Social and Internet traffic analysis is fundamental in detecting and defending cyber attacks. Traditional approaches resorting to manually defined rules are gradually replaced by automated approaches empowered by machine learning. This revolution is accelerated by huge datasets which support machine-learning models with outstanding performance. In the context of a data-driven paradigm, this article reviews recent analytic research on cyber traffic over social networks and the Internet by using a set of common concepts of similarity, correlation, and collective indication, and by sharing security goals for classifying network host or applications and users or Tweets. The ability to do so is not determined in isolation, but rather drawn for a wide use of many different network or social flows. Furthermore, the flows exhibit many characteristics, such as fixed sized and multiple messages between source and destination. This article demonstrates a new research methodology of data-driven cyber security (DDCS) and its application in social and Internet traffic analysis. The framework of the DDCS methodology consists of three components, that is, cyber security data processing, cyber security feature engineering, and cyber security modeling. Challenges and future directions in this field are also discussed.