Sybil attacks in Vehicular Ad-Hoc Networks (VANETs) conduct malicious behavior by falsifying and faking messages between vehicles. It poses a significant threat to the safety of vehicle movement. Meanwhile, because Sybil attacks often hide the real identity of the attacker with the help of a legitimate pseudonym, making it very difficult to detect them. Most existing detection schemes use a single data source, which is not enough to describe the specific characteristics of the attack behavior accurately, while their detection performance is also affected by real scenario factors such as traffic flow and attacker density. Therefore, we propose a multi-source data fusion detection framework for Sybil attacks based on the study of the behavior characteristics of Sybil attacks and the impact of the attacks on the traffic flow state. We get basic safety messages data, map data and sensor data and then obtain multi-dimensional data fusion features from four aspects: spatio-temporal location relationship, traffic flow state change, vehicle behavior characteristics and sensor data verification, and finally use machine learning classification model to complete the detection of attack behavior. Experimental results show that our proposed attack detection framework is able to locate the specific road section where the attack occurred in a realistic and complex traffic scenario containing different road types without using trusted vehicles as observation nodes, and has good generalization capability. the average detection accuracy of the MDFD framework for four types of compound attacks is as high as 97.69%.