Current in the field of malicious programs more classification test, the traditional static and dynamic testing methods are greatly influenced by reverse forensics technology; the new detection method based on network traffic, because of various kinds of malicious program flow characteristics of the similarity is bigger, the data extracted using artificial flow characteristics and the traditional machine learning method can not obtain higher accuracy. Aiming at the above problems, this paper proposes a malicious program multi-classification detection method based on XGBoost and Stacking fusion model. In acquiring target malware external traffic and automatically extract the initial network characteristics, preprocessing and multiple feature selection of the initial data set, and then use based on the characteristics of the XGBoost create algorithm, in the initial features advanced automatic generation based on set, and connecting with the Stacking integration algorithm more fusion model to enhance the malicious program classification accuracy of detection. In this process, in order to reduce the time to find the optimal parameter combination, the Bayesian optimization method is used to determine the optimal parameter combination of each model, and a variety of regularization strategies are adopted to solve the problem of model overfitting. Experimental results show that, compared with other traditional methods, the proposed method has a higher accuracy in multi-classification of malicious programs.