Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks

Fernando Martinez-Lopez, Lesther Santana, Mohamed Rahouti

TL;DR

The paper tackles the challenge of detecting emerging and zero-day network attacks under scarce labeled data by introducing Multi-Space Prototypical Learning (MSPL), which fuses Euclidean, Cosine, Chebyshev, and Wasserstein distances into a constrained ensemble for prototypical classification. It adds Polyak-averaged model parameters to stabilize embeddings and prototypes, and employs balanced episodic training to ensure robust generalization across attack types. MSPL demonstrates superior performance over single-metric baselines across multiple datasets, with notable gains in balanced accuracy and AUPRC, especially in low-resource and unseen attack scenarios. The approach offers a scalable, data-efficient framework that enhances zero-day detection, suggesting strong practical utility for modern NIDS and paving the way for multi-modal extensions and real-time deployment.

Abstract

Network intrusion detection systems face significant challenges in identifying emerging attack patterns, especially when limited data samples are available. To address this, we propose a novel Multi-Space Prototypical Learning (MSPL) framework tailored for few-shot attack detection. The framework operates across multiple metric spaces-Euclidean, Cosine, Chebyshev, and Wasserstein distances-integrated through a constrained weighting scheme to enhance embedding robustness and improve pattern recognition. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Additionally, an episodic training paradigm ensures balanced representation across diverse attack classes, enabling robust generalization. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types, establishing it as a robust solution for zero-day attack detection.

Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks

TL;DR

The paper tackles the challenge of detecting emerging and zero-day network attacks under scarce labeled data by introducing Multi-Space Prototypical Learning (MSPL), which fuses Euclidean, Cosine, Chebyshev, and Wasserstein distances into a constrained ensemble for prototypical classification. It adds Polyak-averaged model parameters to stabilize embeddings and prototypes, and employs balanced episodic training to ensure robust generalization across attack types. MSPL demonstrates superior performance over single-metric baselines across multiple datasets, with notable gains in balanced accuracy and AUPRC, especially in low-resource and unseen attack scenarios. The approach offers a scalable, data-efficient framework that enhances zero-day detection, suggesting strong practical utility for modern NIDS and paving the way for multi-modal extensions and real-time deployment.

Abstract

Network intrusion detection systems face significant challenges in identifying emerging attack patterns, especially when limited data samples are available. To address this, we propose a novel Multi-Space Prototypical Learning (MSPL) framework tailored for few-shot attack detection. The framework operates across multiple metric spaces-Euclidean, Cosine, Chebyshev, and Wasserstein distances-integrated through a constrained weighting scheme to enhance embedding robustness and improve pattern recognition. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Additionally, an episodic training paradigm ensures balanced representation across diverse attack classes, enabling robust generalization. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types, establishing it as a robust solution for zero-day attack detection.
Paper Structure (28 sections, 12 equations, 3 figures, 1 table, 1 algorithm)

This paper contains 28 sections, 12 equations, 3 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. FSL for Intrusion Detection
  4. Metric-Based Learning in Cybersecurity
  5. Hybrid and Multi-Space Approaches
  6. Uniqueness of this Paper
  7. Methodology
  8. Problem Formulation
  9. FSL for Attack Detection
  10. Multi-Space Prototypical Framework
  11. Distance metrics:
  12. Metric space integration:
  13. Model Stabilization through Polyak Averaging
  14. Episodic Learning Framework
  15. Training Procedure
  16. ...and 13 more sections

Figures (3)

  • Figure 1: Balanced accuracy comparison for baselines and MSPL approaches across CICEVSE, CICIDS2017, and CICIoV2024 datasets.
  • Figure 2: F1-score comparison for baselines and MSPL approaches across CICEVSE, CICIDS2017, and CICIoV2024 datasets
  • Figure 3: AUPRC comparison for baselines and MSPL experiments across CICEVSE, CICIDS2017, and CICIoV2024 datasets.