Botnets have always been a formidable cyber security threat. They are growing rapidly nowadays when the Internet of Things (IOT) has become an important issue and the number of internet-connected smart devices has increased by more than 15% annually. Although PC antivirus solution has been developed for a long time, it is still problematic. And the security issue of smart phones has just come into the spotlight in the near few years, not to mention the fact that smart devices and IoT are still at their growing stages. As such, the security issue of smart devices are full of uncertainties. In the foreseeable future, more devices will become a bot of botnet. In this work, we propose a system to detect potential botnet by analyzing the flows on the Internet. The system classifies similar flow traffic into groups, and then extracts the behavior patterns of each group for machine learning. The system can not only analyze p2p botnets but also extract the patterns to application layers, which can analyze botnets using http protocols.