To address the few-shot detection challenge for zero-day and low-frequency network attacks, this paper proposes a prototype learning framework based on multi-metric space fusion. The method jointly models attack representations in four distinct distance spaces—Euclidean, cosine, Chebyshev, and Wasserstein—and introduces a novel multi-metric constrained weighted fusion mechanism. Robust class prototypes are generated via Polyak momentum averaging. By synergistically optimizing the embedding space through episodic few-shot training and multi-distance metric learning, the framework significantly enhances generalization to unseen attacks. Evaluated on benchmark datasets, it achieves over 12% higher detection accuracy for novel and stealthy attacks compared to conventional methods, demonstrating superior effectiveness, robustness, and practical applicability in zero-day attack identification.

Network intrusion detection systems face significant challenges in identifying emerging attack patterns, especially when limited data samples are available. To address this, we propose a novel Multi-Space Prototypical Learning (MSPL) framework tailored for few-shot attack detection. The framework operates across multiple metric spaces-Euclidean, Cosine, Chebyshev, and Wasserstein distances-integrated through a constrained weighting scheme to enhance embedding robustness and improve pattern recognition. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Additionally, an episodic training paradigm ensures balanced representation across diverse attack classes, enabling robust generalization. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types, establishing it as a robust solution for zero-day attack detection.