Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant argues the prior art does not teach “during the adversarial attack, automatically re-adjusting based on monitored performance and when any one of the subset of preprocessed weak defenses is deselected or becomes unavailable, recreating the deployment-phase ensemble of weak defenses”.
Examiner has attempted to reject the claim limitations as understood. As shown below clarification of the claim limitations is required. Examiner notes that the prior art already cited teaches adjusting ensemble defenses based on monitored performance. Examiner asserts that if a “weak defense” was “deselected” and monitored performance decreased, then the prior art cited would certainly read on “recreating” the prior ensemble of weak defenses.
While Examiner has provided additional art in the Notice of Reference Cited, Examiner points to Vela which already teaches an ensemble defense, and actively scoring and improving ensemble defenses upon detecting of attacks and scoring defensive/offensive success.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2-27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Applicant has amended claim 2 to recite “automatically re-adjusting based on monitored performance and when any one of the subset of p[reprocessed weak defenses is deselected or becomes unavailable, recreating the deployment phase ensemble of weak defenses”
It is unclear what “re-adjusting based on monitored performance” refers to. No subject or setting appears to be “re-adjusted”.
The claim states “recreating” the deployment-phase ensemble of weak defenses” It is unclear what this means in the context of “subset of preprocessed weak defenses is deselected or becomes unavailable” Is the “deployment phase ensemble” exactly the same as previously? This doesn’t appear possible if the previously incorporated weak defense “becomes unavailable”. As a logical point, if the ensemble is recreated based on “monitored performance” Examiner would conclude a new more effective ensemble would be created. Clarification is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 2-27 are rejected under 35 USC 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more.
Regarding claims 2-27, the claim recites the limitations “synthesizing a design-phase ensemble of weak defenses;” “synthesizing the design phase ensemble of weak defenses as a deployment phase ensemble of weak defenses…;” and “automatically re-adjusting based on monitored performance…;” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind. Therefore, the claims recite an abstract idea. Examiner notes that the defenses recited in the claims are never actually put into practice. The defenses are created, and adjusted based on feedback.
Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application. It’s noted that the claim recites the operations “synthesizing the design phase ensemble of weak defenses;”
However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering/processing/storing information, which are a form of insignificant extra-solution activity.
It’s also noted that the claims recite additional limitation/elements (i.e., system, , processor, memory, etc.,). However, said additional elements are recited at a high-level of generality (i.e., as a generic computing device performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception or abstract idea using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2-9, 13-22, 26, 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vela US 20210273967 in view of Hadar US 2021/0014265 in view of Zoldi US 2022/0166782 in view of Chu US 2018/0096261.
As per claim 2, 15 Vela teaches A method for generating defense against adversarial attacks on Al systems. [0047][0055] [0064]-[0067] [0071]-[0075] [0077] (teaches a method to train AI cyber defense system which generates a cyber defense dynamically against adversarial attacks, using a plurality of learned strategies in training, deploying said learning in real time on a production network, and incorporating real time user feedback to teach re-training the AI while monitoring the network)
Vela teaches synthesizing adaptive defenses of artificial intelligence (AI) systems against adversarial attacks, the method comprising: during a design phase, selecting subset of weak defenses to generate preprocessed weak defenses, and selecting a subset of the preprocessed weak defenses, based on a constraint for a diversirt metric for the subset of preprocessed weak defenses the diversity metric being an indicator of similarity between the defenses within the subset. Vela teaches synthesizing a design phase ensemble of weak defenses in prepariation for being deployed. Vela teaches during a deployment phase, re-synthesizing the design phase ensemble of weak defenses as a deployment phase ensemble of weak defenses for deployment as a component of the defense strategy against adversarial attacks, based on the design phase and changes in user behavior. [0034] [0038] [0047][0055] [0064]-[0067] [0071]-[0075] [0077] (teaches a method to train AI cyber defense system which generates a cyber defense dynamically against adversarial attacks, using a plurality of learned strategies in training, deploying said learning in real time on a production network, including “multiple defense mechanisms” and incorporating real time user feedback to teach re-training the AI while monitoring the network, selects training design defenses based on type of attack or similarity type metric )
Vela teaches during the adversarial attack, automatically re-adjusting based on monitored performance and when any one of the subset of preprocessed weak defenses is deselected or becomes unavailable, recreating the deployment phase ensemble of weak defenses. [0065][0066][0070][0071][0072][0078][0079] [0085][0086] (scoring defense mechanisms, choosing defense mechanisms based on detected attack, using feedback scoring to alter defensive strategy based on defensive performance)
Examiner believes that Vela teaches learning defenses, and selecting a subset of defenses in real time as an effective strategy to fight the attack. This implies that Vela teaches a “library” or database of defenses. However, Vela does not explicitly teach a database/library, and therefore Hadar is relied upon that teaching below.
