Anomaly detection in user-level network traffic faces challenges of few-shot learning, emergence of novel classes, and long-tailed class distributions. Method: This paper proposes the first meta-learning-based adaptive detection framework tailored to this scenario. It pioneers the integration of meta-learning into user traffic anomaly detection, introducing a K-way-M-shot adaptive training mechanism. The framework combines CICFlowMeter for flow feature extraction with cumulative importance ranking for feature selection, and employs MAML to construct a lightweight meta-training architecture—enabling rapid identification of previously unseen anomaly types from only a few labeled samples. Contribution/Results: Unlike conventional supervised or unsupervised methods, our framework eliminates reliance on large-scale labeled datasets and predefined class sets. Evaluated on two public benchmarks, it achieves 15–43% improvements in F1-score over state-of-the-art approaches, demonstrating superior generalization to rare and emerging anomalies.

Accuracy anomaly detection in user-level network traffic is crucial for network security. Compared with existing models that passively detect specific anomaly classes with large labeled training samples, user-level network traffic contains sizeable new anomaly classes with few labeled samples and has an imbalance, self-similar, and data-hungry nature. Motivation on those limitations, in this paper, we propose extit{Meta-UAD}, a Meta-learning scheme for User-level network traffic Anomaly Detection. Meta-UAD uses the CICFlowMeter to extract 81 flow-level statistical features and remove some invalid ones using cumulative importance ranking. Meta-UAD adopts a meta-learning training structure and learns from the collection of K-way-M-shot classification tasks, which can use a pre-trained model to adapt any new class with few samples by few iteration steps. We evaluate our scheme on two public datasets. Compared with existing models, the results further demonstrate the superiority of Meta-UAD with 15{%} - 43{%} gains in F1-score.