Fig 1.
Illustration of converting network traffic into sample matrices.
Fig 2.
Few-shot task formulation in intrusion detection.
Fig 3.
Overall architecture of the proposed few-shot intrusion detection method.
Fig 4.
Architecture of the feature encoding module based on Mamba.
Fig 5.
Architecture of the feature matching module with cross-attention.
Table 1.
Attack types and descriptions in CICIDS datasets.
Table 2.
Values of hyperparameters.
Table 3.
Detection results on the CICIDS2017 dataset (K = 5).
Table 4.
Detection results on the CICIDS2017 dataset (K = 10).
Table 5.
Detection results on the CICIDS2018 dataset (K = 5).
Table 6.
Detection results on the CICIDS2018 dataset (K = 10).
Table 7.
Comparison of the proposed detection method with related works.
Fig 6.
Ablation study results on the CICIDS2017 dataset (K = 5).
Fig 7.
Ablation study results on the CICIDS2017 dataset (K = 10).
Fig 8.
Ablation study results on the CICIDS2018 dataset (K = 5).
Fig 9.
Ablation study results on the CICIDS2018 dataset (K = 10).
Table 8.
Cross-domain detection results on the CICIDS2017 dataset (K = 10).
Table 9.
Cross-domain detection results on the CICIDS2018 dataset (K = 10).
Table 10.
Cross-domain detection results on the CICIDS2017 dataset (K = 5).
Table 11.
Cross-domain detection results on the CICIDS2018 dataset (K = 5).
Table 12.
Cross-domain comparison with traditional methods (Train: CICIDS2017, Test: CICIDS2018, overall).
Fig 10.
F-measure under varying shot numbers K in 5-way tasks (CICIDS2018).
Fig 11.
F-measure under varying class numbers N with K = 10 (CICIDS2018).