System and method for estimating scale of hosts infected by malicious codes

The invention discloses a DNS cache detection-based system and method for estimating the scale of hosts infected by appointed malicious codes. The system comprises three main modules which are a specific region DNS resolver search module, a DNS detection module and a malicious code infecting host scale estimation module. DNS resolvers in a specific region are detected, cache information of malicious domain names in each DNS resolver is collected, a mixing index estimation model is built on the basis of the information, and the scale of the hosts, infected by the malicious codes, in a corresponding network domain is estimated. The system effectively resolves problems in privacy protection, network authorization and other traditional monitoring methods.