The present invention relates, in general, to data processing with respect to measuring, calibrating, or testing, and, in particular, to waveform analysis.
The study of the effects of a transmission channel on a message transmitted there through and the methods developed to minimize such effects came to be known as the field of information theory. Claude E. Shannon, in a paper entitled xe2x80x9cA Mathematical Theory of Communication,xe2x80x9d published in 1948 in Bell System Technical Journal, vol. 27, no. 4, pp. 379-423,623-656, introduced the concept of entropy in information theory. A message, prior to transmission, may be described as comprising n message elements xi, where i is an integer from 1 to n. The measure of the amount of information contained in the ith message element xi is defined as follows;
I(xi)=log1/p(xi)=xe2x88x92logp(xi),
where p(xi) is the probability of occurrence of the ith message element xi. The expected value of I(xi) is defined as follows.       H    ⁢          (      X      )        =                    ∑                  i          =          1                n            ⁢                        p          ⁢                      (                          x              i                        )                          ⁢                  I          ⁢                      (                          x              i                        )                                =          -                        ∑                      i            =            1                    n                ⁢                              p            ⁢                          (                              x                i                            )                                ⁢          log          ⁢                      xe2x80x83                    ⁢                      p            ⁢                          (                              x                i                            )                                          
H(X) is called the entropy distribution of p(xi) at the transmission source. If p(xi) is interpreted as the probability of the ith state of a system in phase space then H(X) is identical to the entropy of statistical mechanics and thermodynamics. In statistical mechanics, entropy is a measure of system disorder. In information theory, entropy is a measure of the uncertainty associated with a message source. The entropy at the destination of the transmission may be defined analogously as follows.       H    ⁢          (      Y      )        =                    ∑                  i          =          1                n            ⁢                        p          ⁢                      (                          y              i                        )                          ⁢                  I          ⁢                      (                          y              i                        )                                =          -                        ∑                      i            =            1                    n                ⁢                              p            ⁢                          (                              y                i                            )                                ⁢          log          ⁢                      xe2x80x83                    ⁢                      p            ⁢                          (                              y                i                            )                                          
With the proliferation of communication channels on a global scale, information theory has grown to include research to not only preserve the integrity of a message transmitted over a communication network but also to preserve the integrity of the communication network itself.
U.S. Pat. No. 5,278,901, entitled xe2x80x9cPATTERN-ORIENTED INTRUSION-DETECTION SYSTEM AND METHODxe2x80x9d; U.S. Pat. No. 5,557,742, entitled xe2x80x9cMETHOD AND SYSTEM FOR DETECTING INTRUSION INTO AND MISUSE OF A DATA PROCESSING SYSTEMxe2x80x9d; U.S. Pat. No. 5,621,889, entitled xe2x80x9cFACILITY FOR DETECTING INTRUDERS AND SUSPECT CALLERS IN A COMPUTER INSTALLATION AND A SECURITY SYSTEM INCLUDING SUCH A FACILITYxe2x80x9d; U.S. Pat. No. 5,796,942, entitled xe2x80x9cMETHOD AND APPARATUS FOR AUTOMATED NETWORK-WIDE SURVEILLANCE AND SECURITY BREACH INTERVENTIONxe2x80x9d; U.S. Pat. No. 5,931,946, entitled xe2x80x9cNETWORK SYSTEM HAVING EXTERNAL/INTERNAL AUDIT SYSTEM FOR COMPUTER SECURITYxe2x80x9d; and U.S. Pat. No. 5,991,881, entitled xe2x80x9cNETWORK SURVEILLANCE SYSTEM,xe2x80x9d each disclose a device and/or method of preserving the integrity of a communication network through the detection of intrusion and/or misuse of the communication network. However, none of these patents disclose a method of multi-dimensionally accentuating a deviation in a transmitted message and identifying the cause thereof as does the present invention. U.S. Pat. Nos. 5,278,901; 5,557,742; 5,621,889; 5,796,942; 5,931,946; and 5,991,881 are hereby incorporated by reference into the specification of the present invention.
It is an object of the present invention to multi-dimensionally accentuate any deviation in information and identify the cause thereof.
It is another object of the present invention to multi-dimensionally accentuate any deviation in information and identify the cause thereof by reducing to a manageable level the amount of information presented to a user.
It is another object of the present invention to multi-dimensionally accentuate any deviation in information and identify the cause thereof by reducing to a manageable level the amount of information presented to a user and describing the information with an entropy-based function, a temperature-based function, an energy-based function, or any combination of functions thereof.
The present invention is a method of multi-dimensionally accentuating any deviation in information and identifying the cause thereof by reducing to a manageable level the amount of information presented to a user and describing the information with an entropy-based function, a temperature-based function, an energy-based function, or any combination of functions thereof.
The first step of the method is receiving a set of information.
The second step of the method is selecting a subset of information from the set of information.
The third step of the method is defining initial states of interest.
The fourth step of the method is defining transition states of interest.
The fifth step of the method is initializing a vector and recording the same.
The sixth step of the method is selecting the first information segment.
The seventh step of the method is modifying the vector if the information segment contains an initial and transition state, otherwise stopping.
The eighth step of the method is selecting the next available information segment and returning to the seventh step for further processing, otherwise proceeding to the next step.
The ninth step of the method is recording a number of occurrences of each unique vector.
The tenth step of the method is determining the number of the least occurring vector.
The eleventh step of the method is dividing each occurrence number by the least occurring number.
The twelfth step of the method is determining an occupation time for each vector.
The thirteenth step of the method is calculating an inverse characteristic time for each unique vector.
The fourteenth step of the method is calculating at least one subset value for the subset of information using a temperature-based function, an entropy-based function, an energy-based function, or any combination thereof,
The fifteenth step of the method is setting a value vi for each initial and transition state.
The sixteenth step of the method is calculating a configuration value for each initial and transition state.
The seventeenth step of the method is selecting the subset of information then is available and next in sequence and returning to the vector modification step for further processing, otherwise proceeding to the next step.
The eighteenth step of the method is plotting the subset and configuration values.
The nineteenth step of the method is finding differences, if any, in the plotted values,
The twentieth, and last, step of the method is finding the information segments that correspond to the differences, if any.