An example apparatus configured to perform network deception may include processing circuitry configured to generate virtual instances of decoy resources residing within a defined host network for presentation to cyber attackers, control at least one software defined network switch to monitor network traffic directed to real and decoy resources of the defined host network, and route network traffic based on detected interactions with the decoy resources. The decoy resources may have differing levels of decoy fidelity, where decoy fidelity indicates a difficulty for a cyber attacker to determine that the resource is a decoy. Additionally, generating the virtual instances of decoy resources may be performed without modification to real assets or real services residing in the defined host network. Furthermore, decoy services may be made to appear on real network assets using software defined networking without modification to the real assets or real services residing in the defined host network.