Machine learning to determine domain reputation, content classification, phishing sites, and command and control sites

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/17/2025 has been entered. Status of Claims This action is in response to the amendments filed 12/17/2025. Claims 1, 8, 11, and 18 have been amended, claims 6-7, 16-17, and 20-26 have been cancelled, claims 27-29 have been added. Claims 1, 4-5, 8-9, 11, 14-15, 18-19, and 27-29 are currently pending. Response to Arguments Claims 6-7, 16-17, and 20-26 have been cancelled, therefore the rejections of claims 6-7, 16-17, and 20-26 no longer stand. In light of Applicant’s amendment and arguments regarding the written description rejection, the 112(a) rejection of claims 1, 4-9, 11, 14-19, and 21-26 has been withdrawn. Applicant’s arguments regarding the 101 rejection have been fully considered but they are not persuasive. Applicant states on pages 11-12 that “the claimed steps” including DGA detection, typosquatting detection, graph-based domain reputation, popularity-based time-decayed scoring, and historical WHOIS/DNS based scoring, “form a tightly integrated pipeline embedded in a cloud enforcement system that acts in response to score driven thresholds” as an argument that “the claims are note directed solely to an abstract idea”. Examiner notes that the elements of this pipeline, as well as the scoring and threshold selection, have not been claimed in such a way that reflects the required specific technical operations or at least distinguishes these operations from the way a person could perform them mentally. Applicant further argues on page 13 that operations described in the claims are not practically executable by a human, even with pen and paper, citing “thousands or millions of domains” and operations which “occur at the scale and velocity of modern web traffic” and “in environments where zero hour threats propagate within minutes”. Examiner notes that the claims do not require “thousands or millions of domains” or an environment where “zero hour threats propagate within minutes”. Applicant also argues that the claims “are significantly more than a judicial exception” and that the enforcement node is a “dedicated, non-generic component within the cloud enforcement architecture that performs live traffic inspection, executes decision tree structures for classification, applies real-time policy, and triggers enforcement actions based on live telemetry-driven scores”. Examiner notes that while the claims recite obtaining domain data from a “cloud-based system that performs real-time monitoring of a plurality of users across geographically distributed enforcement nodes” and “causing an enforcement node to perform an action” when the final reputation score indicates that a domain is malicious or benign, the claims do not require that the enforcement node performs live traffic inspection, executing decision tree structures, or application of “real-time policy”. Examiner further notes that claim 1 only requires “loading the domain in isolation”, and that while claim 27 recites loading the domain in a browser-isolation session separate from a device browser, that this does not change the interpretation supported by Meketa that loading a domain in isolation is a form of retrieving information from memory. The 101 rejections have been updated to include the amended limitations and to clarify the reasoning given for the limitations that were not amended. Applicant’s arguments regarding the prior art rejection have been fully considered but they are moot because of the new grounds of rejection. In response to applicant's arguments against the references individually on pages 17-22, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Applicant merely alleges that the prior art “cannot suggest the unique combination of steps outlined in the amended independent claims 1 and 11”. Examiner notes that the Chiba reference has been brought into the rejection of claim 1 to teach typosquatting detection, and that the Page refence has been brought in to the rejection of claim 1 to teach directed graph analysis for ranking domains based on determined outgoing and incoming links. The prior art rejections have been updated to include the amended limitations and to clarify the reasoning given for the limitations that were not amended. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1, 4-5, 8-9, 11, 14-15, 18-19, and 27-29 are rejected under 35 U.S.C. 101. Claims 1, 4-5, 8-9, and 27-29 are directed to a method, and claims 11, 14-15, and 18-19 are directed to a system; therefore, claims 1, 4-5, 8-9, 11, 14-15, 18-19, and 27-29 fall within one of the four statutory categories (i.e., process, machine, manufacture, or composition of matter). However, claims 1, 4-5, 8-9, 11, 14-15, 18-19, and 27-29 fall within the judicial exception of an abstract idea, specifically the abstract ideas of “Mental Processes” (including observation, evaluation, and opinion) and “Mathematical Concepts (including mathematical calculations and relationships)”. Claim 1: Claim 1 is directed to a method; therefore, the claim does fall within one of the four statutory categories (i.e., process, machine, manufacture, or composition of matter). Claim 1 recites the following abstract ideas: analyzing the domain with a plurality of components to assess the likelihood, the plurality of components comprising: lexical analysis including Domain Generation Algorithm (DGA) detection and typosquatting detection (mental step directed to observation, evaluation – a person could use lexical analysis to detect in their mind whether an observed domain contains the kind of random strings associated with the kind of URL typically generated by a domain generation algorithm and detect in their mind whether an observed domain contains the kind of typos that closely mimic an existing domain typically generated by a typosquatting method. Examiner notes that the claims do not require that the lexical analysis or detection algorithms are necessarily machine learning or artificial intelligence models); a domain reputation that constructs a directed graph of domains and penalizes the domain when an outgoing link from the domain points to a domain in a maintained set of known malicious domains and refrains from penalizing the domain based on incoming links from domains in the maintained set of known malicious domains (mental step directed to observation, evaluation – a person could perform lexical analysis on an observed domain in their mind, and determine the domain reputation an observed domain in their mind by constructing a directed graph of domains, potentially assisted by pen and paper (see MPEP 2106.04(a)(2)(III)), and adjusting the weights for a given domain in their mind when observed outgoing links point to known malicious domains or when incoming links are observed from known malicious domains); a popularity reputation computed by counting historic visits to the domain