Volume 18, Number 1

Empirical Telemetry-based Metrics for Evaluating Honeypot Realism and Deception Effectiveness

  Authors

Teresita Noelia Nunez Migliorisi, University of Delaware, USA

  Abstract

Honeypots remain critical tools for cyber deception, adversarial observation, and proactive threat intelligence. However, despite decades of development, the field still lacks a standardized and empirically validated framework for assessing deception effectiveness. Existing studies rely heavily on raw connection counts or ad hoc indicators, limiting reproducibility, comparability, and operational relevance. This paper presents a telemetry-driven methodology for evaluating honeypot realism and deception effectiveness across measurable behavioral dimensions. Using both a baseline cloud honeynet and an Enhanced Realism-Driven Honeynet (ERDH) modeled on a healthcare research environment, it's empirically demonstrated that domain-consistent realism significantly increases attacker dwell time, interaction depth, behavioral diversity, and malware family richness

  Keywords

Honeypots, Deception, Engagement, Telemetry, Metrics, Evaluation, Standardization, NIST

Full Text    Volume 18

 

 

© AIRCC Publishing Corporation