The invention provides a NetFlow based botnet network detection system which comprises a data acquisition module, a pre-processing module, a node evaluation module, a topology discovery module and a correlation analysis module. The node evaluation module obtains suspected botnet network Pboti corresponding to a data stream I through an analytic function Fbot (vi). The correlation analysis module draws and analyzes a data stream communication diagram using the suspected botnet network Pboti as weight and calculates the probability that a target network is a botnet network, and the target network is the botnet network if the probability is larger than a set threshold value. The invention further provides a botnet network detection method. The NetFlow based botnet network detection system and method integrate high-efficiency NetFlow flow analysis, adopt an analysis algorithm, obtain threat coefficients of all nodes and the whole network topology structure and accurately screen botnet networks with complicated network topology, high mobility, high hiding performance and high perniciousness by being combined with specific topology structure of the target network.