Botnet has often been used for attack, which combines various malicious infection and attack functionalities possessed by Trojan, virus, and worm. However, its existence is discovered by network administrator or user only after an attack has been launched. IRC-based botnet is commonly used, where the botmaster controls and commands the bots through an IRC channel. As network performs normal during its latency stage, botnet is hard to be identified. Current intrusion detection systems could identify the botnet only if it actives and could not prevent botnet effectively.In this study, IRC sniffer is deployed to collect the messages exchanged in the IRC channels and anomalous behaviors are identified to detect abnormal IRC channel in IRC server. The study found that the payload length and message response time are important features to identify anomalous IRC traffic. The experimental results show that the proposed detection mechanism can identify malicious IRC channel efficiently.