A botnet is the attack infrastructure behind most distributed denial-of-service events, a network of compromised hosts under one operator's control, and reproducing its effect is the purpose of a DDoS test. The operator infects devices (servers, PCs, routers, IoT cameras) with malware, then directs the whole fleet to send traffic at a single target at once. That many-source structure is what puts the "distributed" in DDoS.
Why it matters in DDoS testing
A botnet's defining property is dispersion: traffic arrives from thousands of distinct IPs across many networks and regions, so per-IP rate limits and single-source thresholds never trip. A meaningful test reproduces that distribution rather than hammering from one host, because a defense tuned against a single loud source collapses when the same volume arrives spread across a /16. The realism of the source model, not just the bit rate, decides whether the result means anything.
For the layered mechanics botnets exploit, see Understanding DDoS Attack Vectors.