DETAILED ACTION
In a communication received on 21 November 2025, applicants amended claims 1-3, 5, 8, 10-12, 14, 17, 19-21, 23 and 26.
Claims 1-27 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 10, and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 10, 11, 19, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1) and Murali et al. (US 2020/0065645 A1), and further in view of Chen et al. (US 2019/0130101 A1).
With respect to claim 1, Khorrami discloses: a method for detecting unauthorized memory access cyberattacks (i.e., detecting anomaly relative to a baseline of device behavior without prior knowledge of signatures in Khorrami, ¶0039),
the method comprising:
receiving, by a processor, hardware event data, wherein the hardware event data is collected from hardware performance counter (HPC) circuitry of a targeted device during execution of a program (i.e., hardware performance counters providing count of hardware-related events; the HPC data is read at a fixed sampling rate in Khorrami, ¶0041, ¶0062);
generating, by the processor, time-sequential hardware event data from the hardware event data (i.e., a sequence of measurements; a time-series of hardware event data in Khorrami, ¶0040, ¶0070),
wherein the time-sequential hardware event data describes a plurality of relative differences in amount of a hardware event at a plurality of sequential timepoints (i.e., inter-sample rates of change as basis for features; characterize patterns of time variations of activity in Khorrami, ¶0075)
wherein (i) the time-sequential hardware event data comprises a data feature value that corresponds to a relative change in an amount of a hardware event during a first timepoint of the plurality of sequential timepoints with respect to a second timepoint of the plurality of sequential timepoints (i.e., differences in HPC measurements between successive sampling times; sequence of measurements over a sliding window of time in Khorrami, ¶0057, ¶0075, ¶0109)
and (ii) the second timepoint is prior to the first timepoint within the plurality of sequential timepoints (i.e., sampling points in a time-series are successive for computation in Khorrami, ¶0070, ¶0075, and ¶0109)
Khorrami discloses inter-sample rates of change as basis for features; characterize patterns of time variations of activity (¶0075). Khorrami do(es) not explicitly disclose the following. Levy, in order to improve detection ability by iteratively improving model to classify new unseen malware (¶0059), discloses: determining, by the processor and using the classifier model modified with the training data, whether an executing program comprises an unauthorized memory access cyberattack (i.e., creating second antimalware system to detect malicious code that includes the synthetic malware samples; retraining the model, improving the ability of the model in Levy, ¶0055, ¶0057, ¶0059).
Based on Khorrami in view of Levy, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Levy to improve upon those of Khorrami in order to improve detection ability by iteratively improving model to classify new unseen malware.
Khorrami discloses inter-sample rates of change as basis for features; characterize patterns of time variations of activity (¶0075). Khorrami do(es) not explicitly disclose the following. Levy, in order to improve training of ML models using synthesized training sets (¶0004), discloses: generating, by the processor, a synthetic evasive sample based on at least a portion of the program corresponding to the contributing timepoint (i.e., generating synthetic samples based on functional blocks of malware samples, creating new code based on malware samples; variations in code generated to yield synthetic malware samples not detected by a system to improve training of the models narrowing windows of malicious action in Levy, ¶0050-0052, ¶0040, ¶0054).
Based on Khorrami in view of Levy, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Levy to improve upon those of Khorrami in order to improve training of ML models using synthesized training sets.
Khorrami discloses inter-sample rates of change as basis for features; characterize patterns of time variations of activity (¶0075). Khorrami and Levy do(es) not explicitly disclose the following. Murali, in order to implement interpretability showing causal value of features for predictions and causality (¶0059), discloses:
determining, by the processor and using a distilled machine learning model (i.e., Teacher/Student model; knowledge distillation, for generating a dataset; quantifying the contribution of a particular input feature in Murali, ¶0029, ¶0030, ¶0039),
a contributing timepoint from the plurality of sequential timepoints (i.e., descriptive capability to convey how much factor contributes to the prediction and importance of a features in Murali, ¶0019, ¶0020)
based at least in part on a contribution of an input data feature associated with the contributing timepoint to the prediction (i.e., identifying a contribution of an input feature including importance in Murali, ¶0029, ¶0030).
Based on Khorrami in view of Levy, further in view of Murali, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Murali to improve upon those of Khorrami in order to implement interpretability showing causal value of features for predictions and causality.
Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali do(es) not explicitly disclose the following. Chen, in order to detect Spectre/Meltdown side channel memory access attacks (¶0024, ¶0041), discloses:
generating, by the processor and using a classifier model, a prediction corresponding to a normal program (i.e., predicting values based on ML model; generating a forward looking prediction; process benign test set for second probability of anomaly detection in Chen, ¶0027, ¶0061, ¶0062)
based at least in part on the time-sequential hardware event data (i.e., time series analysis of HPC data, predicting next values HPC data in Chen, ¶0014, ¶0065)
determining, by the processor, the prediction is incorrect and corresponds to a bypassed detection of an evasive program (i.e., anomaly detection based on p-value and threshold; further subsequent training can then identify false positives and false negatives in Chen, ¶0045, ¶0049); and
providing, by the processor and to the classifier model, training data comprising the synthetic evasive sample to modify the classifier model (i.e., subsequent training to reduce false positives and negatives in Chen, ¶0049).
Based on Khorrami in view of Levy and Murali, and further in view of Chen, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Chen to improve upon those of Khorrami in order to detect Spectre/Meltdown side channel memory access attacks.
With respect to claim 2, Khorrami discloses: the method of claim 1, wherein the classifier model comprises a long short term memory (LSTM) mechanism configured to receive the time-sequential hardware event data as input (i.e., Long Short-Term memory architectures for learning baseline characteristics of feature vector time series in Khorrami, ¶0134).
With respect to claim 10, the limitation(s) of claim 10 are similar to those of claim(s) 1. Therefore, claim 10 is rejected with the same reasoning as claim(s) 1.
With respect to claim 11, the limitation(s) of claim 11 are similar to those of claim(s) 2. Therefore, claim 11 is rejected with the same reasoning as claim(s) 2.
With respect to claim 19, the limitation(s) of claim 19 are similar to those of claim(s) 1. Therefore, claim 19 is rejected with the same reasoning as claim(s) 1.
With respect to claim 20, the limitation(s) of claim 20 are similar to those of claim(s) 2. Therefore, claim 20 is rejected with the same reasoning as claim(s) 2.
Claim(s) 3, 12, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1), Murali et al. (US 2020/0065645 A1), and Chen et al. (US 2019/0130101 A1), and further in view of Kounavis et al. (US 2019/0220605 A1).
With respect to claim 3, Khorrami discloses: the method of claim 1, wherein the classifier model (i.e., run-time monitoring classifies a feature vector as anomalous suggesting a threat detected in Khorrami, ¶0088, ¶0133).
Khorrami discloses inter-sample rates of change as basis for features; characterize patterns of time variations of activity (¶0075). Khorrami do(es) not explicitly disclose the following. Levy, in order to expand range of detecting new and unseen malware instances by iteratively retraining the model off of generated training sets (¶0059), discloses: re-training the classifier model using the plurality of program samples and the plurality of synthesized program samples. (i.e., retraining the model based on the generated synthetic samples; retraining creates further malicious detection system based on the synthetic samples in the second training set in Levy, ¶0055, ¶0057).
Based on Khorrami in view of Levy, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Levy to improve upon those of Khorrami in order to expand range of detecting new and unseen malware instances by iteratively retraining the model off of generated training sets.
Khorrami discloses inter-sample rates of change as basis for features; characterize patterns of time variations of activity (¶0075). Khorrami and Levy do(es) not explicitly disclose the following. Murali, in order to implement interpretability showing causal value of features for predictions and causality (¶0059), discloses:
generating, using the plurality of program samples, a distilled machine learning model configured to generate similar outputs to the classifier model (i.e., Teacher/Student model; knowledge distillation, for generating a dataset in Murali, ¶0039);
identifying, using the distilled machine learning model, one or more significant timepoints spanned by the time-sequential hardware event data (i.e., interpretability corresponds to feature contribution identification; the teacher student model provides the contribution features in Murali, ¶0037, ¶0039, ¶0040)
that correspond to the plurality of program samples (i.e., feature extraction with corresponding importance rankings based on individual contribution of input features in Murali, ¶0004, ¶0039).
Based on Khorrami in view of Levy, further in view of Murali, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Murali to improve upon those of Khorrami in order to implement interpretability showing causal value of features for predictions and causality.
Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, and Chen do(es) not explicitly disclose the following. Kounavis, in order to guard vulnerable paths in modification of training process by identifying vulnerable paths to craft adversarial examples (¶0049), discloses: is trained by:
providing the classifier model with a plurality of program samples comprising a plurality of corresponding labels that indicate whether the plurality of program samples include the unauthorized memory access cyberattack (i.e., training data each may be associated with a class that indicates whether it is malicious or non-malicious data in Kounavis, ¶0019).
generating a plurality of synthesized program samples using the one or more significant timepoints and (i.e., using a sliding window, altered portions correspond to a patch of the program code; that portion can be determined to be the heaviest weight towards making a prediction in Kounavis, ¶0038).
