Internet has become an essential part of everyday communication and every daily life. Mostly people often go online but do not careful enough to think about the security and how to protect their computer from the threat. Generally, people cannot predict about when and how they get an attack from the threat when they click to the unreliable websites. Botnet is the one kind of most dangerous threat which occurred from using the Internet. The characteristic of botnet is the group of infected computers which connected to the Internet and were controlled by the attacker or hacker to command the operation in several network attacks and several forms. The threat and malicious activities include DDoS attack, spamming, thieving personal information, illegal hosting and sale or rent services, click fraud and adware. There are two popular based on botnet attack. IRC-based botnet is formerly based generation and the HTTP-based botnet is the presently based generation. HTTP-based botnet could be found to identify difficulty because they use the standard HTTP protocol to communicate between bots and botmaster, which means it easier to evade the protection system like the anti-virus programs. Many methods which based on the behavior analysis system were provided to detect the HTTP-based botnet but the botnet still can conceal their behavior from that methods. Therefore, this paper will add the critical of HTTP feature to improve the probability to detect the botnet including the new botnet which never found a pattern before. HTTP features were used to apply the data mining approach with decision tree algorithm to automate detecting the malicious characteristics from a big data. Additionally, the feature filters and algorithms were used to analyze the network packets to trails the evidence of suspicious activities of HTTP botnet. Finally, the confusion matrix will be used to estimate and prove the result for better detection rate.
