Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 6-11, 13-17, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cyber attack evaluation dataset for deep packet inspection and analysis (Shishir et. al), and further in view of Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation (Flores et. al).
Regarding claim 1, Shishir teaches, A computer-implemented method of generating an emulated networking environment for improved cyberwarfare training realism using machine learning, the method comprising (Abstract, Table 1, How the Data were acquired, Value of the Data, 1. Data Description): receiving, via one or more processors; processing the historical Internet Protocol Packet data using a trained machine learning model: receiving, via one or more processors, historical Internet Protocol packet data machines (Abstract, Table 1, 2.1.2. Network scanning; recording network traffic for a small test bed between attackers and defenders, see figure below), and causing the plurality of virtual machines to be instantiated (Table 1, and Abstract).
PNG
media_image1.png
670
665
media_image1.png
Greyscale
However, Shishir does not teach, generating, based on the processing, an emulated networking environment including a plurality of virtual, wherein the plurality of virtual machines includes 1) at least one attacker virtual machine, 2) at least one hop virtual machine; and 3) at least one target virtual machine, and wherein each of the respective plurality of virtual machines is connected to at least one other of the plurality of virtual machines via a virtual switch.
Flores teaches; generating, based on the processing, an emulated networking environment including a plurality of virtual, wherein the plurality of virtual machines includes 1) at least one attacker virtual machine, 2) at least one hop virtual machine; and 3) at least one target virtual machine, and wherein each of the respective plurality of virtual machines is connected to at least one other of the plurality of virtual machines via a virtual switch.
(Pg. 186. I. Introduction, Column 2, using a machine learning model that generates a new testbed, and Pg. 192, 3) Topology Builder; 4) Scenario Generator; and section V. IoT scenario Use Case, a variety of VMs that are connected together, with an attacker VM, a hop VM that can be used to connect the attacker to the target, all connected via a virtual network, which use IP packets for attack virtualization).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
Regarding claim 2, Flores teaches, the computer-implemented method of claim 1, further comprising: generating the plurality of virtual machines, wherein the generating includes installing one or more scripts in at least one of the plurality of virtual machines (Pg. 192, 4) scenario generator, and Pg. 193, B. Emulated Devices, an API that creates nodes and runs scripts on the node).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
Regarding claim 3, Shishir teaches, the computer-implemented method of claim 1, further comprising: generating the plurality of virtual machines, wherein the generating includes storing one or more wordlists in at least one of the plurality of virtual machines (Table 3, a wordlist of privileged and non-privileged users).
PNG
media_image2.png
290
801
media_image2.png
Greyscale
Further, regarding claim 3, Flores teaches, the computer-implemented method of claim 1, further comprising: generating the plurality of virtual machines, wherein the generating includes storing one or more wordlists in at least one of the plurality of virtual machines (Pg. 11, column 2, lines 43-51, a wordlist stored in the attacker virtual machine).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
Regarding claim 4, Shishir teaches, the computer-implemented method of claim 3, wherein the wordlists include a privileged user dictionary and a non-privileged user dictionary (Table 3, a wordlist of privileged and non-privileged users).
PNG
media_image2.png
290
801
media_image2.png
Greyscale
Further, regarding claim 4, Flores teaches, the computer-implemented method of claim 3, wherein the wordlists include a privileged user dictionary and a non-privileged user dictionary (Pg. 196, 3) Calabrese Crime Family, a wordlist stored in the attacker virtual machine, it would be obvious that a set of the wordlists would include users that are privileged, like root or admin, and generic usernames that are not privileged).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
Regarding claim 6, Flores teaches, the computer-implemented method of claim 1, further comprising: receiving, from the plurality of virtual machines, one or more Internet Protocol data packets; and storing, via one or more processors, the packets in an electronic database (Pg. 194, d) Attacker or malicious edge devices, collecting credentials of users in a database).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
Regarding claim 7, Flores teaches, the computer-implemented method of claim 1, further comprising: generating the plurality of virtual machines, wherein the generating includes storing instructions for modifying an industrial control system in at least one of the plurality of virtual machines (Pg. 192. V. IoT Scenario Use Case, attacking industrial control systems to cause tool failure).
Therefore, it would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir, with the emulated network environments of Flores, as this will allow the ML system to be able to run specialized attack scripts in a secure environment.
With regards to Claim 8, Shishir, in further view of Flores, teaches the method of Claim 1 as referenced above. The system of Claim 8 performs the same steps as the method of Claim 1, and Claim 8 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 1 by the teachings of Shishir, in further view of Shishir, in further view of Flores.
