Restrictive Deterrent Effects of a Warning Banner in an Attacked Computer System

David Maimon, Georgia State University
Bertrand Sobesto, University of Maryland at College Park
Michel Cukier, University of Maryland at College Park

To learn more about the Andrew Young School of Policy Studies and Evidence-Based Cybersecurity Reaserch visit and


System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on the deterrence perspective, we employ a large set of target computers built for the sole purpose of being attacked and conduct two independent experiments to investigate the influence of a warning banner on the progression, frequency, and duration of system trespassing incidents. In both experiments, the target computers (86 computers in the first experiment and 502 computers in the second) were set either to display or not to display a warning banner once intruders had successfully infiltrated the systems; 1,058 trespassing incidents were observed in the first experiment and 3,768 incidents in the second. The findings reveal that although a warning banner does not lead to an immediate termination or a reduction in the frequency of trespassing incidents, it significantly reduces their duration. Moreover, we find that the effect of a warning message on the duration of repeated trespassing incidents is attenuated in computers with a large bandwidth capacity. These findings emphasize the relevance of restrictive deterrence constructs in the study of system trespassing.