over time from the log data and assigning greater weight to more recent visits (mental step directed to observation, evaluation – a person could perform lexical analysis on an observed domain in their mind, and determine the popularity reputation of an observed domain in their mind by counting historic visits to a domain from observed log data and assigning greater weight to recent visits in their mind); a historical reputation determined using WHOIS records and passive Domain Name System (DNS) data associated with the domain, including at least one of a domain age, a DNS provider, a registrar, or an associated Autonomous System Number (ASN) (mental step directed to observation, evaluation – a person could perform lexical analysis on an observed domain in their mind, and determine the historical reputation of an observed domain in their mind using observed WHOIS record and DNS data associated with at least a domain age); wherein at least one of the plurality of components is a trained machine learning model (mental step directed to observation, evaluation – a person could analyze an observed domain in their mind to assess a likelihood that a domain is malicious or benign. As the claim does not further describe the trained machine learning model or how a trained machine learning model or other component would perform this domain analysis in such a way that excludes a mental step, the trained machine learning model and other components are interpreted as generic computer components. Using a plurality of components to perform this analysis, wherein at least one component is a trained machine learning model, is interpreted as mere instructions to apply the mental step using generic computer components (see MPEP 2106.05(f))); combining results of the plurality of components by computing a final reputation score from a weighted combination of component scores (mental step directed to observation, evaluation – a person could compute a final score from a weighted combination of observed or mentally determined component scores in their mind, potentially assisted by pen and paper. Examiner notes that the broadest reasonable interpretation of computing a final reputation score from a weighted combination of component scores also includes a mathematical calculation); dynamically adjusting the component weights based on the final reputation scores observed for a plurality of domains so that a distribution of the final reputation scores across the plurality approximates a Gaussian distribution (mental step directed to observation, evaluation – a person could adjust the component weights based on observed or determined final reputation scores in their mind, potentially assisted by pen and paper, such that the resulting scores would follow a Gaussian distribution. Examiner notes that this limitation could also be interpreted as adjusting the mathematical relationships between the different final reputation scores); selecting a threshold from the Gaussian distribution to constrain a set of domains classified as suspicious and forwarded for further analysis (mental step directed to observation, evaluation – a person could select a threshold from an observed or mentally determined Gaussian distribution in their mind to determine which domains should be mentally classified as suspicious and forwarded for further analysis. Wherein the threshold is selected to control a set of suspicious domains and forward them for further analysis is interpreted as the intended use of selecting the threshold, as the claim does not require actively “controlling” the set of domains or “forwarding them for further analysis”, and that this limitation does not provide further patentable weight). Claim 1 recites the following additional elements: receiving a domain for a determination of a likelihood the domain is malicious or benign; obtaining data associated with the domain including log data from a cloud-based system that performs real-time monitoring of a plurality of users across geographically distributed enforcement nodes; and in response to the final reputation score indicating that the domain is malicious or benign, causing an enforcement node to perform an action selected from blocking the domain and loading the domain in isolation. Receiving a domain and obtaining data are both interpreted as receiving data over a network. Examiner notes that the claim only requires one of causing an enforcement node to block a domain or load a domain in isolation. Causing an enforcement node to load a domain in isolation in response to a final reputation score indicating that the domain is malicious or benign is interpreted as retrieving information from memory in light of US 20130167150 A1 (Meketa), paragraph [0030] of which recites “Loading includes reading an encoded representation of the first application from a particular location, for example a network, disk or memory location. The particular isolation environment is designated based on information associated with the first application. For example, the particular location can be specified as a URL in the form prot://sub.domain.com/path/file.swf, and the particular isolation environment can be designated based on the URL of the application. In some implementations, a portion of the URL can designate a particular isolation environment, such that, for example, all applications from sub.domain.com are loaded using the same isolation environment”. Retrieving information from memory is interpreted as well-understood, routine, conventional activity. These additional elements do not integrate the abstract idea into a practical application or amount to significantly more (see MPEP 2106.05(d)(II)). The independent claims are not patent eligible. Dependent claims 4-9, 14-19, and 21-26 when analyzed as a whole are held to be patent ineligible under 35 U.S.C. 101 because the additional recited limitations fail to establish that the claims are not directed to an abstract idea, as they recite further embellishment of the judicial exception. Claim 4 recites wherein the action is determining whether the domain is a phishing site based on analyzing features of a Uniform Resource Locator (URL) of the domain and loading the URL to determine legitimacy of the domain. Determining whether the domain is a phishing site, analyzing features of a URL and determining legitimacy of a loaded URL are interpreted as mental steps directed to observation, evaluation – as a person could determine whether an observed domain is a phishing site in their mind, analyze features of an observed URL in their mind, and determine the legitimacy of an observed loaded URL in their mind. Loading a URL is interpreted as an additional element directed to transmitting data over a network and does not integrate the abstract idea into a practical application or amount to significantly more (see MPEP 2106.05(d)(II)). Claim 5 recites wherein the action is determining whether the domain is a command and control site