Cloud-internet of things (IoT)-enabled enterprise environments have become an integral part of modern infrastructures, but their increasing interconnectedness makes them vulnerable to sophisticated and rapidly evolving cyber threats. Existing methods for intrusion detection and threat intelligence often suffer from limitations such as high false alarms, low adaptability to new attacks, and computational overhead. To address these challenges, this paper presents an intelligent hybrid framework for threat detection and response in cloud-IoT-enabled enterprises. The proposed system adopts a two-stage architecture: an autoencoder (AE)-based anomaly detector serves as the first security layer to identify deviations from normal traffic behavior, while a convolutional neural network-long short-term memory (CNN-LSTM) model with an attention mechanism serves as the second layer to classify known attack categories with high accuracy. A response mechanism is further integrated to log events, assign severity scores, apply automated protections, and generate real-time alerts, transforming detection into proactive prevention. The system has been evaluated on the benchmark CSE-CIC-IDS2018 dataset, where the anomaly detector achieved an accuracy of 98.4% with a false positive rate of 2%, while the CNN-LSTM-Attention intrusion classifier achieved an accuracy of 99.42%.

Anomaly detection; Cloud–internet of things security; Cyberattack; Response mechanism; Threat intelligence