Today, the evolution of attacks has made traditional defense methods insufficient for modern complex situations. Advanced Persistent Threats (APTs), characterized by their persistence, sophistication, and diversity, are often initiated by large, well organized, highly skilled hacker groups with clear objectives. Provenance-based Intrusion Detection Systems have become increasingly popular for their ability to detect sophisticated APTs attacks. Despite their potential, they face significant challenges related to accuracy, practicality, and scalability, especially in situations with insufficient training data. We propose PROVSHOT, the few-shot graph representation learning framework for intrusion detection system based on provenance data, combined with the Model-Agnostic Meta-Learning (MAML) algorithm to effectively classify malicious entities in scenarios with limited data. PROVSHOT incorporates semantic encoding of node attributes to enhance the representational capability of the nodes, helping the model make better predictions. We evaluate the model on three public datasets: StreamSpot, Unicorn and DARPA E3. The results indicate that PROVSHOT can accurately predict APT attack types across all datasets, even with limited data.