based on an ensemble of a plurality of models. Determining whether the domain is a command and control site is interpreted as a mental step directed to observation, evaluation – as a person could determine whether an observed domain is a command and control site in their mind. As the claim does not further describe a plurality of models or how these models could be used to determine whether a domain is a command and control site, the models are interpreted as generic computer components used to merely apply the mental step (see MPEP 2106.05(f)). Claim 8 recites wherein the domain reputation that uses a directed graph analysis to rank the domain based on a number of links pointing to it and on a number of links in the domain pointing to known bad domains. Determining a domain reputation by using a directed graph analysis to rank a given domain based on a number of links pointing to it and a number of links in the domain pointing to known bad domains is interpreted as a mental step directed to observation, evaluation – as a person could determine a domain reputation in their mind (potentially assisted by pen and paper, see MPEP 2106.04(a)(2)(III)) by using a directed graph analysis to rank in their mind a domain based on a number of observed links pointing to the domain and a number of observed links in the observed domain pointing to known bad domains. Claim 9 recites wherein the trained machine learning model is trained using labeled log data from the cloud-based system. Training a model using labeled data is interpreted as supervised learning, which is further interpreted as well-understood, routine, conventional activity in light of US 20190190950 A1 (Senecal et al), paragraph [0046] of which recites “As is well-known, machine learning tasks are typically classified into several categories depending on the nature of the learning signal or feedback available to a learning system: supervised learning, unsupervised learning, and reinforcement learning. In supervised learning, the algorithm trains on labeled historic data and learns general rules that map input to output/target”. Using labeled log data from a cloud based system for this supervised learning is interpreted as selecting a particular type of data to be manipulated and the field of use or technological environment associated with the supervised learning, and does not integrate the abstract idea into a practical application or amount to significantly more (see MPEP 2106.05(g). Claim 14 is a system claim and its limitation is included in claim 4. Claim 14 is rejected for the same reasons as claim 4. Claim 15 is a system claim and its limitation is included in claim 5. Claim 15 is rejected for the same reasons as claim 5. Claim 18 is a system claim and its limitation is included in claim 8. Claim 18 is rejected for the same reasons as claim 8. Claim 19 is a system claim and its limitation is included in claim 9. Claim 19 is rejected for the same reasons as claim 9. Claim 27 recites wherein loading the domain in isolation comprises loading the domain in a browser-isolation session of the cloud-based system that is separate from a browser executing on a user device. Loading a domain in isolation is interpreted as retrieving information from memory in light of US 20130167150 A1 (Meketa), paragraph [0030] of which recites “Loading includes reading an encoded representation of the first application from a particular location, for example a network, disk or memory location. The particular isolation environment is designated based on information associated with the first application. For example, the particular location can be specified as a URL in the form prot://sub.domain.com/path/file.swf, and the particular isolation environment can be designated based on the URL of the application. In some implementations, a portion of the URL can designate a particular isolation environment, such that, for example, all applications from sub.domain.com are loaded using the same isolation environment”. Retrieving information from memory is interpreted as well-understood, routine, conventional activity. These additional elements do not integrate the abstract idea into a practical application or amount to significantly more (see MPEP 2106.05(d)(II)). Claim 28 recites wherein determining legitimacy of the loaded URL comprises inspecting a page title, copyright, metadata, and page text obtained via Optical Character Recognition (OCR) of a screenshot of the loaded page. Determining legitimacy of a loaded URL is interpreted as a mental step directed to observation, evaluation – a person could determine the legitimacy of an observed loaded URL in their mind by inspecting a page title, copyright, metadata, and page text obtained from OCR of a screenshot in their mind. Claim 29 recites wherein the ensemble comprises a URL model that analyzes lexical features of a hostname and an artifact model that analyzes web page content features, and a command and control (C2) model that combines outputs of the URL model and the artifact model, and wherein C2 predictions are aggregated over a rolling time window to increase confidence. Wherein an ensemble of components used to determine the likelihood that a domain is malicious includes a URL model that analyzes hostname features, and artifact model that analyzes web content features, and a command and control model that combines the outputs of the URL and artifact model is interpreted as a mental step directed to observation, evaluation – a person could perform lexical analysis on an observed domain and associated hostname features in their mind, analyze web content features in their mind, and combine the outputs of the mentally determined lexical analysis and web content feature analysis in their mind. Examiner notes that a person could also perform this analysis over time in their mind and mentally aggregate the predictions over a rolling window in their mind. Examiner further notes that the claims do not require that the URL model, artifact model, nor the command and control model are performed by machine learning or artificial intelligence models. Viewed as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself. Therefore, the claims are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4-5, 8-9, 11, 14-15, 18-19, 27, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Oprea et al (US 9838407 B2, herein Oprea) in view of Verma et al (US 20160344770 A1, herein Verma), in further view of Chiba et al (US 20200045077 A1, herein Chiba), in further view of Page et al (US 6285999 B1, herein Page), in further view of O’Leary et al (US 20160065535 A1, herein O’Leary), in further view of Chen et al (“App Isolation: Get the Security of Multiple Browsers with Just One”), herein Chen. Regarding claim 1, Oprea teaches a method comprising the steps of: receiving a domain for a determination of a likelihood the domain is malicious or benign (col. 5 lines 16-21 recite “The network security system 105 in this