Research Article
Machine Learning-Driven Intrusion Detection with Forensic Readiness in Cloud-Native IoT Environments
Issue:
Volume 10, Issue 1, June 2026
Pages:
1-18
Received:
13 May 2026
Accepted:
22 May 2026
Published:
29 June 2026
DOI:
10.11648/j.ajece.20261001.11
Downloads:
Views:
Abstract: Cloud-native Internet of Things (IoT) environments combine connected devices, edge gateways, containerized services, Kubernetes orchestration, microservices, and cloud infrastructure. Although this architecture improves scalability and automation, it also expands the attack surface and complicates forensic investigation. Conventional intrusion detection systems often focus on detection accuracy but provide limited support for evidence preservation, chain-of-custody management, and incident timeline reconstruction. This study proposes and evaluates a machine learning-driven intrusion detection framework with forensic readiness for cloud-native IoT environments. The CICIoT2023 dataset was used to evaluate Logistic Regression, Decision Tree, Random Forest, XGBoost, and Autoencoder models under binary and multi-class classification settings using an 80: 20 train-test split and 5-fold cross-validation. Experimental results show that XGBoost achieved the best performance. In binary classification, it obtained 99.34% accuracy, 99.35% precision, 99.34% recall, 99.34% F1-score, and 99.89% ROC-AUC. In multi-class classification, it achieved 97.69% accuracy, 96.12% macro precision, 95.07% macro recall, 95.54% macro F1-score, and 97.65% weighted F1-score. The forensic readiness evaluation showed 96.15% Evidence Completeness Ratio, 100.00% Chain-of-Custody Completeness, 100.00% Evidence Integrity Score, 0.84-second average preservation latency, 98.72% Alert-to-Evidence Mapping Rate, 94.60% Timeline Reconstruction Success Rate, and 96.89% Investigation Readiness Index. The findings demonstrate that the proposed framework supports accurate intrusion detection and investigation-ready evidence preservation for cloud-native IoT security.
Abstract: Cloud-native Internet of Things (IoT) environments combine connected devices, edge gateways, containerized services, Kubernetes orchestration, microservices, and cloud infrastructure. Although this architecture improves scalability and automation, it also expands the attack surface and complicates forensic investigation. Conventional intrusion dete...
Show More
,
Hilary Onyeka Okonkwo