Hadar teaches creating a library of weak defenses (WDs); preprocessing the WDs in the library; selecting a subset W of WDs from the WDs in the library[0021][0045][0046] to synthesize an ensemble strategy based on an input for the selected WDs, used as a defense against attacks. (explicitly teaches a security knowledge database, and list of remediations)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Hadar with the system of Vela because it provides a plurality of optimum security options to combat attacks.
Zoldi explicitly teaches defending against adversarial attacks on AI systems. Zoldi teaches detecting changes in behavior of users of the AI system in order to deploy a defense strategy. [0007][0011][0053][0054][0055][0071][0072][0076][0081][0084][0085] (teaches a machine learning defense system to detect adversarial attacks/user behavior against an AI system, where the adversarial attacks may be a detection of a change in user behavior, and deploying a set of defensive actions)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the system of Zoldi with the prior art because it enhances the security of AI interactive systems.
Chu teaches selecting defenses based on an entropy measure of at least one output of at least one defense to form a diversity metric, the diversity metric being an indicator of similarity.[0044][0045] (teaches a machine learning ensemble of different algorithms which are selected based on entropy measurements and weights)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Chu with the prior art because a diverse ensemble algorithm is more capable and an improvement over the prior art. [0045]
As per claim 3, 16. Vela teaches The method of claim 2, further comprising, in the deployment phase, monitoring, via a monitoring and feedback mechanism, a run-time performance of the defense. [0074][0075] (real time monitoring and visualization, user feedback)
As per claim 4, 17 Vela teaches The method of claim 2, further comprising re-synthesizing the ensemble. [0072]-[0077] (deploying learned defense mechanisms after training)
As per claim 5, 18 Hadar teaches The method of claim 2, wherein the WDs are discovered dynamically. [0042][0046]
Vela teaches the WDs are discovered dynamically. [0072]-[0077] (deploying learned defense mechanisms in real time after training based on specific attack)
As per claim 6, 19. Hadar teaches The method of claim 2, wherein the WDs are selected dynamically. [0042][0046]
Vela teaches The method of claim 2, wherein the WDs are selected dynamically. [0072]-[0077] (deploying learned defense mechanisms in real time after training based on specific attack)
As per claim 7, 20 Hadar teaches The method of claim 2, further comprising maintaining the library of WDs by at least one of adding new WDs, updating existing WDs and removing ineffective WDs. [0020] (removing ineffective security controls, implementing effective security controls)
As per claim 8, 21 Vela teaches The method of claim 2, wherein preprocessing the WDs comprises grouping the WDs in accordance with their transformation operations. [0067][0068][0071][0072] (different defense mechanism groups for different attacks)
As per claim 9, 22 Hadar teaches The method of claim 2, wherein prepreocessing the WDs comprises storing the WDs in a list. [0046] (List of remediation recommendations, security knowledge base)
Radja explicitly refers to a diversity metric as an indicator of similarity [0022]-[0025] [[0034][0037](clustering attacks and corresponding defenses; signature parameters and weight based on historical/training data.)
As per claim 13, 26 Vela teaches The method of claim 2, wherein selecting a subset W of WDs from the WDs in the library is dependent upon how the WDs in the library are preprocessed. [0067][0068][0071][0072] (different defense mechanism groups for different attacks; based on effectiveness, feedback)
As per claim 14, 27. Vela teaches The method of claim 2, wherein the monitoring and feedback mechanism includes a monitor component, a judge component, and a messenger component. [0074][0075] (teaches monitoring the data, visualizing it, marking it/judging and displaying/interacting with the user/messenger)
Claim(s) 10, 11, 23, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vela US 20210273967 in view of Hadar US 2021/0014265 in view of Zoldi US 2022/0166782 in view of Radja US 2020/0036734 in view of Chu US 2018/0096261.
As per claim 10, 23. Radja teaches The method of claim 2, wherein preprocessing the WDs in the library comprises clustering the WDs in accordance with a clustering algorithm. [0022]-[0025] (clustering attacks and corresponding defenses)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Radja with the previous art because it is an efficient data organizing system.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Radja with the previous art because it is an efficient data organizing system.
As per claim 11, 24 Radja teaches The method of claim 10, wherein the clustering algorithm is one of a hierarchical clustering or a k-means clustering. [0023] (K-means)
Claim(s) 12, 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vela US 20210273967 in view of Hadar US 2021/0014265 in view of Zoldi US 2022/0166782 in view of Radja US 2020/0036734 in view of Chu US 2018/0096261 in view of Eskridge US 2018/0309794.
As per claims 12, 25 Eskridge teaches The method of claim 2, wherein selecting a subset W of WDs from the WDs in the library comprises employing a heuristic search. [0046] [0110] (teaches searching cyber defense heuristically)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Eskridge with the previous art because it expedites the search for the optimum cyber defense.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439