the protected network in time.

**Keywords:** botnet, intrusion detection, situational awareness, evidence chain, threat evaluation