With regards to Claim 9, Shishir, in further view of Flores teaches the method of Claim 2 as referenced above. The system of Claim 9 performs the same steps as the method of Claim 2, and Claim 9 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 2 by the teachings of Shishir, in further view of Flores.
With regards to Claim 10, Shishir, in further view of Flores teaches the method of Claim 3 as referenced above. The system of Claim 10 performs the same steps as the method of Claim 3, and Claim 10 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 3 by the teachings of Shishir, in further view of Flores.
With regards to Claim 11, Shishir, in further view of Flores teaches the method of Claim 4 as referenced above. The system of Claim 11 performs the same steps as the method of Claim 4, and Claim 11 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 4 by the teachings of Shishir, in further view of Flores.
With regards to Claim 13, Shishir, in further view of Flores teaches the method of Claim 6 as referenced above. The system of Claim 13 performs the same steps as the method of Claim 6, and Claim 13 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 6 by the teachings of Shishir, in further view of Flores.
With regards to Claim 14, Shishir, in further view of Flores teaches the method of Claim 7 as referenced above. The system of Claim 14 performs the same steps as the method of Claim 7, and Claim 14 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 7 by the teachings of Shishir, in further view of Flores.
With regards to Claim 15, Shishir, in further view of Flores teaches the method of Claim 1 as referenced above. The medium of Claim 15 performs the same steps as the method of Claim 1, and Claim 15 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 1 by the teachings of Shishir, in further view of Flores.
With regards to Claim 16, Shishir, in further view of Flores teaches the method of Claim 2 as referenced above. The medium of Claim 16 performs the same steps as the method of Claim 2, and Claim 16 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 2 by the teachings of Shishir, in further view of Flores.
With regards to Claim 17, Shishir, in further view of Flores teaches the method of Claim 3 as referenced above. The medium of Claim 17 performs the same steps as the method of Claim 3, and Claim 17 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 3 by the teachings of Shishir, in further view of Flores.
With regards to Claim 19, Shishir, in further view of Flores teaches the method of Claim 6 as referenced above. The medium of Claim 19 performs the same steps as the method of Claim 6, and Claim 19 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 6 by the teachings of Shishir, in further view of Flores.
With regards to Claim 20, Shishir, in further view of Flores teaches the method of Claim 7 as referenced above. The medium of Claim 20 performs the same steps as the method of Claim 7, and Claim 20 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 7 by the teachings of Shishir, in further view of Flores.
Claim(s) 5, 12 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cyber attack evaluation dataset for deep packet inspection and analysis (Shishir et. al), and Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation (Flores et. al).) as applied to claim 1-4, 6-11, 13-17, 19, 20 above, and further in view of US 20190042446 A1 (Sukhomlinov et. al).
Regarding claim 5, Shishir, in further view of Flores teaches, The computer-implemented method of claim 1.
Shishir, in further view of Flores does not teach, further comprising: generating the plurality of virtual machines, wherein the generating includes storing at least one of 1) a brute-force attack script, 2) a side-channel attack script, 3) a power-up attack script, 4) a power-down attack script, or 5) a web automation attack script in at least one of the virtual machines.
However, Sukhomlinov teaches, further comprising: generating the plurality of virtual machines, wherein the generating includes storing at least one of 1) a brute-force attack script, 2) a side-channel attack script, 3) a power-up attack script, 4) a power-down attack script, or 5) a web automation attack script in at least one of the virtual machines. (paragraph 48, 51, 53, a side-channel attack ran in a VM, which is obvious that it would be ran using a script)
It would have been obvious before the effective filing date of the claimed invention to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the technique to receive historical IP packet data by Shishir and the cyber security testbed of Flores, with the attack script of Sukhomlinov, as it allows for assignment of specific attacks on the VM to ensure proper security and testing of the ML testbed.
With regards to Claim 12, Shishir, Flores and further in view of Sukhomlinov teaches the method of Claim 5 as referenced above. The system of Claim 12 performs the same steps as the method of Claim 5, and Claim 12 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 5 by the teachings of Shishir, Flores and further in view of Sukhomlinov.
With regards to Claim 18, Shishir, Flores and further in view of Sukhomlinov teaches the method of Claim 5 as referenced above. The medium of Claim 18 performs the same steps as the method of Claim 5, and Claim 18 is therefore rejected using the same art and rationale set forth above in the rejection of Claim 5 by the teachings of Shishir, Flores and further in view of Sukhomlinov.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTIAN BAKHIT whose telephone number is (571)272-4314. The examiner can normally be reached Monday-Thursday: 6:30-5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.M.B./Examiner, Art Unit 2199
/LEWIS A BULLOCK JR/Supervisory Patent Examiner, Art Unit 2199