embodiment comprises a risk score generator 110. The risk score generator 110 is configured to facilitate the prevention of malware infection in the host devices 102 by determining malicious activity risk scores for respective external domains 111 that are outside of the enterprise firewall 109”. Col. 5 lines 48-52 recite “The risk score generator 110 in this embodiment comprises a data collector 112 and a regression model 114, and is configured to interact with a malicious domain identifier 116 coupled to a proactive malware infection prevention module 118”. Col. 5 lines 59-61 recite “The data collector 112 collects internal HTTP log data from the database 106 and also collects additional data from one or more of the external data sources 107” (i.e., receiving a domain to be analyzed as malicious or benign)); obtaining data associated with the domain including log data from a real-time cloud-based system that performs monitoring of a plurality of users across geographically distributed enforcement nodes (col. 4 lines 27-31 recite “The network security system 105 has an associated database 106 configured to store internal HTTP log data of the enterprise, as well as other types of information utilized in controlling access to protected resources and otherwise providing security within the computer network 100.” Col. 7 lines 53-55 recite “In step 200, internal log data of a computer network of an enterprise is obtained. Also, additional data is obtained from external data sources”. Col. 17 lines 38-45 recite “We resolve the IP addresses associated with monitored domains and map them into ASNs and countries according to Maxmind. We include the ASN and country as categorical features, and also the number of ASNs and countries as numerical features. Intuitively, higher diversity of ASNs and countries might indicate IP fluxing, a popular technique to hide the attackers' services or avoid being taken down by administrators”. Col. 23 lines 64-65 recite “portions of a computer network as disclosed herein illustratively comprise cloud infrastructure” (i.e., obtaining log data associated with domains from a geographically distributed cloud network that monitors users of an enterprise)); the plurality of components comprising: lexical analysis including Domain Generation Algorithm (DGA) detection [and typosquatting detection] (Oprea col. 21 lines 5-10 recite “we issue HTTP requests to the domain name to download the home page and check if malicious payload is embedded. If no valid web page is returned, we search for incident reports about the domain and also check if the domain is generated through a domain generation algorithm (DGA). A domain meeting one of these criteria is considered suspicious as well” (i.e., using Domain Generation Algorithm detection)); a [popularity] reputation computed by counting historic visits to the domain over time from the log data and assigning greater weight to more recent visits (col. 12 lines 15-21 recite “we obtained almost four months of HTTP log data collected by web proxies at the border of a large enterprise network with over 100,000 hosts. The logs include fields such as connection timestamp, IP addresses of the source and destination, full URLs visited, HTTP method, status code, UA string, and web referrer” (i.e., log data including historic visit counts). Col. 21 lines 5-13 recite “If no valid web page is returned, we search for incident reports about the domain and also check if the domain is generated through a domain generation algorithm (DGA) (i.e., performing lexical analysis on a domain). A domain meeting one of these criteria is considered suspicious as well. Moreover, since the proxy deployed at the enterprise perimeter assigns reputation scores for each URL, we leverage low reputation scores as an indication of suspicious activity” (i.e., determining the domain reputation). Col. 13 lines 8-13 recite “We obtained a dataset including HTTP logs collected from a large enterprise spanning the period from February 6 to March 31 and July 1 to Aug. 31, 2015. We used the two-month data from July and August for training and validating our models, and the data from February and March to augment the list of malicious domains”. Col. 13 lines 21-25 recite “We restrict our attention to recent domains in the dataset, which were first observed on the network within the previous two weeks. This choice is justified by the fact that the lifetime of most malicious domains is limited to several weeks” (i.e., valuing recent domains more than older domains)); and a historical reputation determined using WHOIS records and passive Domain Name System (DNS) data associated with the domain, including at least one of a domain age, a DNS provider, a registrar, or an associated Autonomous System Number (ASN) (Oprea col. 16 line 63 – col. 17 line 8 recite “Domain WHOIS information is a useful indication of malicious activity. Following this trail, we issue WHOIS lookups for all the monitored domains and extract registration/update/expiration dates and registrant email for detection. We compute the number of days since registration as registration age and the number of days till expiration as registration validity. Similarly, we compute the number of days since the latest update as update age and the number of days from update till expiration as update validity. Due to attackers' typical use of short-term domain registration to reduce operational cost, the age and validity of malicious domains are usually much shorter than those of legitimate ones” (i.e., analyzing the historical reputation of a domain based at least on the age of the domain)); and in response to the final reputation score indicating that the domain is malicious or benign, causing an enforcement node to perform an action [selected from blocking the domain and loading the domain in isolation] (col. 2 lines 32-37 recite “A subset of the domains are identified based on their respective malicious activity risk scores, and one or more proactive security measures are taken against the identified subset of domains. The malicious activity risk scores illustratively indicate likelihoods that the respective domains are associated with malware”. Col. 7 lines 48-52 recite “Steps 206 and 208 are examples of malicious domain identification and proactive prevention steps assumed to be performed by the malicious domain identifier 116 and proactive malware infection prevention module 118, respectively, of the network security system”. Col. 10 line 65 – col. 11 line 1 recite “Returning now to FIG. 2, the malicious activity risk scores generated for respective domains are processed in step 206 to identify a subset of the domains having malicious activity risk scores above a specified threshold”. Col. 11 lines 11-18 recite “In step 208, one or more proactive security measures are taken to prevent malware infection from the identified subset of domains. Steps 206 and 208 in the present embodiment provide one example of