Skip to main content
SpringerLink
Log in

Predictably Deterrable? The Case of System Trespassers

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11637))

Abstract

Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Furnell, S.: Cybercrime: Vandalizing the Information Society. Addison-Wesley, Boston (2002)

    MATH  Google Scholar 

  2. Online Trust Alliance: Data Protection and Breech: Readiness Guide. Online Trust Alliance (2014)

    Google Scholar 

  3. Storm, D.: MEDJACK: hackers hijacking medical devices to create backdoors in hospital networks. Computer World (2015). http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medical-devices-to-create-backdoors-in-hospital-networks.html

  4. Riffkin, R.: Hacking Tops List of Crimes Americans Worry about Most. Gallup Poll News Service (2014). http://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx

  5. The Comprehensive National Cybersecurity Initiative. The White House. www.whitehouse.gov

  6. Becker, G.: Crime and punishment: an economic approach. J. Polit. Econ. 76, 169–217 (1968)

    Article  Google Scholar 

  7. Gibbs, J.: Crime, Punishment, and Deterrence. Elsevier Scientific Publishing Company, New York (1975)

    Google Scholar 

  8. Harknett, R.: Information warfare and deterrence. Parameters 26, 93–107 (1996)

    Google Scholar 

  9. Harknett, R., Callaghan, J., Kauffman, R.: Leaving deterrence behind: war-fighting and national cybersecurity. J. Homel. Secur. Emerg. Manag. 7(1), 1–24 (2010)

    Google Scholar 

  10. Denning, D., Baugh, W.: Hiding crimes in cyberspace. In: Thomas, D., Loader, D. (eds.) Cybercrime: Law Enforcement, Security and Surveillance in the Information Age, pp. 105–132. Routledge, London (2000)

    Google Scholar 

  11. Goodman, W.: Cyber deterrence: tougher in theory than in practice? Strategic Studies Quarterly Fall, pp. 102–135 (2010)

    Google Scholar 

  12. Welsh, B., Farrington, D.: Making Public Places Safer: Surveillance and Crime Prevention. Oxford University Press, New York (2009)

    Book  Google Scholar 

  13. Welsh, B., Mudge, M., Farrington, D.: Reconceptualizing public area surveillance and crime prevention: security guards, place managers and defensible space. Secur. J. 23, 299–319 (2010)

    Article  Google Scholar 

  14. Nagin, D.: Deterrence in the twenty-first century. Crime Justice 42(1), 199–263 (2013)

    Article  MathSciNet  Google Scholar 

  15. Sherman, L.: Police crackdowns: initial and residual deterrence. In: Tonry, M., Morris, M. (eds.) Crime and Justice: An Annual Review of Research, vol. 12, pp. 1–48. University of Chicago Press, Chicago (1990)

    Article  Google Scholar 

  16. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800:30 (2002)

    Google Scholar 

  17. Png, I., Wang, Q.: Information security: facilitating user precautions vis-à-vis enforcement against attackers. J. Manag. Inf. Syst. 26, 97–121 (2009)

    Article  Google Scholar 

  18. Maimon, D., Alper, M., Sobesto, B., Cukier, M.: Restrictive deterrent effect of a warning banner in an attacked computer system. Criminology 52, 33–59 (2014)

    Article  Google Scholar 

  19. Jacobs, B., Cherbonneau, M.: Auto theft and restrictive deterrence. Justice Q. 31(2), 1–24 (2014)

    Article  Google Scholar 

  20. Jacobs, B.: Crack dealers’ apprehension avoidance techniques: a case of restrictive deterrence. Justice Q. 13, 359–381 (1996)

    Article  Google Scholar 

  21. Wright, R., Decker, S.: Burglars on the Job. Northeastern University Press, Boston (1994)

    Google Scholar 

  22. Clarke, R.V.: Situational crime prevention. Crime Justice 19, 91–150 (1995)

    Article  Google Scholar 

  23. Cozens, P., Love, T.: A review and current status of crime prevention through environmental design (CPTED). J. Plann. Lit. 30(4), 393–412 (2015)

    Article  Google Scholar 

  24. Ellsberg, D.: Risk, ambiguity, and the Savage axioms. Q. J. Econ. 75(4), 643–669 (1961)

    Article  Google Scholar 

  25. Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. Econometrica 47(2), 263–291 (1979)

    Article  MathSciNet  Google Scholar 

  26. Trautmann, S., Vieider, F., Wakker, P.: Causes of ambiguity aversion: known versus unknown preferences. J. Risk Uncertain. 36(3), 225–243 (2008)

    Article  Google Scholar 

  27. Becker, S., Brownson, F.: What price ambiguity? Or the role of ambiguity in decision-making. J. Polit. Econ. 72(1), 62–73 (1964)

    Article  Google Scholar 

  28. Jacobs, B.: Deterrence and deterrability. Criminology 48(2), 417–441 (2010)

    Article  Google Scholar 

  29. Baillon, A., Bleichrodt, H.: Testing ambiguity models through the measurement of probabilities for gains and losses. Am. Econ. J. 7(2), 77–100 (2015)

    Google Scholar 

  30. Engebretson, P.: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Elsevier, Waltham (2013)

    Google Scholar 

  31. National Institute for Standards and Technology: Recommended Security Controls for Federal Information Systems and Organization (U.S. Department of Commerce) (2009)

    Google Scholar 

Download references

Acknowledgements

This research was conducted with the support of the National Science Foundation Award 1223634.

Author information

Authors and Affiliations

  1. Department of Criminology and Criminal Justice, Georgia State University, Atlanta, USA

    David Maimon

  2. Department of Criminal Justice, University of Texas at San Antonio, San Antonio, USA

    Alexander Testa

  3. Division of Information Technology, University of Maryland, College Park, USA

    Bertrand Sobesto

  4. A. James Clark School of Engineering, University of Maryland, College Park, USA

    Michel Cukier

  5. College of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou, China

    Wuling Ren

Authors
  1. David Maimon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Testa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bertrand Sobesto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michel Cukier
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wuling Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Maimon .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Huazhong University of Science and Technology, Wuhan, China

    Jun Feng

  3. Fordham University, New York City, NY, USA

    Md Zakirul Alam Bhuiyan

  4. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Maimon, D., Testa, A., Sobesto, B., Cukier, M., Ren, W. (2019). Predictably Deterrable? The Case of System Trespassers. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11637. Springer, Cham. https://doi.org/10.1007/978-3-030-24900-7_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24900-7_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24899-4

  • Online ISBN: 978-3-030-24900-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation