I. Introduction
The type of attack on computer networks is multiplying in the cyber era. Several types of malicious attacks involve malicious software (malware) to perform malicious activities, such as Distributed Denial of Service (D-DoS), R2L, U2L, and Probe attacks [1]. Similar threats in networks involving malware and malicious activities construct botnets [2]. A botnet itself can be seen as a collection of infected connected computers establishing a network to carry out attack activities [3]. Its communication structure consists of bot-master and bot-client [4]. The current botnet is decentralized, which tends to be more difficult to anticipate than those in the past, which were centralized. Moreover, the determination and formation of the master bot are more dynamic; thus, it is difficult for some Intrusion Detection Systems (IDS) to detect. On the other hand, bot attacks on multiple targets can be single and group bot activities, making it more disastrous [5].