a manner in which one or more proactive measures are taken to prevent malware infection in one or more of the host devices based at least in part on the malicious activity risk scores” (i.e., causing a proactive enforcement module, or node, to perform an action when a reputation, or risk score indicates that a domain is malicious)). However, while Oprea teaches analyzing a domain with a trained machine learning model to assess the likelihood that the domain is malicious (see at least the regression model trained to identify malicious domains described in column 8), Oprea does not explicitly teach analyzing the domain with a plurality of components to assess the likelihood; determining a popularity reputation of a domain; combining results of the plurality of components by computing a final reputation score from a weighted combination of component scores. Verma teaches analyzing the domain with a plurality of components to assess the likelihood (para. [0045] recites “there is provided a computer-implemented method for detecting phishing attacks comprising the steps of receiving an email containing at least one link; separating the email into a link part, a header part and a body part; extracting information from the header part, link part and body part of the email; conducting text analysis to the body part of the email; conducting header analysis to the header part of the email; and conducting link analysis to the link part of the email; classifying the email based on results of text analysis, header analysis and link analysis. In this embodiment, a message ID and subject information is extracted from header part of the email”. Para. [0053] recites “the link part analysis comprises web searching, batch machine learning method, online machine learning method or a combination thereof. The web searching comprises searching information extracted from the body part link part of the email through Internet, or searching a public phishing blacklist” (i.e., analyzing domains with a combination, or plurality of components such as web searching and machine learning to predict whether a given domain is malicious)); combining results of the plurality of components by computing a final reputation score from a weighted combination of component scores (para. [0059] recites “Majority voting is used as opposed to considering certain weight factors for each of the individual classifiers in order to assign an equal importance to each of the classifiers”. Para. [0101] recites “As shown in FIG. 5, the first step in the protocol of the embodiment may be parsing: where PhishSnag accepts an incoming email from the MTA and proceeds to parse it into its constituent components: header 501 and links. Then, a header analysis subroutine 502 is performed to the header of the email. If the email is HTML encoded 503, as indicated by the header, the HTML email body may then be decoded to plain text 504 and proceed to the email parser 505. If the email is not HTML encoded, it is directly sent to the email parser 505. After the Email is further parsed in to link and text, a link analysis subroutine 506 and a text analysis subroutine 507 are performed. A combined Phishing score 508 is calculated to determine the final label 509 for the email” (i.e., combining results of a plurality of components to generate a final reputation score)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by utilizing the combination of link analysis components from Verma to improve the malicious activity detection method from Oprea. Oprea and Verma are both directed to detecting malicious activity from web domains. Oprea teaches in column 5 that “embodiments of the invention can be configured to detect additional or alternative types of malicious activity not necessarily related to malware infection” and teaches in column 8 that its malicious activity model is not limited to a regression model and that other kinds of model may be used. Verma teaches that regression models may be used in the plurality of link, or path, analysis classification methods in at least paragraph [0175]. As such, one of ordinary skill in the art would be motivated to supplement the regression model from Oprea with the additional link analysis classification methods from Verma to detect additional or alternative types of malicious activity. However, the combination of Oprea and Verma does not explicitly teach typosquatting detection. Chiba teaches typosquatting detection (para. [0085] recites “FIG. 6 is a diagram illustrating an example of a result obtained when the attack countermeasure means determination unit 12 illustrated in FIG. 1 specifies and assigns the corresponding category to each domain name input to the domain name input unit 11. In FIG. 6, the category includes "advertisement", "CDN", "Web hosting", "DGA", "re-registration", "sinkhole", "parking", "typosquatting", "no-content", "dynamic DNS", "free", and "domain name hosting"” (i.e., detecting a typosquatting domain)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by supplementing the malware detection system from Oprea (as modified by Verma) with the typosquatting detection method from Chiba. Oprea and Chiba are both directed to methods of detecting malicious activity in web domains. As Oprea states in column 5, lines 44-47 “embodiments of the invention can be configured to detect additional or alternative types of malicious activity not necessarily related to malware infection”, one of ordinary skill in the art would be motivated to improve the malware detection system from Oprea to detect additional kinds of malicious activity associated with typosquatting as taught by Chiba. However, while Oprea teaches determining that a domain can be malicious based at least in part on reputation (see at least column 16 line 63 – column 17 line 21 and column 21 lines 5-13), the combination of Oprea, Verma, and Chiba does not explicitly teach a domain reputation that constructs a directed graph of domains and penalizes the domain when an outgoing link from the domains points to domain in a maintained set of known [malicious] domains and refrains from penalizing the domains based on incoming links from domains in the maintained set of known [malicious] domains. Page teaches a domain reputation that constructs a directed graph of domains and penalizes the domain when an outgoing link from the domains points to domain in a maintained set of known [malicious] domains and refrains from penalizing the domains based on incoming links from domains in the maintained set of known [malicious] domains (col. 4 lines 12-16 recite “According to one embodiment of the present method of ranking, the backlinks from different pages are weighted differently and the number of links on each page is normalized”. Col. 8 lines 9-18 recite “a ranking method according to the invention is integrated into a web search engine to produce results far superior to existing methods in quality and performance. A search engine employing