Advanced　persistent　threat　(APT)　attack　leverages　various　intelligence-gathering　techniques　to　obtain　sensitive　and　critical　information,　imposing　increasing　threats　to　modern　software　enterprises.　However,　due　to　the　persistent　presence　of　APT　attacks,　it　is　difficult　to　effectively　analyze　a　large　amount　of　audit　data　for　detecting　such　attacks,　especially　for　small　and　medium-sized　enterprises　(SMEs).　This　limitation　hinders　security　operation　centers　(SOC)　from　promptly　handling　APT　attacks.　In　this　paper,　we　propose　an　attack　path-based　method　(APM)　for　APT　attack　detection　on　few-shot　learning.　Specifically,　APM　first　identifies　candidate　malicious　entities　from　the　provenance　graph,　contributing　to　the　completion　of　the　missing　attack　paths.　Secondly,　we　propose　a　systematic　method　to　exploit　potential　attack　behaviors　in　the　attack　path　based　on　the　identified　candidate　malicious　entities.　We　evaluate　APM　through　five　APT　attacks　in　realistic　environments.　Compared　to　existing　baselines,　the　precision,　recall,　and　F1-score　of　APM　for　attack　detection　increased　by　0.28%,　1.64%,　and　1.13%,　respectively.　The　results　show　that　our　proposal　can　outperform　baseline　approaches　and　effectively　detect　APT　attacks　based　on　few-shot　learning.