DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim(s) 1, 3, 6, 11, 13, 16 and 20 have been amended. Claim(s) 1-20 are currently pending examination.
Response to Amendment
The Applicant filed amendment(s) to claim(s) on 02/09/2026 to remedy the rejection(s).
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 9-11 & 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 10-11, 19-20 is/are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by HAN et al. (US 2023/0418943 A1).
Re Claim 1, 11 & 20, HAN teaches a method for detecting cyberattacks in network communications, the method comprising:
collecting packet data in real time during the network communications; (HAN; FIG. 1-25; Background, Summary, ¶ [0126], [0130]-[0132], [0151]; Real time data packet collection during network communication.)
extracting relevant data from the collected data; (HAN; FIG. 1-25; Background, Summary, ¶ [0106]-[0132], [0147]; Extracting information from collected data.)
positioning each packet in the relevant data to develop a fingerprint by creating an image containing blocks; (HAN; FIG. 1-25; Background, Summary, ¶ [0124], [0152]-[0195]; Multi-dimensional analysis (fingerprint), to develop image/blocks of data packets.)
colouring a pixel of a block of the image based on a value of a portion of a binary representation of a corresponding byte transmitted in the relevant data; (HAN; FIG. 1-25; Background, Summary, ¶ [0091]-[0092], [0124], [0152]-[0195]; Coloring the pixels of the image based on binary values of the data.)
finding, by an artificial intelligence (Al) algorithm, by using the fingerprint in the image, a threat level of a potential cyberattack to the collected data; and (HAN; FIG. 1-25; Background, Summary, ¶ [0070]-[0092], [0124], [0152]-[0195]; Using machine learning, AI related models to detect potential cyberattack of the collected data.)
applying a countermeasure to the network communication based on the threat level of the potential cyberattack. (HAN; FIG. 1-25; Background, Summary, ¶ [0070]-[0092], [0124], [0152]-[0195], [0264]-[0271]; Applying response solution to the threat.)
Re Claim 10 & 19, HAN discloses the method according to claim 1, further comprising:
when the fingerprint is not found in a fingerprint database, adding the fingerprint to the fingerprint database. (HAN; FIG. 1-6; ¶ [0098]-[0108]; Adding a file that was not found to the system.)
Claim(s) 2-5, 7-8, 12-15, 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over HAN et al. (US 2023/0418943 A1) and further in view of BOLL et al. (US 2023/0394144 A1).
Re Claim 2 & 12, HAN discloses the method according to claim 1, yet does not explicitly suggest wherein positioning each packet in the relevant data is performed based on a size of the image by a space-filling curve.
However, in analogous art, BOLL teaches wherein positioning each packet in the relevant data is performed based on a size of the image by a space-filling curve. (BOLL; FIG. 1-14; Background, Summary, ¶ [0114]-[0128]; Space filling curve related to data and images.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Re Claim 3 & 13, HAN-BOLL discloses the method according to claim 2, wherein the space-filing curve is a Hilbert curve. (BOLL; FIG. 1-14; Background, Summary, ¶ [0041]-[0045]; A Hilbert curve.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Re Claim 4 & 14, HAN-BOLL discloses the method according to claim 2, wherein the AI algorithm has been trained with a plurality of PCAP data and corresponding levels of malicious attacks via the space-filling curve. (BOLL; FIG. 1-14; Background, Summary, ¶ [0089]; Training data using space filling curve related data and associated malware.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Re Claim 5 & 15, HAN-BOLL discloses the method according to claim 2, wherein the space-filling curve preserves adjacency between two packets in corresponding two block positions in the image. BOLL; FIG. 1-14; Background, Summary, ¶ [0088], [0096]; Space filling curve matrix with assorted data.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Re Claim 7 & 17, HAN-MUECK discloses the method according to claim 1, yet does not explicitly suggest wherein the block has a predetermined number of pixels corresponding to a size of each packet.
However, in analogous art, BOLL teaches wherein the block has a predetermined number of pixels corresponding to a size of each packet. (BOLL; FIG. 1-14; Background, Summary, ¶ [0107]-[0114]; Pixel related to data.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Re Claim 8 & 18, HAN-BOLL discloses the method according to claim 7, wherein each pixel has a predetermined number of gray scales or colours. (BOLL; FIG. 1-5; ¶ [0113], [0120], [0135]; Gray scale images.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of BOLL to perform space filling for the reasons of creating a method of malware detection using image space filling. (BOLL ¶ [0041]-[0042])
Claim(s) 6 & 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over HAN et al. (US 2023/0418943 A1) and further in view of Hutchinson et al. (US 2020/0244699 A1).
Re Claim 6 & 16, HAN discloses the method according to claim 1, yet does not explicitly suggest wherein colouring the pixel of the block is additionally based on bars on communication flags and packet sizes.
However, in analogous art, Hutchinson teaches wherein colouring the pixel of the block is additionally based on bars on communication flags and packet sizes. (Hutchinson; FIG. 1-6; ¶ [0094]-[0100], [0192]-[0203]; Communication related flags and sizes associated with network packets.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of Hutchinson to detail communication flags and packet sizes for the reason of monitoring network traffic and determining reachability. (Hutchinson Abstract)
Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over HAN et al. (US 2023/0418943 A1) and further in view of ZARON et al. (US 2021/0105293 A1).
Re Claim 9, HAN discloses the method according to claim 1, yet does not explicitly suggest wherein the relevant data includes information from a header, protocol disclosure, and transmitted data.
However, in analogous art, ZARON teaches wherein the relevant data includes information from a header, protocol disclosure, and transmitted data. (ZARON; FIG. 1-5; ¶ [0052]-[0063]; The transmission of data headers, protocol and various other data related to data packet in network anomaly detection.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify HAN in view of ZARON to transmit various data related to cyber attacks for the reason of creating a method of anomaly detection in a network. (ZARON Abstract)
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER B ROBINSON whose telephone number is (571)270-0702. The examiner can normally be reached M-F 7:00-3:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached at 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER B ROBINSON/Primary Examiner, Art Unit 2443