User behavior perception is fundamental to network management, security diagnosis and application prediction analysis. Considering that detecting algorithms using flow statistics have deficiencies of high complexity and concept drift, a novel scheme called user behavior perception based on minging complex network (UBP-CN) is proposed. UBP-CN constructs a host complex graph with abstracting every node and every edge from the user identifier IP, Port and communications between users. Based on the theory of community detection, the host complex graph is partitioned into mutually exclusive behavior clusters which represent social communities. To nicely depict implicit traffic characteristics for every intersected community, user behavior mode (UBM) is defined by introducing the idea of relative entropy. Both UBM and protocol port are utilized to map the behavior label to every host. Experiments demonstrate that UBP-CN can circumvent the concept shift problem and gracefully ameliorate computational complication without sacrificing accuracy.