This work addresses the challenge of zero-day attack detection in unsupervised network intrusion detection. We introduce the first systematic investigation of hybrid quantum-classical autoencoders (HQCAEs) for this task. A unified experimental framework is proposed to quantitatively analyze the impact of quantum layer placement, measurement strategies, variational circuit architecture, and latent-space regularization on anomaly detection performance; gate-level noise modeling is further incorporated to assess practical feasibility. Empirical evaluation across three mainstream NIDS datasets demonstrates that the optimal HQCAE matches or surpasses classical baselines in conventional detection, while significantly outperforming both supervised and unsupervised methods under zero-day attack scenarios—indicating superior generalization and robustness. Crucially, we identify quantum hardware noise sensitivity as a critical bottleneck for real-world deployment. All code and configurations are publicly released.

Unsupervised anomaly-based intrusion detection requires models that can generalize to attack patterns not observed during training. This work presents the first large-scale evaluation of hybrid quantum-classical (HQC) autoencoders for this task. We construct a unified experimental framework that iterates over key quantum design choices, including quantum-layer placement, measurement approach, variational and non-variational formulations, and latent-space regularization. Experiments across three benchmark NIDS datasets show that HQC autoencoders can match or exceed classical performance in their best configurations, although they exhibit higher sensitivity to architectural decisions. Under zero-day evaluation, well-configured HQC models provide stronger and more stable generalization than classical and supervised baselines. Simulated gate-noise experiments reveal early performance degradation, indicating the need for noise-aware HQC designs. These results provide the first data-driven characterization of HQC autoencoder behavior for network intrusion detection and outline key factors that govern their practical viability. All experiment code and configurations are available at https://github.com/arasyi/hqcae-network-intrusion-detection.