Attacks such as APT usually hide communication data in massive legitimate net-work traffic,and mining structurally complex and latent relationships among flow-based net-work traffic to detect attacks has become the focus of many initiatives.Effectively analyz-ing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge.In addition,the uneven distri-bution of network traffic does not fully reflect the differences of class sample features,result-ing in the low accuracy of attack detection.To solve these problems,a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN)method is proposed to enhance the accuracy and efficiency of flow-based network traffic attack detection.First,the FEW-NNN method uses the Fisher score and deep graph feature leing algorithm to remove unimportant features and reduce the data dimension.Then,according to the proposed natural nearest neighbor searching algorithm(NNN_Searching),the density of data points,each class center and the smallest enclosing sphere radius are determined corre-spondingly.Finally,a fuzzy entropy weighted KNN classification method based on affinity is proposed,which mainly includes the fol-lowing three steps: 1)the feature weights of samples are calculated based on fuzzy entropy values,2)the fuzzy memberships of sam-ples are determined based on affinity among samples,and 3)K-neighbors are selected according to the class-conditional weighted Euclidean distance,the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors,and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class; that is,the attack type is determined.The method has been applied to the problem of attack detection and vali-dated based on the famous KDD99 and CIC-IDS-2017 datasets.From the experimental results shown in this paper,it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.