Concerning the problem that the existing malware propagation models lack the mechanism of real-time detection of new malware and dynamic sharing of prevention and control information between nodes in Peer-to-Peer （P2P） networks， a detection-propagation model was established based on malware characteristic behavior detection technology. Firstly， based on the classic Susceptible-Infected-Recovered （SIR） propagation model， broadcast nodes were introduced （broadcast nodes refer to special nodes that generate prevention and control information after successfully detecting files containing malware and continuously send this message to neighbor nodes）. The model after introducing broadcast nodes can effectively reduce the risk of nodes themselves being infected through detection technology and can restrain the spread of malware in the network by dynamically sharing malware information between nodes in the network. Then， the equilibrium point was calculated and the propagation threshold of the model was obtained by the next generation matrix theory. Finally， the local stability and global stability of the equilibrium point of the model were proved by Hurwitz criterion and constructing Liapunov function. Experimental results show that when the propagation threshold is less than 1， compared with the degraded SIR model， under the detection rate of 0.5， 0.7 and 0.9， the proposed detection-propagation model has the total number of infected nodes at the peak point decreased by 41.37%， 48.23% and 48.64% respectively. Therefore， the detection-propagation model based on characteristic behavior detection technology can restrain the rapid propagation of malware in the network in the early stage， and the higher the detection rate， the better the containment effect.