A subspace-based few-shot intrusion detection system for the Internet of Things<sup><xref rid="fn1" ref-type="fn">◇</xref></sup>

Zhihui LI; Congyuan XU; Kun DENG; Chunyuan LIU

doi:10.1631/FITEE.2400556

Your Location：

Home >

Browse articles >

A subspace-based few-shot intrusion detection system for the Internet of Things^◇

Regular Papers | Updated：2025-07-02

- A subspace-based few-shot intrusion detection system for the Internet of Things^◇
- 基于子空间的小样本物联网入侵检测系统
- Frontiers of Information Technology & Electronic Engineering Vol. 26, Issue 6, Pages: 862-876(2025)
- Affiliations：
  
  1.School of Information Science and Engineering, Zhejiang Sci-Tech University, Hangzhou 310027, China
  2.College of Information Science and Engineering, Jiaxing University, Jiaxing 314000, China
- Author bio：
  
  ‡ Corresponding author
- Funds：
- DOI：10.1631/FITEE.2400556
  CLC： TP393
- Received：02 July 2024，
  
  Revised：09 December 2024，
  
  Published：2025-06
- Accepted：
Scan QR Code
Zhihui LI, Congyuan XU, Kun DENG, et al. A subspace-based few-shot intrusion detection system for the Internet of Things^◇[J]. Frontiers of information technology & electronic engineering, 2025, 26(6): 862-876.
DOI：

Zhihui LI, Congyuan XU, Kun DENG, et al. A subspace-based few-shot intrusion detection system for the Internet of Things^◇[J]. Frontiers of information technology & electronic engineering, 2025, 26(6): 862-876. DOI： 10.1631/FITEE.2400556.

摘要

基于深度学习的入侵检测系统依赖大量的训练样本才能达到令人满意的检测率。然而，在实际的物联网环境中，物联网设备种类多，攻击类型碎片化，导致训练样本数较小，这迫切需要研究者们开发小样本入侵检测系统。为此，本文提出基于子空间的小样本物联网入侵检测系统方法，来应对可学习样本不足的困境。该方法基于度量分类的思想来识别网络流量，对样本进行特征提取后，为每一个类别构造一个子空间，然后通过度量模块计算查询样本与子空间的距离，从而实现对恶意样本的检测。基于CICIoT2023数据集，构建了小样本物联网入侵检测数据集，并对所提方法进行评估。对于未知类别的检测，在5-way 1-shot（5类，每类仅1个标注样本）设置下检测准确率为93.52%，在5-way 5-shot设置下检测准确率为92.99%，在5-way 10-shot设置下检测准确率为93.65%。

Abstract

Deep learning-based intrusion detection systems rely on numerous training samples to achieve satisfactory detection rates. However

in the real-world Internet of Things (IoT) environments

the diversity of IoT devices and the subsequent fragmentation of attack types result in a limited number of training samples

which urgently requires researchers to develop few-shot intrusion detection systems. In this study

we propose a subspace-based approach for few-shot IoT intrusion detection systems to cope with the dilemma of insufficient learnable samples. The method is based on the principle of classifying metrics to identify network traffic. After feature extraction of samples

a subspace is constructed for each category. Next

the distance between the query samples and the subspace is calculated by the metric module

thus detecting malicious samples. Subsequently

based on the CICIoT2023 dataset we construct a few-shot IoT intrusion detection dataset and evaluate the proposed method. For the detection of unknown categories

the detection accuracy is 93.52% in the 5-way 1-shot setting

92.99% in the 5-way 5-shot setting

and 93.65% in the 5-way 10-shot setting.

关键词

Keywords

references

Alani MM , Awad AI , 2023 . An intelligent two-layer intrusion detection system for the Internet of Things . IEEE Trans Ind Inform , 19 ( 1 ): 683 - 692 . https://doi.org/10.1109/TII.2022.3192035 https://doi.org/10.1109/TII.2022.3192035

Chen D , Zhang FB , Zhang XP , 2023 . Heterogeneous IoT intrusion detection based on fusion word embedding deep transfer learning . IEEE Trans Ind Inform , 19 ( 8 ): 9183 - 9193 . https://doi.org/10.1109/TII.2022.3227640 https://doi.org/10.1109/TII.2022.3227640

Draper-Gil G , Lashkari AH , Mamun MSI , et al. , 2016 . Characterization of encrypted and VPN traffic using time-related features . Proc 2 nd Int Conf on Information Systems Security and Privacy , p. 407 - 414 . https://doi.org/10.5220/0005740704070414 https://doi.org/10.5220/0005740704070414

Du L , Gu ZQ , Wang Y , et al. , 2024 . A few-shot class-incremental learning method for network intrusion detection . IEEE Trans Netw Serv Manag , 21 ( 2 ): 2389 - 2401 . https://doi.org/10.1109/TNSM.2023.3332284 https://doi.org/10.1109/TNSM.2023.3332284

Duan GH , Lv HW , Wang HQ , et al. , 2023 . Application of a dynamic line graph neural network for intrusion detection with semisupervised learning . IEEE Trans Inform Foren Secur , 18 : 699 - 714 . https://doi.org/10.1109/TIFS.2022.3228493 https://doi.org/10.1109/TIFS.2022.3228493

Duan RX , Li D , Tong Q , et al. , 2021 . A survey of few-shot learning: an effective method for intrusion detection . Secur Commun Netw , 2021 ( 1 ): 4259629 . https://doi.org/10.1155/2021/4259629 https://doi.org/10.1155/2021/4259629

Feng TT , Qi Q , Wang JY , et al. , 2021 . Few-shot class-adaptive anomaly detection with model-agnostic meta-learning . IFIP Networking Conf , p. 1 - 9 .

