Even though multi cloud has been seen as a perfect path to prevent loss of data and avoid the vendor lock in problem, it still lacks in having comprehensive security mechanism due to its inherent nature. This inherent feature enables botnet attack where group of compromised nodes would do abnormal activities which are assigned by the bot master to degrade the quality of service in the environment of cloud. Thus, to recognize and remove the bot master, this work has designed a robust analyzer by proposing agglomerative-divisive based web usage mining, which classifies different types of attributes such as Access time, Destination IP address, port number, types of protocol used. Subsequently, clustered data are fed to the web structural mining based on WAP (Web Access Pattern-tree) which groups the network traffic information based on their topology. The preprocessed network traffic information would be subjected to the robust key identifier which decrypts the network traffic. Finally in order to nab the bot master, the decoded network traffic information would be given to the ensemble learner based on random forest algorithms.