"Digital DNA" to fight cyber crime

Published 6 November 2008

Scottish researchers develop what they call “digital DNA”: It is based on analyzing the way in which users access data on their computers and then creating a digital fingerprint that is unique to each user

Computer experts at Edinburgh’s Napier University have secured funding of £199,879 to help them pre-commercialize a digital fingerprinting and analysis software technique that could help companies crack down on computer fraud. The innovative patent-pending technology, called “digital DNA,” is based on analyzing the way in which users access data on their computers and then creating a digital fingerprint that is unique to each user. Jamie Graves, a research fellow at Napier’s School of Computing, explored the concept of digital DNA throughout his Ph.D.. Now, along with Professor Bill Buchanan, he has secured the two-year funding under the Scottish Enterprise Proof of Concept program to develop the software through to commercialization.

Graves believes that the digital DNA technique he has developed uses a particular metric that offers a far higher degree of proof probability that a certain person was behind any changes made to data. Criminal gangs are growing increasingly aware of the potential rewards of data theft. Court prosecutors, however, are seeking higher levels of proof when it comes to prosecuting data crime, particularly in areas such as auditing and compliance activity. “A weakness of the current system is that it is computer experts giving evidence on the basis that they believe a particular person accessed or changed data,” said Graves. “What the digital DNA will do is give a much greater measure of confidence to such actions. I can see it being very big in areas such as compliance and auditing where organizations have to show proof of their controls over sensitive data and access to it.”

Graves believes that the digital DNA software could help play a big part in reducing overall data crime. “We’ve demonstrated its effectiveness in the lab and the Proof of Concept funding will allow me to prove that effectiveness in the real world,” added Graves. Don Smith, technical director at Edinburgh-based DNS, one of Europe’s leading information security companies, said Napier’s DNA fingerprint is a novel and helpful approach to cutting through the existing layers of computer security monitoring. He said: “Napier’s DNA fingerprint technology is certainly promising in terms of innovation and looks to have the capability of providing precisely that evidential proof of change or intrusion. It is a completely new perspective on tracking activity and I am sure the industry will take a very close look at it.”