BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors.

•BotMark automatically detects bots with hybrid analysis of flow-based and graph-based traffic behaviors.•Botmark is independent of C&C protocols and structures, requires no a priori knowledge of botnets, and can be adopted in complex environments.•15 flow-based features and 3 types of graph-based features are extracted from network traffic to characterize the behaviors of botnets.•We collect a large size of network traffic by simulating 5 botnets in a real computing environment and share the data.•BotMark reaches the detection accuracy of 99.94% with hybrid analysis.