With the rapid development of online social networks (OSN), maintaining the security of social media ecosystems becomes dramatically important for public. Among all the security threats in OSN, malicious social bot is the most common risk factor. This paper puts forward a detection method called BotFlowMon that only utilize NetFlow data to identify OSN bot traffic. The detection procedure takes the raw NetFlow data as input and use DBSCAN algorithm to aggregate related flows into transaction level data. Then a special data fusion technique along with a visualization method are proposed to extract features, normalize values and help analyzing flows. A new clustering algorithm called Clustering Based on Density Sort and Valley Point Competition is also designed to subdivide transactions into basic operations. After the above preprocessing steps, some classic machine learning algorithms are applied to construct the classification model.