Network intrusion detection is a core component of modern cybersecurity infrastructure, yet the deep learning models that dominate the field are computationally demanding, motivating interest in lightweight alternatives suited to edge and neuromorphic deployment. Spiking Neural Networks (SNNs) are therefore a natural candidate, but their design space, spanning the choice of neuron model and spike encoding scheme, remains poorly characterized for intrusion detection. We bridge this gap by using a controlled ablation study using 9 neurons coupled with 3 spike encoding schemes, making 27 variants, all implemented on snntorch evaluated over raw inputs with limited preprocessing on four benchmark datasets (NSL KDD, KDDCup99, CIC-IDS2017, and CTU-13) with 5 seeds. We find that spike encoding scheme is a better determinant for detection quality than the neuron model, where rate and delta spike encodings perform worse than latency encoding over the sweep. The LeakyParallel neuron with latency encoding performed the best overall, averaging at 92.11% accuracy and 0.80 macro- F1 at a rate of 2.01% false positives averaged over all 4 datasets, with accuracy close to perfect for CIC-IDS2017 and CTU-13, and also performed the fastest on inference. These results highlight the potential of SNNs as a viable alternative to traditional methods of intrusion detection when considering low-latency or resource-constrained deployments.

翻译：网络入侵检测是现代网络安全基础设施的核心组成部分，然而主导该领域的深度学习模型计算需求较高，促使人们关注适用于边缘计算和神经形态部署的轻量级替代方案。脉冲神经网络因而成为天然候选，但其设计空间——涵盖神经元模型和脉冲编码方案的选择——在入侵检测场景下的特性尚缺乏系统性表征。我们通过一项受控消融实验填补这一空白：将9种神经元模型与3种脉冲编码方案两两组合，形成27个变体，全部基于snntorch框架实现，并在四个基准数据集（NSL KDD、KDDCup99、CIC-IDS2017和CTU-13）上对原始输入进行有限预处理后，使用5个随机种子进行评估。研究结果表明，脉冲编码方案对检测质量的决定作用优于神经元模型；在全面扫描中，速率编码与delta编码的表现均逊于延迟编码。采用延迟编码的LeakyParallel神经元综合表现最优，在全部四个数据集上平均达到92.11%的准确率、0.80的宏F1值，以及2.01%的误报率，其中对CIC-IDS2017和CTU-13数据集的准确率接近完美，且推理速度最快。这些结果凸显了在低延迟或资源受限部署场景下，脉冲神经网络作为传统入侵检测方法可行替代方案的潜力。