In this paper, we propose a new cybersecurity system, ActiveBDS, which uses DDoS attacks to disable C&C (Command and control) servers of malicious botnets. ActiveBDS consists of a monitor, a strategy planner, a launcher, and a C&C servers. ActiveBDS uses the white-hat botnet to launch DDoS attacks against the malicious botnets, and disables the C&C of the malicious botnets. Therefore, it is important how to construct the number of white-hat botnet necessary for DDoS attacks. We found that the operations of ActiveBDS detection and expansion are important. Simulation results showed that when the number of malicious worms that ActiveBDS needs to detect malicious C&C servers = 50 units and the number of units that launcher launches white-hat worms at a step = 32 units, ActiveBDS succeeded more than 90 % of the time. The results show that detection and expansion are important and synergistic.