Abstract
Kubernetes has emerged as the backbone of modern cloud-native environments, enabling efficient orchestration of containerized applications. However, its dynamic nature exposes it to sophisticated cyber threats, including privilege escalation, reconnaissance, and denial-of-service attacks. This paper presents a novel framework that combines real-time multi-class threat detection with adaptive deception to enhance Kubernetes security. The framework integrates KServe for scalable machine learning-based threat classification, CICFlowMeter for feature extraction, and KubeDeceive for dynamic deployment of decoys, all governed by the MAPE-K loop for continuous adaptation. Evaluations demonstrate high detection accuracy (up to 91%), efficient resource utilization, and effective attacker engagement, with decoy success rates reaching 93%. The results underscore the framework's ability to proactively mitigate threats, maintain system resilience, and provide actionable intelligence. This unified approach represents a scalable and adaptable defense mechanism for Kubernetes environments, catering to the needs of dynamic and resource-intensive cloud infrastructures.