a ranking method of the present invention provides automation while producing results comparable to a human maintained categorized system. In this approach, a web crawler explores the web and creates an index of the web content, as well as a directed graph of nodes corresponding to the structure of hyperlinks. The nodes of the graph (i.e. pages of the web) are then ranked according to importance” (i.e., using directed graph analysis to rank, or penalize, a domain based on a weighted number of links pointing back to the domain and a number of links in the whole domain)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by utilize the domain ranking directed graph analysis method from Page to modify the domain reputation determination from Oprea in combination with the other phishing detection components from Verma (as additionally modified by Chiba). Oprea, Verma, and Page are all directed to methods of web domain analysis; as such, one of ordinary skill in the art would have been motivated to modify the methods of storing a database of links and determining the popularity of the stored links described in paragraph [0108] in Verma with the directed graph from Page to show additional relationships between links that would better determine which links are legitimate. However, the combination of Oprea, Verma, Chiba, and Page does not explicitly teach dynamically adjusting the component weights based on final reputation scores observed for a plurality of domains so that a distribution of the final reputation scores across the plurality approximates a Gaussian distribution, and selecting a threshold from the Gaussian distribution to constrain a set of domains classified as suspicious and forwarded for further analysis. O’Leary teaches dynamically adjusting the component weights based on final reputation scores observed for a plurality of domains so that a distribution of the final reputation scores across the plurality approximates a Gaussian distribution, and selecting a threshold from the Gaussian distribution to constrain a set of domains classified as suspicious and forwarded for further analysis (para. [0008] recites “The DNS data can be processed to obtain multiple metric values for each of the domain names. The metric values can include a query count (QC), a client count (CC), and a network count (NC). Furthermore, the method calculates a score for each of the domain names based on the metric values. The calculation can be based on applying the following equation to the metric values: Score=NC·CC·(1 + log(QC)). Furthermore, the method can rank the domain names based on the score for each of the domain names. The ranking can be based on normalization of the scores or converting the scores of the domain names into percentile ranks”. Para. [0037] recites “The ranking system 120 can be configured to process the received DNS data by retrieving domain names and certain metric values including QC, CC, and NC for each domain name. The metric values can be then combined into a single metric, which can be referred to as a score”. Para. [0038] recites “Those skilled in the art will appreciate that other equations can also be used for calculating the score. Moreover, in certain embodiments, the metric values or the score can be used for filtering the DNS data”. Para. [0043] recites “when the ranking system 120 calculates scores for a plurality of the domain names of the DNS data, the scores can be optionally converted or normalized. The normalization can remove the variation caused by changes in the DNS data and also simplify the process of setting thresholds and cut-off values in further data analysis”. Para. [0059] recites “The ranking can include normalization of the scores and sorting the scores based on one or more predetermined rules. Furthermore, the ranks of the domain names can be outputted, sent to third parties (e.g., IPSs 115), visualized, displayed, used in further analysis or processing”. Para. [0024] recites “Once the scores for the domain names are calculated, the scores can be, optionally, normalized and/or converted into percentile ranks” (i.e., adjusting weights of the domain ranking, or reputation scores to ensure a Gaussian distribution and selecting a threshold for sorting domains based on the normal, or Gaussian distribution of reputation scores. Examiner further notes that wherein the threshold is selected to control a set of suspicious domains and forward them for further analysis is interpreted as the intended use of selecting the threshold, as the claim does not require actively “controlling” the set of domains or “forwarding them for further analysis”, and that this limitation does not provide further patentable weight)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by using the method of normalizing domain scores from O’Leary to adjust the domain risk scores from Oprea (as modified by Verma, Chiba, and Page) to have a normal, or Gaussian distribution. Oprea and O’Leary are both directed to domain analysis methods, and O’Leary teaches in paragraph [0038] that other methods, such as the risk score calculations from Oprea, can be used for calculating the domain score. As O’Leary also teaches in paragraph [0025] that the rank information can be used for identifying high-risk domains, botnets, distributed denial-of service (DDoS) attacks, malicious domain names, phishing domain names, anomaly domain names, suspicious domain names, and so forth, one of ordinary skill in the art would understand how to combine the method of determining suspicious domains from Oprea with the domain score normalization method from O’Leary. However, the combination of Oprea, Verma, Chiba, Page, and O’Leary does not explicitly teach wherein the action is causing a block of the domain or causing the domain to be loaded in isolation. Chen teaches wherein the action is causing a block of the domain or causing the domain to be loaded in isolation (section 3.2 para. 6 recites “we prevent untrusted third parties from making requests to vulnerable parts of these web sites. We isolate the persistent and in-memory state of these sites from other sites. Because our approach works best with “app-like" web sites that contain sensitive user data and few cross-site interactions, we refer to this approach as app isolation” (i.e., denying access, or blocking an untrusted domain and loading domains in isolation)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by using the domain isolation and blocking methods from Chen to block the detected malicious domains from Oprea (as modified by Verma, Chiba, Page, and O’Leary). Oprea and Chen are both directed to methods of detecting malicious web activity. Oprea teaches that proactive security measures should be taken in step 208 of figure 2, and states in column 11, lines 30-31 that “numerous other types of proactive security measures can be taken in other embodiments”. One of ordinary skill in the art would recognize that the blocking and domain