A Continual Few-shot Learning Method via Meta-learning for Intrusion Detection

Most of the existing intrusion detection systems use supervised machine learning models, which can detect attacks well by using a large amount of sample data. However, with the rapid changes in the network environment and the emergence of various attack methods, the ability to respond quickly is required, which requires the intrusion detection system to continuously learn new knowledge from a few shots of new attack samples. In this paper, we describe this problem as continuous few-shot learning for intrusion detection and propose a metric-based first-order meta-learning framework, which enables intrusion detection models to be trained through multiple tasks to maximize the model’s generalization ability to handle different tasks. In the face of increasing attack classes, the trained model can quickly adapt to new attacks with a few shots of samples. In addition, to avoid forgetting the previous knowledge, we save a small number of representative old-class attack samples. With extensive experiments, the results show that the model has good plasticity, and can detect new attacks well using a few shots of samples.