Applying Machine Learning for Network Security Monitoring in Kubernetes Environments

Authors

  • Matvii Horskyi

Keywords:

Kubernetes, network security, machine learning, intrusion detection, federated learning, container networks, managed security control loop

Abstract

This article presents a systematic analysis of methodological approaches to applying machine learning for network security monitoring in Kubernetes environments, where the dynamic nature of containerized workloads, microservice architectures, and distributed observability significantly complicate attack detection and interpretation. The study is conducted as a review-and-analytical synthesis of peer-reviewed publications, summarizing architectural models, telemetry types, algorithmic approaches, and operational constraints without quantitative aggregation of results due to methodological heterogeneity of the sources. Particular attention is paid to the impact of Kubernetes network infrastructure on the properties of observed data, the role of non-identical and imbalanced distributions in distributed environments, and the limitations of classical centralized training schemes. The analysis shows that the prevailing practice of using ML-based intrusion detection systems is oriented toward isolated event detection and does not account for systemic telemetry distortions introduced by container network interfaces and the control plane. It is established that the greatest practical robustness is demonstrated by architectures based on hybrid data sources and federated learning algorithms, as well as two-tier schemes that separate anomaly detection from semantic interpretation. It is shown that the effectiveness of ML monitoring in Kubernetes is determined not so much by model complexity as by the degree of architectural integration into a managed security control loop encompassing observation, analysis, interpretation, and controlled response. The article will be useful for cybersecurity researchers, cloud platform architects, container security engineers, and specialists in operating distributed systems.

Author Biography

  • Matvii Horskyi

    Senior Software Engineer,Austin, TX, United States

References

[1]. Araujo, I., & Vieira, M. (2025). Enhancing intrusion detection in containerized services: Assessing machine learning models and an advanced representation for system call data. Computers & Security, 154, 104438. https://doi.org/10.1016/j.cose.2025.104438

[2]. Cohen, O. S., Malul, E., Meidan, Y., Mimran, D., Elovici, Y., & Shabtai, A. (2025). KubeGuard: LLM-assisted Kubernetes hardening via configuration files and runtime logs analysis. arXiv. https://doi.org/10.48550/arXiv.2509.04191

[3]. Dakić, V., Redžepagić, J., Bašić, M., & Žgrablić, L. (2024). Performance and latency efficiency evaluation of Kubernetes container network interfaces for built-in and custom tuned profiles. Electronics, 13(19), 3972. https://doi.org/10.3390/electronics13193972

[4]. Diana, L., Dini, P., & Paolini, D. (2025). Overview on intrusion detection systems for computers networking security. Computers, 14(3), 87. https://doi.org/10.3390/computers14030087

[5]. Doriguzzi-Corin, R., Sabel, P., Cretti, S., & Ranise, S. (2025). Federated learning in the wild: A comparative study for cybersecurity under non-IID and unbalanced settings. arXiv. https://doi.org/10.48550/arXiv.2509.17836

[6]. Kalafatidis, S., Papageorgopoulos, N., Kartakoullis, A., & Ledakis, G. (2025). LLM-enhanced intrusion detection for containerized applications: A two-tier strategy for SDN and Kubernetes environments. In F. Skopik, V. Naessens, & B. De Sutter (Eds.), Availability, reliability and security. ARES 2025. Lecture Notes in Computer Science (Vol. 15998). Springer. https://doi.org/10.1007/978-3-032-00642-4_4

[7]. Levy Rocha, S., Lopes de Mendonca, F. L., Staciarini Puttini, R., Rabelo Nunes, R., & Amvame Nze, G. D. (2023). DCIDS—Distributed container IDS. Applied Sciences, 13(16), 9301. https://doi.org/10.3390/app13169301

[8]. Morić, Z., Dakić, V., & Čavala, T. (2025). Security hardening and compliance assessment of Kubernetes control plane and workloads. Journal of Cybersecurity and Privacy, 5(2), 30. https://doi.org/10.3390/jcp5020030

[9]. Noor, K., Imoize, A. L., Li, C.-T., & Weng, C.-Y. (2025). A review of machine learning and transfer learning strategies for intrusion detection systems in 5G and beyond. Mathematics, 13(7), 1088. https://doi.org/10.3390/math13071088

[10]. Park, H., El Azzaoui, A., & Park, J. H. (2025). AIDS-based cyber threat detection framework for secure cloud-native microservices. Electronics, 14(2), 229. https://doi.org/10.3390/electronics14020229

Downloads

Published

2026-03-15

Issue

Vol. 57 No. 1 (2026)

Section

Articles

License

Copyright (c) 2026 Matvii Horskyi

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms

How to Cite

Matvii Horskyi. (2026). Applying Machine Learning for Network Security Monitoring in Kubernetes Environments. International Journal of Computer (IJC), 57(1), 131-151. https://www.ijcjournal.org/InternationalJournalOfComputer/article/view/2502