ADAPTIVE EDGE-IOT CYBERSECURITY FRAMEWORK USING REINFORCEMENT LEARNING AND LIGHTWEIGHT BLOCKCHAIN CONSENSUS FOR DYNAMIC THREAT MITIGATION

Abstract

Edge computing and IoT networks have become the front line of modern cyber threats. Unlike traditional cloud data centers, edge-IoT nodes operate with limited compute resources, unreliable connectivity, and heterogeneous data distributions, making conventional centralized intrusion detection impractical. This paper proposes RL-EdgeShield, an adaptive cybersecurity framework for edge-IoT cloud environments that combines three building blocks. First, a federated CNN intrusion detection model runs locally on edge nodes without sharing raw data. Second, a Deep Q-Network (DQN) reinforcement learning agent learns optimal threat mitigation actions (block, throttle, allow, alert) through trial-and-error interaction with the network environment, replacing static response rules with a dynamic policy that adapts to changing attack patterns. Third, a lightweight Practical Byzantine Fault Tolerance (PBFT) blockchain consensus layer replaces energy-intensive Proof-of-Work, cutting consensus energy by 90% and verification time by 75% while preserving tamper-proof logging and aggregation security. Experiments on the CICIDS2017 and BoT-IoT datasets with 5-fold cross-validation show a detection accuracy of 97.9% (± 0.28), automated threat response time of 45 ms (compared to 320 ms for rule-based systems), and stable scalability up to 25 edge nodes. The PBFT consensus reduced energy consumption by 88% relative to Proof-of-Work while maintaining a 99.1% verification success rate.