Encrypted traffic analysis faces dual challenges: fine-grained classification of known applications and detection of previously unseen traffic patterns. Method: This paper proposes a four-stage self-supervised collaborative framework that jointly models classification and anomaly detection. It introduces the first self-supervised unknown-pattern detection mechanism—requiring neither synthetic samples nor prior knowledge—and designs a concept-drift-resilient continual learning architecture. The architecture integrates multi-stage self-supervised learning, probabilistic embedding generation, clustering-driven structural discovery, distribution-alignment-based anomaly identification, and confidence-aware model updating. Contribution/Results: The framework achieves state-of-the-art performance on few-shot classification and zero-shot unknown traffic discovery. It delivers a deployable, robust, and scalable solution for real-world network management, significantly outperforming existing methods in both accuracy and adaptability under dynamic network conditions.

The growing complexity of encrypted network traffic presents dual challenges for modern network management: accurate multiclass classification of known applications and reliable detection of unknown traffic patterns. Although deep learning models show promise in controlled environments, their real-world deployment is hindered by data scarcity, concept drift, and operational constraints. This paper proposes M3S-UPD, a novel Multi-Stage Self-Supervised Unknown-aware Packet Detection framework that synergistically integrates semi-supervised learning with representation analysis. Our approach eliminates artificial segregation between classification and detection tasks through a four-phase iterative process: 1) probabilistic embedding generation, 2) clustering-based structure discovery, 3) distribution-aligned outlier identification, and 4) confidence-aware model updating. Key innovations include a self-supervised unknown detection mechanism that requires neither synthetic samples nor prior knowledge, and a continuous learning architecture that is resistant to performance degradation. Experimental results show that M3S-UPD not only outperforms existing methods on the few-shot encrypted traffic classification task, but also simultaneously achieves competitive performance on the zero-shot unknown traffic discovery task.