isolations techniques from Chen are other types of proactive security measures that could be taken when malicious domain activity is detected by Oprea. Regarding claim 4, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 1, wherein the action is determining whether the domain is a phishing site based on analyzing features of a Uniform Resource Locator (URL) of the domain (Verma para. [0045] recites “a computer-implemented method for detecting phishing attacks comprising the steps of receiving an email containing at least one link; separating the email into a link part, a header part and a body part; extracting information from the header part, link part and body part of the email; conducting text analysis to the body part of the email; conducting header analysis to the header part of the email; and conducting link analysis to the link part of the email; classifying the email based on results of text analysis, header analysis and link analysis. In this embodiment, a message ID and subject information is extracted from header part of the email” (i.e., detecting whether a domain or link is associated with phishing). Verma para. [0152] recites “A collection of N-gram character frequencies is proposed to be used instead of a bag of words. The N represents the length of the character substring. Character N-Grams. Researchers have previously used normalized English single-letter frequencies in a URL as a collection of features for their phishing URL classier. Since this could be easy to evade, this idea is generalized by expanding to include the normalized character frequencies for all ASCII characters from ASCII code 33 to 122 excluding capital letters because the URLs is in lower case” (i.e., analyzing features of a domain or link)) and loading the URL to determine legitimacy of the domain (Oprea col. 21 lines 3-5 recite “we issue HTTP requests to the domain name to download the home page and check if malicious payload is embedded” (i.e., loading the URL to determine whether the domain is malicious or legitimate)). Regarding claim 5, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 1, wherein the action is determining whether the domain is a command and control site based on an ensemble of a plurality of models (Oprea col. 8 lines 41-49 recite “The malicious activity risk scores indicate likelihoods that the respective domains are associated with malware. For example, the domains may be sources of malware. Additionally or alternatively, the domains may comprise mal ware-controlled domains. As a more particular example, a domain associated with malware may comprise a command-and-control ("C&C") domain that malware on an enterprise host communicates with in order to receive further instructions” (i.e., determining whether a domain is a command and control site). Verma para. [0053] recites “the link part analysis comprises web searching, batch machine learning method, online machine learning method or a combination thereof. Exemplary online machine learning methods include, but are not limited to Perceptron, Averaged Perceptron, Passive Aggressive, Passive-Aggressive I, Passive-Aggressive II, Confidence Weighted, or a combination thereof” (i.e., multiple kinds of models can be used to determine whether a domain is a kind of malicious domain, such as the command and control domain described in Oprea)). Regarding claim 8, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 1, wherein the domain reputation uses a directed graph analysis to rank the domain based on a number of links pointing to it and on a number of links in the domain pointing to known bad domains (col. 4 lines 12-16 recite “According to one embodiment of the present method of ranking, the backlinks from different pages are weighted differently and the number of links on each page is normalized”. Col. 8 lines 9-18 recite “a ranking method according to the invention is integrated into a web search engine to produce results far superior to existing methods in quality and performance. A search engine employing a ranking method of the present invention provides automation while producing results comparable to a human maintained categorized system. In this approach, a web crawler explores the web and creates an index of the web content, as well as a directed graph of nodes corresponding to the structure of hyperlinks. The nodes of the graph (i.e. pages of the web) are then ranked according to importance” (i.e., using directed graph analysis to rank a domain, such as the malicious domains from Oprea, based on a weighted number of links pointing back to the domain and a number of links in the whole domain)). Regarding claim 9, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 1, wherein the trained machine learning model is trained using labeled log data from the cloud-based system (Oprea col. 8 lines 21-24 recite “In step 204, the extracted values are applied to a regression model based on the internal and external features to generate malicious activity risk scores for respective domains”. Col. 8 lines 50-58 recite “In some embodiments, the regression model 114 is trained on a training set that comprises a plurality of benign or unclassified domains and a plurality of domains previously classified as malicious domains but that excludes a global whitelist of popular domains. Such an arrangement facilitates the detection of domains associated with malicious activity from a potentially very large number of unknown domains” (i.e., the model is trained using previously classified, or labeled domains such as the HTTP data described in at least column 5)). Claim 11 is a system claim and its limitation is included in claim 1. The only difference is that claim 11 requires a system. Therefore, claim 11 is rejected for the same reasons as claim 1. Claim 14 is a system claim and its limitation is included in claim 4. Claim 14 is rejected for the same reasons as claim 4. Claim 15 is a system claim and its limitation is included in claim 5. Claim 15 is rejected for the same reasons as claim 5. Claim 18 is a system claim and its limitation is included in claim 8. Claim 18 is rejected for the same reasons as claim 8. Claim 19 is a system claim and its limitation is included in claim 9. Claim 19 is rejected for the same reasons as claim 9. Regarding claim 27, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 1, wherein loading the domain in isolation comprises loading the domain in a browser-isolation session of the cloud-based system that is separate from a browser executing on a user device (Chen section 3.2 para. 6 recites “we prevent untrusted third parties from making requests to vulnerable parts of these web sites. We isolate the persistent and in-memory state of these sites from other sites. Because our approach works best with “app-like" web sites that contain sensitive user data and few cross-site interactions, we refer to this approach as app isolation”. Section 4 para. 5 recites “To avoid attacks that grant