Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 18/570,561 is presented for examination by the examiner. Claims 1, 2, 5, 6, 10, and 16 are amended. Claims 1-20 are pending.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 5, and 6 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Crabtree (US 2021/0360032 A1) in view of Mayer (US 2023/0118679 A1)
Regarding Claim 1
Crabtree discloses:
A search device comprising a processor configured to execute operations comprising:
generating a passive data analysis result of analyzing data observed in a communication network (Crabtree ¶48 and 69: The system performs passive network reconnaissance to collect and analyze observed network data without direct interaction with the target. This includes identifying network address ranges, domains, external relationships, and exposed content to uncover potential vulnerabilities and define the scope of scanning.);
generating an active data analysis result of analyzing data obtained by searching the communication network (Crabtree ¶48 and 71: the system performs active reconnaissance by directly interacting with network resources to collect data. This includes sending manual HTTP requests to endpoints, fingerprinting applications, identifying exposed administrative interfaces, extracting version numbers, and probing IoT and user devices. The collected data is then analyzed to identify vulnerabilities and generate cybersecurity assessments.); and
determining a network address to be searched based on the passive data analysis result and the active data analysis result (Crabtree ¶69, 71, 84: discloses that passive and active reconnaissance data are combined to generate a cybersecurity profile, which is then used to identify network address ranges for scanning, thereby determining a network address to be searched based on both types of analysis.);
transmitting the network address to an application configured to search the network address to generate a set of suspected network addresses (Crabtree ¶63, 85: discloses that the system uses a directed computational graph to coordinate execution of reconnaissance tools by transmitting selected network addresses as input parameters to applications (tools) that search those addresses. These tools then conduct further scans or analysis to discover related or vulnerable network nodes, which aligns with generating a set of suspected network addresses.).
Crabtree is silent on “wherein the generating an active data analysis result further comprises analyzing data including a search result indicating whether the network address is malicious; and recording malicious network address information into a database and ranking the malicious network address information based on internet protocol information using machine learning.”
On the other hand, Mayer teaches automated domain categorization and risk analysis using machine learning, including determining whether registered domains include malicious content such as phishing or scam content (Mayer ¶71). Mayer further teaches that domains are ranked for risk based on attributes including determined maliciousness and the number of past phishing sites/pages hosted on the domain and/or emanating from the IP addresses, and that an overall ranking of domains is created using one or more algorithms or equation (Mayer ¶66-68). Mayer additionally teaches storing domain information in a database (Mayer ¶75). Mayer further teaches ranking and displaying IP addresses in descending order based on the number of and type of monitored domains associated with each IP address. Thereby identifying the most problematic IP addresses (Mayer ¶82).
It would have been obvious to one of ordinary skill in the art to modify Crabtree to record identified malicious network address information into a database and rank such information based on IP addresses data using machine learning as taught by Mayer, in order to improve prioritization, tracking, and mitigation of malicious network infrastructure. Such a combination merely applies known machine-learning-based ranking techniques to known cybersecurity reconnaissance results to achieve predictable results.
Regarding Claim 2
Crabtree discloses:
The search device according to claim 1,
the determining the network address further comprise outputting data for specifying the network address having a feature similar to a feature of a malicious network address obtained based on the search result (Crabtree ¶89: discloses that once an anomaly is detected and a node is flagged as potentially compromised, the system analyzes the node’s connectivity and capabilities (i.e., features) to assess the potential impact. This includes evaluating related nodes that share connections or roles, thereby identifying other nodes with similar features to the compromised one. The system uses this similarity to determine risk and prioritize other network addresses for analysis, effectively outputting data for addresses that resemble a known malicious node.).
Regarding Claim 3
Crabtree discloses:
The search device according to claim 1, wherein the generating an active data analysis result further comprises obtaining information indicating a degree of malignancy for each network address based on information indicating a tendency of malicious communication information and communication information for each network address obtained by scanning the Internet (Crabtree ¶72 and 87: teaches generating an active data analysis result by scanning network endpoints and analyzing their communication behavior to identify vulnerabilities and patterns, then assigning a weighted score or criticality rating to each node based on its behavior and risk profile. This directly maps to obtaining a degree of malignancy for each network address based on malicious communication tendencies observed during Internet scanning.).
Regarding Claim 4
Crabtree discloses:
The search device according to claim 1, wherein the generating an active data analysis result further comprises analyzing at least one of a determination result from a program instruction for determining a malicious network address, a determination date and time, or information on related malware (Crabtree ¶87 and ¶89: The scoring engine analyzes active reconnaissance results and combines them with cyber-physical graph data to identify node vulnerabilities, behavioral anomalies, and criticality. This includes identifying when anomalies occur (determination date and time), what capabilities or malware may be present (related malware), and whether a node appears compromised (determination result).).
Regarding Claim 5
Claim 5 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 5 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 6
Claim 6 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 6 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 7
Claim 7 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 7 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 8
Claim 8 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 8 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 9
Claim 9 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 9 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 10
Claim 10 is directed to a method corresponding to the computer-implemented method in claim 2. Claim 10 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 11
Claim 11 is directed to a method corresponding to the computer-implemented method in claim 11. Claim 3 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 12
Claim 12 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 12 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 13
Claim 13 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 14
Claim 14 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 14 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 15
Claim 15 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 15 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 16
Claim 16 is directed to a method corresponding to the computer-implemented method in claim 2. Claim 16 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 17
Claim 17 is directed to a method corresponding to the computer-implemented method in claim 17. Claim 3 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 18
Claim 18 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 18 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 19
Claim 19 is directed to a method corresponding to the computer-implemented method in claim 3. Claim 19 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim20
Claim 20 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 20 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Sandoval US 8,516,596 B2 - teaches a method and system for simulating cyber attacks across multiple phases such as scanning, gaining access, privilege escalation, and data exfiltration. It evaluates how different cyber defenses perform by generating metrics like attack duration, number of successful attacks, resource usage, and disruption frequency. The system identifies the most effective defense based on these metrics and can update the network to use that defense.
Masri US 8,010,103 B2 - teaches a wireless communication apparatus that uses both passive and active scanning modes to detect and connect to network stations. In passive mode, the device listens for incoming data or management packets, and if such a packet is detected, especially one containing an application payload it automatically switches to active scanning to locate available network stations. The system enables dynamic, context-triggered scanning based on detected wireless traffic, improving efficiency and responsiveness in wireless network discovery.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD A. ABDULLAH whose telephone number is (571)272-1531. The examiner can normally be reached on Monday - Friday, 8:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/Examiner, Art Unit 2431
/MICHAEL R VAUGHAN/Primary Examiner, Art Unit 2431
Prosecution Insights