Based on Khorrami in view of Levy, Murali, and Chen, and further in view of Kounavis, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Kounavis to improve upon those of Khorrami in order to guard vulnerable paths in modification of training process by identifying vulnerable paths to craft adversarial examples.
With respect to claim 12, the limitation(s) of claim 12 are similar to those of claim(s) 3. Therefore, claim 12 is rejected with the same reasoning as claim(s) 3.
With respect to claim 21, the limitation(s) of claim 21 are similar to those of claim(s) 3. Therefore, claim 21 is rejected with the same reasoning as claim(s) 3.
Claim(s) 4, 6, 13, 15, 22, and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1), Murali et al. (US 2020/0065645 A1), Chen et al. (US 2019/0130101 A1) and Kounavis et al. (US 2019/0220605 A1), and further in view of Hestness et al. (US 2020/0175374 A1).
With respect to claim 4, Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, Chen, and Kounavis do(es) not explicitly disclose the following. Hestness, in order to improve model accuracy and identify architecture changes to better fit datasets without substantial structural change (¶0002), discloses: the method of claim 3, wherein generating the plurality of synthesized program samples further comprises:
executing one or more data augmentation operations in a machine learning model ensemble boosting framework, wherein the one or more data augmentation operations comprise manual data augmentation operations, generative adversarial network (GAN) model-based data augmentation operations, and diffusion model-based data augmentation operations. (i.e., utilizing generative adversarial networks in data handling and augmentation to allow models to learn more on less data to improve on power-law learning curve corresponding to increases in accuracy in relation to dataset increases in Hestness, ¶0123).
Based on Khorrami in view of Levy, Murali, Chen and Kounavis, and further in view of Hestness, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Hestness to improve upon those of Khorrami in order to improve model accuracy and identify architecture changes to better fit datasets without substantial structural change.
With respect to claim 6, Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, Chen and Kounavis do(es) not explicitly disclose the following. Hestness, in order to improve model accuracy and identify architecture changes to better fit datasets without substantial structural change (¶0002), discloses: the method of claim 3, wherein the classifier model is trained and re-trained using stochastic gradient descent and cross-entropy loss (i.e., optimizing models using stochastic gradient descent optimizer with cross-entropy loss in Hestness, ¶0083).
Based on Khorrami in view of Levy, Murali, Chen and Kounavis, and further in view of Hestness, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Hestness to improve upon those of Khorrami in order to improve model accuracy and identify architecture changes to better fit datasets without substantial structural change.
With respect to claim 13, the limitation(s) of claim 13 are similar to those of claim(s) 4. Therefore, claim 13 is rejected with the same reasoning as claim(s) 4.
With respect to claim 15, the limitation(s) of claim 15 are similar to those of claim(s) 6. Therefore, claim 15 is rejected with the same reasoning as claim(s) 6.
With respect to claim 22, the limitation(s) of claim 22 are similar to those of claim(s) 4. Therefore, claim 22 is rejected with the same reasoning as claim(s) 4.
With respect to claim 24, the limitation(s) of claim 24 are similar to those of claim(s) 6. Therefore, claim 24 is rejected with the same reasoning as claim(s) 6.
Claim(s) 5, 14, and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1), Murali et al. (US 2020/0065645 A1), Chen et al. (US 2019/0130101 A1), Kounavis et al. (US 2019/0220605 A1), and Hestness et al. (US 2020/0175374 A1), and further in view of Sehgal (US 2019/0095557 A1)
With respect to claim 5, Khorrami discloses: the method of claim 4, wherein the manual data augmentation operations comprise:
generating one or more sliced portions of one or more program samples, wherein the one or more program samples are labelled to indicate (i) a presence of the unauthorized memory access cyberattack (i.e., baseline vs anomalous labels on sliding window time samples in Khorrami, ¶0022, ¶0083-84).
Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, Chen, Kounavis and Hestness do(es) not explicitly disclose the following. Sehgal, in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs (¶0088), discloses:
Or (ii) a mis-classification by the classifier model (i.e., identifying a particular model input/variable as out of date, inaccurate or not suitable in Sehgal, ¶0088);
inserting the one or more sliced portions within an original program sample of the plurality of program samples (i.e., input a set of models and execution output into a cumulative model; each input model representing a factor or variable in the model; individual models are input in various permutations in Sehgal, ¶0048, ¶0088); and
generating a synthesized program sample based at least in part on permutating function blocks of the original program sample (i.e., generating and analyzing results of multiple permutations of models/variables as input to determine the parameters with greatest impact in Sehgal, ¶0088).
Based on Khorrami in view of Levy, Murali, Chen, Kounavis, and Hestness further in view of Sehgal, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Sehgal to improve upon those of Khorrami in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs.
