Learning Fast to Detect Slow: A Few-Shot Neural Approach to Slow DoS Attack Detection

The increasing frequency and sophistication of Denial of Ser- vice (DoS) and Distributed Denial of Service (DDoS) attacks, pose sig- nificant challenges to modern cybersecurity systems. These threats are further complicated by stealthy variants such as slow DoS attacks, which often evade timely detection. While Deep Learning (DL)-based Intru- sion Detection Systems (IDSs) have shown promise in analyzing complex network traffic, their effectiveness is hindered by challenges like limited labeled data, noise, and the presence of Out-of-Distribution (OOD) sam- ples. This paper proposes a hybrid DL-based IDS framework (ENE4 ) that integrates unsupervised and supervised components to improve detection performance under label-scarce conditions. The unsupervised module extracts task-independent features from network traffic, while the supervised one learns task-specific representations. These comple- mentary features are fused to enable robust detection even in few-shot learning settings. Additionally, the model incorporates an adaptation mechanism to leverage knowledge from more frequent and related attack types, enhancing generalization to rare patterns. Experimental results on two standard benchmark datasets demonstrate the effectiveness and robustness of the proposed approach in detecting evasive DoS attacks.