Detecting network attacks is becoming a challenging task given that they are getting more complex. Almost all modern security systems can identify attacks in the early and final, but not in the middle stages. This limitation is caused by the fact that the detection of the nature of an attacker requires a deep investigation of the attack pattern. It means that the detection of the attack after its occurrence is useless since the harm has already been inflicted. Early signs can give quite a lot of false positive results. Consequently, cyber deception strategies are applied to fill this gap and improve the blue team’s knowledge of the attackers’ fundamental strategy. This research introduces an integrated cyber deception system called TangleNet that incorporates reinforcement learning to build a research honeynet that simulates real servers and attacker activity. The outcome of the experimentation conducted using Microsoft’s CyberBattle platform and the Mininet library shows the level of deception of the cyber deception model is correlated to the number of commands executed by the attacker. This enhanced effectiveness extends the interactiveness time and allows for the tracking of potentially hostile entities with little dependency on human intervention.