AI-Driven Hybrid Architecture for Secure, Reconstruction-Resistant Multi-Cloud Storage

Key findings from this study

• The study found that XGBoost and Random Forest achieved superior predictive accuracy for telemetry-guided fragment size prediction.
• The researchers demonstrate that cloud-only attack scenarios cannot yield data reconstruction without local vault fragments and encryption keys.
• The authors report that hybrid telemetry integrating real system traces and network metrics successfully validated model generalization under realistic operational conditions.

Overview

This study introduces an AI-driven hybrid architecture for secure multi-cloud storage that resists data reconstruction attacks. The system combines telemetry-guided dynamic fragmentation, AES-128 encryption, and distributed storage across independent cloud providers with local vault retention to enforce zero-trust access control.

Methods and approach

The architecture applies telemetry-guided fragmentation that dynamically predicts fragment sizes from real-time bandwidth, latency, memory availability, and disk I/O metrics. All payloads undergo compression and AES-128 encryption before dispersal across independent cloud providers, with two encrypted fragments retained in a VeraCrypt-protected local vault. Model evaluation progressed from synthetic telemetry to hybrid telemetry integrating Microsoft system traces and Cisco network metrics. XGBoost, Random Forest, Neural Network, and Linear Regression models underwent comparative analysis for predictive accuracy.

Results

XGBoost and Random Forest models achieved the highest predictive accuracy across all evaluations, while Neural Network and Linear Regression models demonstrated moderate performance. Hybrid telemetry integrating real system traces and network metrics validated model generalization under realistic operational variability. Security validation confirmed that partial-access and cloud-only attack scenarios cannot reconstruct data without both local vault fragments and the encryption key.

Implications

The telemetry-driven adaptive fragmentation approach enhances predictive reliability for fragment sizing decisions, reducing fixed-size fragmentation predictability. The distributed trust threshold enforced through local vault retention establishes a zero-trust framework that mitigates provider-side breach risks even if attackers access complete cloud-stored data. This architecture addresses the fundamental challenge of confidentiality and recoverability in multi-cloud environments by eliminating single-point-of-failure vulnerabilities.

Scope and limitations

This summary is based on the study abstract and available metadata. It does not include a full analysis of the complete paper, supplementary materials, or underlying datasets unless explicitly stated. Findings should be interpreted in the context of the original publication.