DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.
The IDS filed 12/21/2022 has been considered.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-4, 7, 8, 10, 11, and 14-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Caceres et al. (U.S. Patent Application Publication Number 2022/0014561), hereinafter referred to as Carceres.
Regarding claim 1, Carceres discloses a computer-implemented method, comprising: applying a plurality of known cyber-attack techniques and variations thereof against a simulated defender system using a simulated attacking system (paragraph 75, detects web application vulnerabilities); applying known cyber-attack defense techniques to the defender system (paragraph 77, simulator uses business decisions under consideration); logging instances of the defender system in association with various combinations of respective cyber-attack techniques, various cyber-attack defense techniques, simulated system configurations, and simulated system outcomes as training instances (paragraph 77, stages possible outcomes); training a machine learning model using the logged training instances (paragraph 111, performs simulated attack using machine learning); inputting a production product configuration to the trained machine learning model (paragraph 111, simulated attack is against particular infrastructure); and outputting, from the trained machine learning model, information related to cyber-hardening of the production product (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 2, Carceres discloses wherein the information output from the trained machine learning model is selected from the group consisting of: a set of modified production product configurations, a set of cyber-attack technique vulnerabilities, and a set of cyber-attack defense techniques to deploy on the production product (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 3, Carceres discloses wherein the attacking system is provided a Uniform Resource Locator (URL) of the defender system and a list of internal paths associated with the defender system against which to direct the known cyber-attack techniques and variations thereof (paragraph 73, accesses available web pages and applications for domain).
Regarding claim 4, Carceres discloses wherein the variations of the known cyber-attack techniques are the known cyber-attack techniques modified using fuzzing (paragraph 73, fuzzing).
Regarding claim 7, Carceres discloses wherein a plurality of unique cyber-attack techniques and/or variations thereof are applied against a plurality of simulated defender systems in parallel using containers (paragraph 101, parallel testing).
Regarding claim 8, Carceres discloses a computer-implemented method, comprising: in a simulated computing environment having a simulated attacking system and a simulated defender system, performing the following operations in a repeating sequence until a cyber-attack simulation sequence is complete (paragraph 67, multiple iterations of technique): preparing a next cyber-attack (paragraph 73, scan scheduler), applying the next cyber-attack to the defender system (paragraph 75, detects web application vulnerabilities), determining an outcome of the cyber-attack on the defender system (paragraph 77, current system derived results), updating a defense mechanism of the defender system in response to the outcome of the cyber-attack (paragraph 77, simulator uses business decisions under consideration), and logging instances of the defender system in association with various combinations of respective cyber-attack techniques, various cyber-attack defense techniques, simulated system configurations, and simulated system outcomes as training instances (paragraph 77, stages possible outcomes); in response to completing the cyber-attack simulation sequence, training a machine learning model using the training instances (paragraph 111, performs simulated attack using machine learning); storing the machine learning model (paragraph 111, performs simulated attack using machine learning); and using the machine learning model to improve cyber-attack resistance of a computer system (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 10, Carceres discloses wherein preparing the next cyber-attack includes using a Uniform Resource Locator (URL) of the defender system and a list of internal paths associated with the defender system against which to direct the cyber-attack (paragraph 73, accesses available web pages and applications for domain).
Regarding claim 11, Carceres discloses wherein preparing the next cyber-attack includes creating a modification of a known cyber-attack technique using fuzzing (paragraph 73, fuzzing).
Regarding claim 14, Carceres discloses wherein using the machine learning model to improve cyber-attack resistance of a computer system is based on output thereof selected from the group consisting of: a set of modified computer system configurations, a set of cyber-attack technique vulnerabilities, and a set of cyber-attack defense techniques to deploy on the computer system (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 15, Carceres discloses wherein the simulated computing environment has a plurality of simulated attacking systems and a plurality of simulated defender systems, wherein a plurality of unique cyber-attack techniques and/or variations thereof are applied against the plurality of simulated defender systems in parallel using containers (paragraph 101, parallel testing).
