Predictably Deterrable? The Case of System Trespassers

Document Type

Conference Proceeding

Publication Date



Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.


For a copy of the paper, please email David Maimon (dmaimon@gsu.edu)