This study addresses a critical limitation in existing encrypted network traffic anomaly detection methods: their reliance on mainstream reconstruction strategies that prioritize low-frequency information, leading to a “spectral mismatch” with the actual high-frequency–dominant nature of traffic and consequently suboptimal performance. To resolve this issue, the authors propose FreeUp, a novel framework that, for the first time, explicitly identifies this spectral mismatch and introduces a frequency-decoupled architecture. FreeUp decomposes traffic into high- and low-frequency components, reconstructs each via dedicated dual-branch networks, and incorporates an uncertainty-aware dynamic fusion scoring mechanism. Extensive experiments demonstrate that FreeUp significantly outperforms state-of-the-art methods across multiple benchmark datasets, thereby validating the efficacy of frequency-aware modeling for anomaly representation.

Network traffic anomaly detection represents a critical cybersecurity task, yet widespread encryption makes this task increasingly challenging. In response, image-based methods that model traffic as visual patterns have emerged as the dominant approach. However, this work pioneers the identification of a pervasive ``full-frequency'' characteristic and an associated limitation termed ``spectral mismatch'' within this paradigm. Specifically, while encrypted traffic exhibits prominent high-frequency components, mainstream reconstruction methods demonstrate an inherent bias toward learning low-frequency information. This fundamental mismatch results in incomplete representations that consequently degrade anomaly detection performance. To address this challenge, we propose FreeUp, a novel frequency-decoupled framework designed explicitly for encrypted traffic analysis. FreeUp decomposes traffic data into distinct low- and high-frequency bands, processing them through separate, dedicated branches along with a customized training strategy that ensures stable and independent frequency-specific learning. Furthermore, recognizing that simple reconstruction error proves inadequate for evaluating dual-branch architectures, we introduce an uncertainty-inspired fusion scoring mechanism. This mechanism quantifies the reconstruction uncertainty of the frequency-specific branches and dynamically integrates their outputs, yielding a more comprehensive and reliable anomaly score. Extensive experiments across multiple benchmarks demonstrate that FreeUp consistently outperforms state-of-the-art baselines. The code is available at https://github.com/ikun0124/FreeUp.