Regarding claim 16, Carceres discloses a computer program product for cyber-hardening using adversarial machine learning, the computer program product comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising: program instructions to apply a plurality of known cyber-attack techniques and variations thereof against a simulated defender system using a simulated attacking system (paragraph 75, detects web application vulnerabilities); program instructions to apply known cyber-attack defense techniques to the defender system (paragraph 77, simulator uses business decisions under consideration); program instructions to log instances of the defender system in association with various combinations of respective cyber-attack techniques, various cyber-attack defense techniques, simulated system configurations, and simulated system outcomes as training instances (paragraph 77, stages possible outcomes); program instructions to train a machine learning model using the logged training instances (paragraph 111, performs simulated attack using machine learning); program instructions to input production product configurations to the trained machine learning model (paragraph 111, simulated attack is against particular infrastructure); and program instructions to output, from the trained machine learning model, information related to cyber-hardening of the production product (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 17, Carceres discloses wherein the information output from the trained machine learning model is selected from the group consisting of: a set of modified production product configurations, a set of cyber-attack technique vulnerabilities, and a set of cyber-attack defense techniques to deploy on the production product (paragraph 111, recommendation report for hardening infrastructure).
Regarding claim 18, Carceres discloses wherein the attacking system is provided a Uniform Resource Locator (URL) of the defender system and a list of internal paths associated with the defender system against which to direct the known cyber-attack techniques and variations thereof (paragraph 73, accesses available web pages and applications for domain).
Regarding claim 19, Carceres discloses wherein the variations of the known cyber-attack techniques are modified using fuzzing (paragraph 73, fuzzing).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 5, 6, 9, 12, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Carceres in view of Sbandi et al. (U.S. Patent Application Publication Number 2021/0092143), hereinafter referred to as Sbandi.
Carceres disclosed techniques for security profiling using simulated attacks. In an analogous art, Sbandi disclosed techniques for chaos stress testing in a computer network. Both systems are directed toward managing cybersecurity via simulated attacks and machine learning.
Regarding claim 5, Carceres does not explicitly state wherein at least some of the known cyber-attack techniques are modified using chaos engineering. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability that at least some of the known cyber-attack techniques are modified using chaos engineering as provided by Sbandi (see paragraph 37, chaos engineering). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Regarding claim 6, Carceres does not explicitly state training the attacking system to improve cyber-attacks on the defender system based on the outcome of previous cyber-attacks conducted during performance of the method. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability for training the attacking system to improve cyber-attacks on the defender system based on the outcome of previous cyber-attacks conducted during performance of the method as provided by Sbandi (see paragraph 21, patterns used for subsequent testing). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Regarding claim 9, Carceres does not explicitly state wherein preparing the next cyber-attack includes altering a previously-executed cyber-attack in the cyber-attack simulation sequence based on the outcome of a previously-attempted cyber-attack in an effort to improve effectiveness of the cyber-attack. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability that preparing the next cyber-attack includes altering a previously-executed cyber-attack in the cyber-attack simulation sequence based on the outcome of a previously-attempted cyber-attack in an effort to improve effectiveness of the cyber-attack as provided by Sbandi (see paragraph 21, patterns used for subsequent testing). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Regarding claim 12, Carceres does not explicitly state wherein preparing the next cyber-attack includes creating a modification of a known cyber-attack using chaos engineering. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability that preparing the next cyber-attack includes creating a modification of a known cyber-attack using chaos engineering as provided by Sbandi (see paragraph 37, chaos engineering). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Regarding claim 13, Carceres does not explicitly state wherein preparing the next cyber-attack includes training the attacking system to improve cyber-attacks on the defender system based on the outcome of previous cyber-attacks conducted during performance of the cyber-attack simulation sequence. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability that preparing the next cyber-attack includes training the attacking system to improve cyber-attacks on the defender system based on the outcome of previous cyber-attacks conducted during performance of the cyber-attack simulation sequence as provided by Sbandi (see paragraph 21, patterns used for subsequent testing). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Regarding claim 20, Carceres does not explicitly state wherein at least some of the known cyber-attack techniques are modified using chaos engineering. However, managing cybersecurity in such a fashion was well known in the art as evidenced by Sbandi. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carceres by adding the ability that at least some of the known cyber-attack techniques are modified using chaos engineering as provided by Sbandi (see paragraph 37, chaos engineering). One of ordinary skill in the art would have recognized the benefit that testing computer systems in this way would assist in mitigating cybersecurity threats and improving operational resiliency (see Sbandi, paragraph 1).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Sharma et al. (U.S. Patent Application Publication Number 2023/0269266) disclosed techniques for emulating a multi-stage attack on a network node.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Victor Lesniewski/Primary Examiner, Art Unit 2493