A Botnet, is a network connected by computers compromised by viruses, or Trojan horses over internet, and causes a severe security issue. Hackers controlled the zombie computers by implanting malicious programs to perform malicious tasks such as executing distributed denial of services (DDoS), stealing confidential information, spreading junk mails, etc. A peer-to-peer (P2P) Botnet, like P2P architecture, uses multiple main controllers to avoid single point of failure, and with encryption technologies, P2P Botnet is hard to be detected by Misuse detection technologies. Unlike normal network, the behavior of creating numerous sessions but not consuming bandwidth substantially causes P2P Botnet can be aware by Anomaly detection technology. In this thesis, a data mining method was proposed to detect P2P Botnet in a real network environment, and we verified that the method can be used to find the hosts of P2P Botnet. The main idea is to apply the original dissimilarity of P2P Botnet differing from normal internet behaviors as parameters to cluster and distinguish the data mining results, finally to check the accuracy is acceptable. Compare to past researches, we accomplish four objectives: (1)P2P Botnet can be detected regardless its encryption technologies;(2)This method is only needed to be deployed on network gateways instead of personal computers; (3)Inactive zombie computers can also be detected without considering attack behavior;(4)The data mining method can detect zombie computers without being confused by complicate network flows. This method can work with anti-virus software, and reduce enterprise’s security risk.