This paper presents CADL (Cognitive-Adaptive Deception Layer), an adaptive deception framework achieving 99.88% detection rate with 0.13% false positive rate on the CICIDS2017 dataset. The framework employs ensemble machine learning (Random Forest, XGBoost, Neural Networks) combined with behavioral profiling to identify and adapt responses to network intrusions. Through a coordinated signal bus architecture, security components share real-time intelligence, enabling collective decision-making. The system profiles attackers based on temporal patterns and deploys customized deception strategies across five escalation levels. Evaluation on 50,000 CICIDS2017 test samples demonstrates that CADL significantly outperforms traditional intrusion detection systems (Snort: 71.2%, Suricata: 68.5%) while maintaining production-ready false positive rates. The framework's behavioral analysis achieves 89% accuracy in classifying attacker profiles. We provide open-source implementation and transparent performance metrics, offering an accessible alternative to commercial deception platforms costing $150-400 per host annually.

翻译：本文提出CADL（认知自适应欺骗层），一种自适应欺骗框架，在CICIDS2017数据集上实现了99.88%的检测率和0.13%的误报率。该框架采用集成机器学习（随机森林、XGBoost、神经网络）结合行为画像技术，以识别网络入侵并自适应响应。通过协调信号总线架构，安全组件共享实时情报，实现协同决策。系统基于时序模式对攻击者进行画像，并在五个升级层级部署定制化欺骗策略。在50,000个CICIDS2017测试样本上的评估表明，CADL显著优于传统入侵检测系统（Snort: 71.2%，Suricata: 68.5%），同时保持生产级误报率。该框架的行为分析在攻击者画像分类中达到89%准确率。我们提供开源实现和透明性能指标，为每年每主机成本150-400美元的商业欺骗平台提供了可替代的开放方案。