This work addresses the vulnerability of consumer gateways to adaptive attackers who exploit timing and burst patterns in encrypted traffic to evade metadata-only detection mechanisms. To counter this threat, the authors propose NOS-Gate, a lightweight, streaming intrusion detection system that introduces network-optimized spiking (NOS) dynamics to gateway-level IDS for the first time. NOS-Gate dynamically constructs bistable units and scores metadata windows to trigger a reversible rate-limiting mechanism based on a K-of-M persistence rule, temporarily reducing the weight of suspicious flows within a weighted fair queuing scheduler. Evaluated under realistic conditions, the system achieves an event recall of 0.952 at a false positive rate of 0.1%, significantly outperforming baseline methods (0.857), while requiring only 2.09 microseconds per flow for scoring and effectively reducing p99.9 queuing and collateral latency.

Timing and burst patterns can leak through encryption, and an adaptive adversary can exploit them. This undermines metadata-only detection in a stand-alone consumer gateway. Therefore, consumer gateways need streaming intrusion detection on encrypted traffic using metadata only, under tight CPU and latency budgets. We present a streaming IDS for stand-alone gateways that instantiates a lightweight two-state unit derived from Network-Optimised Spiking (NOS) dynamics per flow, named NOS-Gate. NOS-Gate scores fixed-length windows of metadata features and, under a $K$-of-$M$ persistence rule, triggers a reversible mitigation that temporarily reduces the flow's weight under weighted fair queueing (WFQ). We evaluate NOS-Gate under timing-controlled evasion using an executable'worlds'benchmark that specifies benign device processes, auditable attacker budgets, contention structure, and packet-level WFQ replay to quantify queue impact. All methods are calibrated label-free via burn-in quantile thresholding. Across multiple reproducible worlds and malicious episodes, at an achieved $0.1%$ false-positive operating point, NOS-Gate attains 0.952 incident recall versus 0.857 for the best baseline in these runs. Under gating, it reduces p99.9 queueing delay and p99.9 collateral delay with a mean scoring cost of ~ 2.09 {\mu}s per flow-window on CPU.