Modern network security systems have faced significant challenges from novel attacks with extreme data scarcity, known as few-shot learning problem (FSL). Meta-learning, particularly Prototypical Networks (ProtoNets), has emerged as a promising solution to this problem. However, ProtoNets rely on Euclidean distance to a single prototype, assuming isotropic and spherical class distributions. We argue that network traffic is too diverse for simple clusters; its complex feature distributions cause ``centroid misalignment'', where a single center cannot accurately represent the attack. To address this, we propose a Hybrid ProtoKNN method. By integrating a local KNN metric with the global prototypical objective, we relax the spherical constraint and effectively recover misaligned outliers. We evaluate our approach on the NSL-KDD and CIC-IDS2017 datasets. Experimental results in various few-shot scenarios demonstrate that our model significantly improves detection performance on rare and complex attack categories, such as U2R, R2L, and Heartbleed, compared to standard meta-learning methods.

S.K.K.Nandiraju,S.K.Chundru,M.S.V.Tyagadurgam, V. N. Gangineni, S. Pabbineedi, and A. B. Kakani, “Enhancing cybersecurity: Zero-day attack detection in network traffic with deep learning model,” Asian Journal of Research in Computer Science, vol. 18, no. 7, pp. 262–273, 2025.

R. Ahmad, I. Alsmadi, W. Alhamdani, and L. Tawal- beh, “Zero-day attack detection: a systematic literature review,” Artificial Intelligence Review, vol. 56, no. 10, pp. 10 733–10 811, 2023.

R.SommerandV.Paxson,“Outsidetheclosedworld:On using machine learning for network intrusion detection,” in Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2010, pp. 305–316.

P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion de- tection: Techniques, systems and challenges,” Computers & Security, vol. 28, no. 1-2, pp. 18–28, 2009.

A. Alshamrani, Y.-W. Chow, W. Susilo, J. Rosli, and K. Brewer, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 120, pp. 1–13, 2018.

J. Chen, C. Wang, Y. Hong, R. Mi, L.-J. Zhang, Y. Wu, H. Wang, and Y. Zhou, “A survey on anomaly detection with few-shot learning,” in International Conference on Cognitive Computing. Springer, 2024, pp. 34–50.

Y. A. Jerusha, S. S. Ibrahim, and V. Varadharajan, “A novel semantic driven meta-learning model for rare at- tack detection,” IEEE Access, 2025.

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009, pp. 1–6.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network anomaly detection: methods, systems and tools,” IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303–336, 2014.

J. Snell, K. Swersky, and R. Zemel, “Prototypical net- works for few-shot learning,” in Proceedings of the 31st International Conference on Neural Information Processing Systems (NIPS), 2017, pp. 4080–4090.

O.Vinyals,C.Blundell,T.Lillicrap,K.Kavukcuoglu,and D. Wierstra, “Matching networks for one shot learning,” in Proceedings of the 30th International Conference on Neural Information Processing Systems (NIPS), 2016, pp. 3630– 3638.

Y. Wang, Q. Yao, J. T. Kwok, and L. M. Ni, “Generalizing from a few examples: A survey on few-shot learning,” ACM Computing Surveys (CSUR), vol. 53, no. 3, pp. 1–34, 2020.

T. Cover and P. Hart, “Nearest neighbor pattern classifi- cation,” IEEE Transactions on Information Theory, vol. 13, no. 1, pp. 21–27, 1967.

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “To- ward generating a new dataset for cyber security in the cloud,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), 2018, pp. 403–412.

F. Sung, Y. Yang, L. Zhang, T. Xiang, P. H. S. Torr, and T. M. Hospedales, “Learning to compare: Relation network for few-shot learning,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018, pp. 1199–1208.

C. Finn, P. Abbeel, and S. Levine, “Model-agnostic meta- learning for fast adaptation of deep networks,” in Pro- ceedings of the 34th International Conference on Machine Learning (ICML), 2017, pp. 1126–1135.

C. Xu, J. Shen, X. Du, and F. Zhang, “A method of few- shot network intrusion detection based on meta-learning framework,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 3540–3552, 2020.

Y. Yu and N. Bian, “An intrusion detection method using few-shot learning,” IEEE Access, vol. 8, pp. 49 730–49 740, 2020.

V. L. Cao, T. M. Nguyen, and T. D. Le Dinh, “Few- Shot Learning with Discriminative Representation for Cyberattack Detection,” in Proceedings of the 2023 15th International Conference on Knowledge and Systems Engi- neering (KSE), 2023, pp. 1–6.

Z. Wu, S. Pan, F. Chen, G. Long, C. Zhang, and P. S. Yu, “A comprehensive survey on graph neural networks,” IEEE Transactions on Neural Networks and Learning Sys- tems, vol. 32, no. 1, pp. 4–24, 2021.

Y. Wang, Y. Sun, Z. Liu, S. E. Sarma, M. M. Bronstein, and J. M. Solomon, “Dynamic graph CNN for learning on point clouds,” ACM Transactions on Graphics (TOG), vol. 38, no. 5, pp. 1–12, 2019.

W. W. Lo, S. Layeghy, M. Sarhan, M. Gallagher, and M. Portmann, “E-GraphSAGE: A graph neural network based intrusion detection system for IoT,” in Proceedings of the IEEE/IFIP Network Operations and Management Sym- posium (NOMS), 2022, pp. 1–9.