Blacklists are well known and generally act as an access list to a computer network. Thus, email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc can be on a blacklist for a particular company and will not be allowed to access over the computer network of the company. Many commercial anti-virus products may include a blacklist.
Network traffic flow analysis of computer network is also well known. Traffic flow analysis is the analysis of the flow of digital data as it travels from one node (a source address) to another node (a destination address.) Network traffic flow here includes NetFlow, DNS cache, DNS sync hole traffic flow, etc. These analysis has been used to detect malware and the like.
Botnets are also known and consist of a plurality of computer systems that are working in a coordinated manner. Botnets can exist for legal purposes, but are often use for nefarious purposes in which each computer resource of the botnet may be infected with malicious code.
None of the existing malware and virus detection systems use both blacklists and Network traffic flow analysis data to recursively detect botnets.