Deep learning-based intrusion detection systems rely on numerous training samples to achieve satisfactory detection rates. However, in the real-world Internet of Things (IoT) environments, the diversity of IoT devices and the subsequent fragmentation of attack types result in a limited number of training samples, which urgently requires researchers to develop few-shot intrusion detection systems. In this study, we propose a subspace-based approach for few-shot IoT intrusion detection systems to cope with the dilemma of insufficient learnable samples. The method is based on the principle of classifying metrics to identify network traffic. After feature extraction of samples, a subspace is constructed for each category. Next, the distance between the query samples and the subspace is calculated by the metric module, thus detecting malicious samples. Subsequently, based on the CICIoT2023 dataset we construct a few-shot IoT intrusion detection dataset and evaluate the proposed method. For the detection of unknown categories, the detection accuracy is 93.52% in the 5-way 1-shot setting, 92.99% in the 5-way 5-shot setting, and 93.65% in the 5-way 10-shot setting.

Intrusion detection system;Few-shot learning;Internet of Things;Subspace