Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The results presented in this dissertation indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works. Hackers have increasingly used fast-flux techniques to extend the lifetime of malware networks in order to conduct various Advanced Persistent Threat (APT) activities. Such activities typically target nations and or organizations for business or political motives and have the potential to cause immense disruption. Thus, it is essential to study the fast-flux service network and find possible attack behaviors. With honeypot logs and association rule mining, the proposed mechanism can reduce human effort and the entire system can operate automatically. The results of our experiments indicate that the prediction system is workable for protecting assets from attacks or misuse.