With respect to claim 14, the limitation(s) of claim 14 are similar to those of claim(s) 5. Therefore, claim 14 is rejected with the same reasoning as claim(s) 5.
With respect to claim 23, the limitation(s) of claim 23 are similar to those of claim(s) 5. Therefore, claim 23 is rejected with the same reasoning as claim(s) 5.
Claim(s) 7, 8, 16, 17, 25, and 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1), Murali et al. (US 2020/0065645 A1), Chen et al. (US 2019/0130101 A1) and Kounavis et al. (US 2019/0220605 A1), and further in view of Sehgal et al. (US 2019/0095557 A1).
With respect to claim 7, Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, Chen and Kounavis do(es) not explicitly disclose the following. Sehgal, in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs (¶0088), discloses: the method of claim 3, wherein re-training the classifier model further comprises employing a machine learning model ensemble boosting framework, wherein the machine learning model ensemble boosting framework comprises previous iterations of the classifier model (i.e., utilizing a distilled model receiving various other models as inputs to represent one or more factors and variables of a modeled scenario in Sehgal, ¶0048).
Based on Khorrami in view of Levy, Murali, Chen and Kounavis, and further in view of Sehgal, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Sehgal to improve upon those of Khorrami in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs.
With respect to claim 8, Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, Chen and Kounavis do(es) not explicitly disclose the following. Sehgal, in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs (¶0088), discloses: the method of claim 3, wherein the distilled machine learning model is a linear regression model comprising a plurality of polynomial terms, the plurality of polynomial terms being used to identify the contributing timepoint (i.e., performing linear regression with terms that identify particular models, variables, inputs with the greatest impact on the output of the model; provides insight on optimizing or updating models in Sehgal, ¶0088).
Based on Khorrami in view of Levy, Murali, Chen and Kounavis, and further in view of Sehgal, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Sehgal to improve upon those of Khorrami in order to improve upon the limitations and weaknesses of models by determining the impact of specific inputs.
With respect to claim 16, the limitation(s) of claim 16 are similar to those of claim(s) 7. Therefore, claim 16 is rejected with the same reasoning as claim(s) 7.
With respect to claim 17, the limitation(s) of claim 17 are similar to those of claim(s) 8. Therefore, claim 17 is rejected with the same reasoning as claim(s) 8.
With respect to claim 25, the limitation(s) of claim 25 are similar to those of claim(s) 7. Therefore, claim 25 is rejected with the same reasoning as claim(s) 7.
With respect to claim 26, the limitation(s) of claim 26 are similar to those of claim(s) 8. Therefore, claim 26 is rejected with the same reasoning as claim(s) 8.
Claim(s) 9, 18, and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Khorrami et al. (US 2019/0340392 A1) in view of Levy (US 2019/0215329 A1), Murali et al. (US 2020/0065645 A1), and Chen et al. (US 2019/0130101 A1), and further in view of Chen et al. ‘096 (US 2019/0130096 A1).
With respect to claim 9, Khorrami discloses classifier to determine for feature vectors if there is anomalous threat behavior (¶0088, ¶0133). Khorrami, Levy, Murali, and Chen do(es) not explicitly disclose the following. Chen ‘096, in order to detect Spectre/Meltdown side channel memory access attacks(¶0024, ¶0041), discloses: the method of claim 1, wherein the hardware event data (i.e., HPC's collecting data indicative of side channel attacks such as Spectre or Meltdown in Chen ‘096, ¶0042-0043) Includes
(i) branch mis-prediction rate (i.e., HPC's data including "br_misp_retired.all_branches_pebs" and "br_inst_rtired.all_branches_pebs" corresponding to measures of retired mis-predicted branches and all retired branches in Chen ‘096, fig. 3a, fig. 3b),
(ii) a number of low-level cache references (i.e., cache-references HPC data including output of detector indicating HPC data including cache references in Chen ‘096, fig. 3a, fig. 3b), and
(iii) a number of low-level cache misses (i.e., HPC that collects data on cache misses in Chen ‘096, ¶0042-0043, fig. 3a).
Based on Khorrami in view of Levy, Murali, and Chen, and further in view of Chen ‘096, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Chen ‘096 to improve upon those of Khorrami in order to detect Spectre/Meltdown side channel memory access attacks.
With respect to claim 18, the limitation(s) of claim 18 are similar to those of claim(s) 9. Therefore, claim 18 is rejected with the same reasoning as claim(s) 9.
With respect to claim 27, the limitation(s) of claim 27 are similar to those of claim(s) 9. Therefore, claim 27 is rejected with the same reasoning as claim(s) 9.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sherman Lin
3/12/2026
/S. L./Examiner, Art Unit 2447
/JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447