Adaptive Multi-Stage Cloud Intrusion Defence and Recovery via Hierarchical Feature Optimization and Federated Intelligence Sets

Abstract

Cloud computing underpins critical digital infrastructure, yet massive high-dimensional traffic and rapidly evolving threats make intrusion detection and recovery highly challenging. Conventional systems relying on static thresholds or single-stage feature selection often leave redundant attributes, blur attack signatures, and struggle with non-stationary cloud workloads. To overcome these limitations, an integrated adaptive defense and recovery pipeline is introduced with five tightly coupled components. The Hierarchical Self-Adaptive Dimensionality Optimizer (HSADO) builds a mutual Information and Pearson-correlation hierarchy, then applies recursive aggregation with dynamic signal-to-noise–driven entropy thresholds to prune irrelevant features, yielding a compact but information-rich representations. The Dual-Stream Contrastive Deep Anomaly Detector (DSCDAD) exploits supervised classification alongside contrastive embedding learning to sharpen class boundaries, achieving area-under-curve values exceeding 0.99 and significantly improving recall in the process. Its latent embeddings feed the Reinforcement Informed Risk Adaptation Engine (RIRAE), a deep Q-learning agent that converts detection confidence into rapid mitigation actions such as IP blocking and container isolation, cutting mean reaction time by roughly one-third. Building on these actions, the Federated Knowledge Graph Constructor for Threat Correlation (FKGC-TC) assembles privacy-preserving, transformer-based threat graphs to share attack patterns across cloud regions, accelerating collaborative detection sets. Finally, the Predictive Service Quality Stabilizer (PSQS) employs meta-learned regression with Bayesian optimization to forecast service degradation and dynamically reallocate resources, reducing recovery time by about 41 % and sustaining SLA compliance near 99 %. Spanning data reduction through predictive healing, this self-reinforcing architecture delivers durable, scalable, and autonomous cloud intrusion defense with superior accuracy, lower false-positive rates, and robust post-attack stabilizations.