From One to Many: Few-Shot Deep Ensembles for Slow DoS Attack Detection

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks remain among the most prevalent and damaging threats to modern cybersecurity systems, with stealthy variants such as slow DoS attacks posing additional challenges by evading conventional detection methods. While Deep Learning (DL)-based Intrusion Detection Systems (IDSs) offer promising capabilities for analyzing complex network traffic, their performance is often constrained by limited labeled data, noisy environments, and out-of-distribution samples. This paper presents a hybrid DL-based IDS framework that integrates unsupervised and supervised learning to enhance detection under label-scarce conditions. The proposed approach constructs an ensemble of unsupervised autoencoder (AE)-based detectors, combined through a supervised Mixture of Experts strategy trained on a small labeled subset. The resulting Mixture of Autoencoder Experts (MoAE 2) leverages a single AE model with varying threshold levels to create detectors of different sensitivities, ensuring a lightweight and computationally efficient solution. Experiments on a benchmark dataset confirm the effectiveness of the proposed method in detecting stealthy and evasive DoS attacks.