As an essential task for network management and security, network traffic classification has attracted increasing attention in recent years. Traditional traffic classification methods achieve certain success in identifying specific application traffic but fail with un-predefined unknown classes. Existing unknown traffic discovery methods commonly pick out some unlabeled testing data as part of training data to train the classification models, which is not in line with the real-world open environments. In this paper, we propose a novel scheme named SEEN to achieve unknown traffic detection in network traffic classification. There are three crucial phases in the SEEN: unknown discovery, unknown clustering, and system update. In the first step, using a metric-based approach with siamese network, SEEN identifies unknown traffic as well as accurately classifies the traffic generated by pre-defined application classes. After discovery, unknown traffic is automatically clustered into more fine-grained categories in the unknown clustering step. In the system update step, inspired by low-shot learning, SEEN allows new classes to be added or unnecessary known classes to be deleted quickly without retraining from the sketch, which can complement the system’s knowledge. Experimental results exhibit that SEEN can achieve outstanding performances both on known and unknown traffic identification on two open real-world datasets, and the proposed scheme can address the problem of unknown traffic effectively.