The invention relates to a multi-track malicious program feature detecting method based on data mining. The multi-track malicious program feature detecting method comprises the step of behavior track acquiring, the step of zone partitioning, the step of feature extracting and feature library establishing and the step of magnanimity detecting. In the step of behavior track acquiring, a dynamically-operating system calling sequence of a program is obtained; in the step of zone partitioning, zone portioning is carried out on obtained software behavior tracks so as to adapt to the needs of the mining process; in the step of feature extracting and feature library establishing, a sequence mode mining algorithm improved in data mining is adopted for acquiring a data flow, network flow and resource flow behavior frequent subsequence set, removing normal program behavior track fragments and structure a malicious behavior feature library; in the step of magnanimity detecting, magnanimity detecting is carried out on a program operating in real time according to the structured three-dimensional feature library. The multi-track malicious program feature detecting method based on data mining is high in detection accuracy.