Federated learning (FL) is attractive for cloud-edge intrusion detection because it enables collaborative training over distributed telemetry without centralizing raw logs. In production security analytics pipelines, however, only a subset of clients participates in each round, and heterogeneous bandwidth, stragglers, and dropouts can cause the server to rely on stale client information. This paper studies client participation as a timeliness-aware systems problem using Age of Information (AoI). We compare three lightweight policies for federated intrusion detection: AoI-first, utility-first, and a hybrid AoI+utility rule with a tunable trade-off parameter. Across a CIC-IDS2017 DDoS/PortScan mini subset, NSL-KDD, ToN-IoT, and a synthetic drift benchmark under clean, poisoning, and poisoning-plus-robust-aggregation settings, AoI-aware selection reduces average AoI by about 39--41% and peak AoI by about 70% relative to random sampling while keeping the per-round communication budget fixed. The hybrid policy usually preserves Macro-F1/AUC and provides an interpretable knob for balancing freshness, detection quality, and robustness, although it is not uniformly Pareto-dominant once false positive rate is included. Robustness is evaluated by combining AoI-guided selection with trimmed-mean aggregation under label-flip poisoning; the selection policy itself is not intended as a standalone Byzantine defense. The main practical message is that cloud-edge, privacy-preserving intrusion analytics can improve timeliness through a lightweight scheduling layer without changing the underlying FL participation budget.

翻译：联邦学习（FL）因能在无需集中原始日志的情况下，对分布式遥测数据进行协作训练，从而对云边入侵检测极具吸引力。然而，在生产级安全分析流水线中，每轮仅部分客户端参与，且异构带宽、落伍者及掉线问题可能导致服务器依赖于过时的客户端信息。本文利用信息年龄（Age of Information, AoI）将客户端参与问题作为时效性感知的系统问题进行研究。我们比较了三种面向联邦入侵检测的轻量级策略：AoI优先、效用优先，以及采用可调折衷参数的混合AoI+效用规则。在CIC-IDS2017 DDoS/PortScan迷你子集、NSL-KDD、ToN-IoT及合成漂移基准上，针对干净、中毒及中毒加鲁棒聚合设置，AoI感知选择在保持每轮通信预算固定的情况下，相较随机抽样平均AoI降低约39-41%，峰值AoI降低约70%。混合策略通常能维持Macro-F1/AUC，并提供可解释的旋钮以平衡新鲜度、检测质量和鲁棒性，但一旦加入假阳性率则并非统一帕累托最优。通过在标签翻转中毒下将AoI引导选择与修剪均值聚合相结合评估鲁棒性；该选择策略本身并非旨在作为独立的拜占庭防御。主要实践启示是：云边隐私保护入侵分析可通过轻量级调度层提升时效性，而无需改变底层FL参与预算。