The invention discloses a DGA domain name detection method based on random forest, comprising steps of constructing a knowledge database which comprises a black-and-white list sample library and a word dictionary, setting a domain name characteristic template, using the domain name in the black-and-white list as a training set, filtering the noise, performing training and off-line storage on the random forest algorithm model, obtaining a domain name to be detected, loading an optimal random forest algorithm model, and using the domain name to be detected as an input to obtain the prediction result. The invention does not rely on the DNS data which is obtained on line, can not only fast finish the DGA domain name detection, but also provides prediction to the other malicious domain name detection methods. Besides, the DGA domain name detection method is based on the forest algorithm and has an obvious advantage on the noise interference, and is less in resource consumption, high in operation efficiency and good in generalization.