The present invention relates to the communications field, and in particular, to a detection method, an apparatus, and a network with detection functions. The present invention solves the problem that the Botnet cannot be detected on a current communication network. The detection method is used to detect a Botnet and includes: obtaining a network address translation (NAT) table; detecting a behavior plane and a communication plane of a host according to the NAT table; and performing cluster analysis on results of detection on the communication plane and the behavior plane.