the privileges of the entire origin to each resource, the browser can instead bootstrap app isolation using a file at a well-known location that can only be accessed by the legitimate owner of the origin. The host-meta mechanism is designed for exactly this reason. With host-meta, the owner of the origin creates an XML file containing app isolation meta data located at /.well-known/host-meta. This meta data can include configuration information, such as a list of acceptable entry points. Because host-meta should be controllable only by the legitimate owner of the origin, an adversary controlling only a directory will not be able to influence the app isolation policy for the entire origin” (i.e., loading the domain in a separate browser-isolation session)). Regarding claim 29, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 5, wherein the ensemble comprises a URL model that analyzes lexical features of a hostname and an artifact model that analyzes web page content features, and a command and control (C2) model that combines outputs of the URL model and the artifact model (Oprea col. 15 lines 7-17 recite “To bypass the common policies established by enterprise proxies and firewalls, malware is increasingly designed to communicate with external destinations (e.g., command-and-control or "C&C" servers) by manipulating URLs. URL path (the substring after domain name), folders (strings segmented by '/' within path and we denote the number of such strings as URL depth), file name, extension, parameters and fragment fields are all popular attributes to update host status or exfiltrate host configurations. Therefore, we calculate the overall statistics per URL for these attributes, and consider high values as an indication of suspicious activity”. Oprea col. 16 lines 49-55 recite “A large number of content types on a domain suggests the domain might not be used to deliver regular web content. Moreover, certain content types (e.g., .exe and .jar) have higher associations with malware and exploits. To capture this, we consider the number and fraction of URLs within each category” (i.e., modeling lexical features of a URL hostname and web page content features to determine whether a domain is a command and control server)), and wherein C2 predictions are aggregated over a rolling time window to increase confidence (Oprea col. 14 lines 11-16 recite “For all resulting domains, we extract the features detailed below. Aggregated features (e.g., number of distinct user agent strings, average URL length or depth, maximum number of connections) are computed over all connections to a domain established in the two-week interval after the domain was first observed in the enterprise” (i.e., aggregating predictions over time windows)). Claim 28 is rejected under 35 U.S.C. 103 as being unpatentable over Oprea et al (US 9838407 B2, herein Oprea) in view of Verma et al (US 20160344770 A1, herein Verma), in further view of Chiba et al (US 20200045077 A1, herein Chiba), in further view of Page et al (US 6285999 B1, herein Page), in further view of O’Leary et al (US 20160065535 A1, herein O’Leary), in further view of Chen et al (“App Isolation: Get the Security of Multiple Browsers with Just One”), herein Chen, in further view of Yang et al, (CN 106789939 B, herein Yang). Regarding claim 28, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen teaches the method of claim 4, wherein determining legitimacy of the loaded URL comprises inspecting a page title, [copyright, metadata[, and page text (Page col. 8 lines 6-8 recite “Another important application and embodiment of the present invention is directed to enhancing the quality of results from web search engines”. Page col. 8 lines 14-16 recite “a web crawler explores the web and creates an index of the web content, as well as a directed graph of nodes corresponding to the structure of hyperlinks”. Page col. 8 lines 21-23 recite “The search engine is used to locate documents that match the specified search criteria, either by searching full text, or by searching titles only” (i.e., inspecting a page title and page text of a URL)). However, the combination of Oprea, Verma, Chiba, Page, O’Leary, and Chen does not teach inspecting a copyright and metadata obtained via Optical Character Recognition (OCR) of a screenshot of the loaded page. Yang teaches inspecting a copyright and metadata obtained via Optical Character Recognition (OCR) of a screenshot of the loaded page (pg. 9 para. 2 recites “the mark to be detected corresponding to the URL in the web page source code attribute class keyword from the web page source code corresponding to the URL to be detected in <METAname = "Keywords"/"Description" CONTENT attribute "Copyright" > the extracted mark, mark, and optionally, corresponding to the URL to be detected in the webpage source code input of marking keyword from the web page source code corresponding to the URL to be detected, such as mark extracted. at the same time considering the part of phishing website using the screen shot to the layout, the attribute key word and the input key word when extracting will be synchronously extracted by optical character recognition (OCR) of the character recognition in the image” (i.e., inspecting a copyright and metadata of a webpage obtained via OCR of a screenshot)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine these teachings by supplementing the malware detection system from Oprea (as modified by Verma, Chiba, Page, O’Leary, and Chen) with the screenshot analysis method from Yang. Oprea and Yang are both directed to methods of detecting malicious activity in web domains. As Oprea states in column 5, lines 44-47 “embodiments of the invention can be configured to detect additional or alternative types of malicious activity not necessarily related to malware infection”, one of ordinary skill in the art would be motivated to improve the malware detection system from Oprea to detect additional kinds of malicious activity associated with copyright or other metadata inspection from screenshots of webpages associated with a given domain from Yang. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20210203693 A1 (Clausen et al) teaches a method for phishing detection based on modeling of web page content utilizing at least screenshot analysis in combination with other methods. US 10021133 B1 (Lakshmanan et al) teaches a method for detecting a phishing site is disclosed wherein copyright, patent, brand, trademark, and other intellectual property registration information from a website can be analyzed. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEAH M FEITL whose telephone number is (571) 272-8350. The examiner can normally be reached on M-F 0900-1700 EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Viker Lamardo can be reached on (571) 270-5871. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /L.M.F./ Examiner, Art Unit 2147 /VIKER A LAMARDO/Supervisory Patent Examiner, Art Unit 2147