Unrecognized applications running on multi-core SoCs may signal system compromise and increase vulnerability. This paper introduces DUA, a novel methodology to detect the execution of unrecognized software applications on NoC-based multi-core SoCs, leveraging traffic data from the NoC interconnect, or, more broadly, any packet-switched on-chip or interposer-level interconnect such as a network-in-package. DUA embeds lightweight traffic-monitoring counters into selected routers of the interconnect, and it carries out detection using a one-class support vector machine (OC-SVM) that, due to its unsupervised-learning nature, is trained only on recognized applications, i.e., applications authorized to run on the system. This allows the DUA methodology to effectively detect unrecognized, never-before-seen applications, including those not considered during training. Identifying the optimal OC-SVM involves exploring a search space that encompasses input features, kernel functions, and hyperparameters. An extensive experimental campaign demonstrates the effectiveness of the methodology in detecting unrecognized applications from the PARSEC benchmark suite on a 16-core NoC-based SoC. The DUA approach achieves an average accuracy of 85.9% while introducing negligible area and power overheads and not affecting timing, and it shows resilience to queuing-delay noise, indicating generalization across varying traffic conditions.