Finn C , Abbeel P , Levine S , 2017 . Model-agnostic meta-learning for fast adaptation of deep networks . Proc 34 th Int Conf on Machine Learning , p. 1126 - 1135 .

Fouladi RF , Ermiş O , Anarim E , 2022 . A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN . Comput Netw , 214 : 109140 . https://doi.org/10.1016/j.comnet.2022.109140 https://doi.org/10.1016/j.comnet.2022.109140

He MS , Zhao XW , Wang XJ , 2024a . An efficient DDoS detection method based on packet grouping via online data flow processing . IEEE Trans Sustain Comput , 10 ( 2 ): 202 - 216 . https://doi.org/10.1109/TSUSC.2024.3409712 https://doi.org/10.1109/TSUSC.2024.3409712

He MS , Huang YM , Wang XL , et al. , 2024b . A lightweight and efficient IoT intrusion detection method based on feature grouping . IEEE Int Things J , 11 ( 2 ): 2935 - 2949 . https://doi.org/10.1109/JIOT.2023.3294259 https://doi.org/10.1109/JIOT.2023.3294259

Jamal MA , Qi GJ , 2019 . Task agnostic meta-learning for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 11711 - 11719 . https://doi.org/10.1109/CVPR.2019.01199 https://doi.org/10.1109/CVPR.2019.01199

Koch G , Zemel R , Salakhutdinov R , 2015 . Siamese neural networks for one-shot image recognition . Proc 32 nd Int Conf on Machine Learning , p. 1 - 30 .

Lu CM , Wang XF , Yang AM , et al. , 2023 . A few-shot-based model-agnostic meta-learning for intrusion detection in security of Internet of Things . IEEE Int Things J , 10 ( 24 ): 21309 - 21321 . https://doi.org/10.1109/JIOT.2023.3283408 https://doi.org/10.1109/JIOT.2023.3283408

Lu HM , Wang T , Xu X , et al. , 2022 . Cognitive memory-guided autoencoder for effective intrusion detection in Internet of Things . IEEE Trans Ind Inform , 18 ( 5 ): 3358 - 3366 . https://doi.org/10.1109/TII.2021.3102637 https://doi.org/10.1109/TII.2021.3102637

Makkar A , Garg S , Kumar N , et al. , 2021 . An efficient spam detection technique for IoT devices using machine learning . IEEE Trans Ind Inform , 17 ( 2 ): 903 - 912 . https://doi.org/10.1109/TII.2020.2968927 https://doi.org/10.1109/TII.2020.2968927

Mehedi ST , Anwar A , Rahman Z , et al. , 2023 . Dependable intrusion detection system for IoT: a deep transfer learning based approach . IEEE Trans Ind Inform , 19 ( 1 ): 1006 - 1017 . https://doi.org/10.1109/TII.2022.3164770 https://doi.org/10.1109/TII.2022.3164770

Neto ECP , Dadkhah S , Ferreira R , et al. , 2023 . CICIoT2023: a real-time dataset and benchmark for large-scale attacks in IoT environment . Sensors , 23 ( 13 ): 5941 . https://doi.org/10.3390/s23135941 https://doi.org/10.3390/s23135941

Nichol A , Achiam J , Schulman J , 2018 . On first-order meta-learning algorithms . https://arxiv.org/abs/1803.02999 https://arxiv.org/abs/1803.02999

Niu ZQ , Guo WJ , Xue JF , et al. , 2023 . A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA) . Comput Secur , 129 : 103190 . https://doi.org/10.1016/j.cose.2023.103190 https://doi.org/10.1016/j.cose.2023.103190

Ouyang YK , Li BB , Kong QL , et al. , 2021 . FS-IDS: a novel few-shot learning based intrusion detection system for SCADA networks . IEEE Int Conf on Communications , p. 1 - 6 . https://doi.org/10.1109/ICC42927.2021.9500667 https://doi.org/10.1109/ICC42927.2021.9500667

Schwartz E , Karlinsky L , Shtok J , et al. , 2018 . Δ -encoder: an effective sample synthesis method for few-shot object recognition . 32 nd Conf on Neural Information Processing Systems , p. 2850 - 2860 .

Shi ZX , Xing MY , Zhang J , et al. , 2023 . Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method . IEEE Wireless Communications and Networking Conf , p. 1 - 6 . https://doi.org/10.1109/WCNC55385.2023.10118898 https://doi.org/10.1109/WCNC55385.2023.10118898

Simon C , Koniusz P , Nock R , et al. , 2020 . Adaptive subspaces for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 4135 - 4144 . https://doi.org/10.1109/CVPR42600.2020.00419 https://doi.org/10.1109/CVPR42600.2020.00419

Snell J , Swersky K , Zemel R , 2017 . Prototypical networks for few-shot learning . Proc 31 st Int Conf on Neural Information Processing Systems , p. 4080 - 4090 .

