The invention belongs to the technical field of network security control, and particularly relates to a malicious software propagation control method and device based on ternary association graph detection. The method comprises the following steps: acquiring data source information of malicious software, a user node and a propagation path, and preprocessing the data source information; establishing a ternary association graph; based on a weight matrix of edges in the ternary association graph, calculating scores of malicious software, propagation paths and user nodes according to a cross iterative scoring mechanism; performing unified quantification by using multiple linear regression scores, and calculating the influence of the user nodes; establishing an infectious disease SIHR propagation model based on the score value and a hotspot infection driving mechanism, and calculating a propagation state and a propagation trend of a driving factor pair; and according to a result of the propagation model, cutting off a malicious software propagation path at the next moment, and isolating user nodes. According to the method disclosed in the invention, the malicious software is broadcasted, the propagation path of the malicious software is effectively cut off, and infected users are isolated, so that the safety of the users is improved.