Sun HD , Wan L , Liu MY , et al. , 2023 . Few-shot network intrusion detection based on prototypical capsule network with attention mechanism . PLoS ONE , 18 ( 4 ): e0284632 . https://doi.org/10.1371/journal.pone.0284632 https://doi.org/10.1371/journal.pone.0284632

Sung F , Yang YX , Zhang L , et al. , 2018 . Learning to compare: relation network for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 1199 - 1208 . https://doi.org/10.1109/CVPR.2018.00131 https://doi.org/10.1109/CVPR.2018.00131

Thakkar A , Lohiya R , 2023 . Attack classification of imbalanced intrusion data for IoT network using ensemble-learning-based deep neural network . IEEE Int Things J , 10 ( 13 ): 11888 - 11895 . https://doi.org/10.1109/JIOT.2023.3244810 https://doi.org/10.1109/JIOT.2023.3244810

Vinyals O , Blundell C , Lillicrap T , et al. , 2016 . Matching networks for one shot learning . Proc 30 th Int Conf on Neural Information Processing Systems , p. 3637 - 3645 .

Wang QL , Wu BG , Zhu PF , et al. , 2020 . ECA-Net: efficient channel attention for deep convolutional neural networks . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 11531 - 11539 . https://doi.org/10.1109/CVPR42600.2020.01155 https://doi.org/10.1109/CVPR42600.2020.01155

Wang YH , Zhang ZY , Zhao KJ , et al. , 2024 . A few-shot learning based method for industrial Internet intrusion detection . Int J Inform Secur , 23 ( 5 ): 3241 - 3252 . https://doi.org/10.1007/s10207-024-00889-x https://doi.org/10.1007/s10207-024-00889-x

Wang YK , Xu CM , Liu C , et al. , 2020 . Instance credibility inference for few-shot learning . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 12833 - 12842 . https://doi.org/10.1109/CVPR42600.2020.01285 https://doi.org/10.1109/CVPR42600.2020.01285

Wang YX , Girshick R , Hebert M , et al. , 2018 . Low-shot learning from imaginary data . IEEE/CVF Conf on Computer Vision and Pattern Recognition , p. 7278 - 7286 . https://doi.org/10.1109/CVPR.2018.00760 https://doi.org/10.1109/CVPR.2018.00760

Wang ZM , Tian JY , Qin J , et al. , 2021 . A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data . Comput Intell Neurosci , 2021 : 7126913 . https://doi.org/10.1155/2021/7126913 https://doi.org/10.1155/2021/7126913

Xu CY , Shen JZ , Du X , 2020 . A method of few-shot network intrusion detection based on meta-learning framework . IEEE Trans Inform Forens Secur , 15 : 3540 - 3552 . https://doi.org/10.1109/TIFS.2020.2991876 https://doi.org/10.1109/TIFS.2020.2991876

Xu H , Wang YJ , 2022 . A continual few-shot learning method via meta-learning for intrusion detection . IEEE 4 th Int Conf on Civil Aviation Safety and Information Technology , p. 1188 - 1194 . https://doi.org/10.1109/ICCASIT55263.2022.9986665 https://doi.org/10.1109/ICCASIT55263.2022.9986665

Yan Y , Yang Y , Gu YH , et al. , 2023 . A few-shot intrusion detection model for the Internet of Things . 3 rd Int Conf on Electronic Information Engineering and Computer Science , p. 531 - 537 . https://doi.org/10.1109/EIECS59936.2023.10435498 https://doi.org/10.1109/EIECS59936.2023.10435498

Yan Y , Yang Y , Shen F , et al. , 2024 . Meta learning-based few-shot intrusion detection for 5G-enabled industrial Internet . Compl Intell Syst , 10 ( 3 ): 4589 - 4608 . https://doi.org/10.1007/s40747-024-01388-1 https://doi.org/10.1007/s40747-024-01388-1

Views

Downloads

CSCD

Alert me when the article has been cited

Submit

Tools

Publicity Resources

No data

Related Author

Robertas DAMAŠEVIČIUS

Sanjay MISRA

Rytis MASKELIŪNAS

Anand NAYYAR

Xiaoming Chen

Zhaobin Xu

Lin Shang

Musab Kamal

Related Institution

Department of Applied Informatics, Vytautas Magnus University

Department of Applied Data Science, Institute for Energy Technology, Halden

Department of Multimedia Engineering, Kaunas University of Technology

Graduate School, Faculty of Information Technology, Duy Tan University, Da Nang 550000, Viet Nam

College of Information Science and Electronic Engineering, Zhejiang University

Map

Chat

Address：Zhejiang University Press, 148 Tianmushan Road, Hangzhou, China Postal code：310028
Tel：+86-571-88273162 Email：fitee@zju.edu.cn
It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.

⁰