Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to the original filing of 04/10/2024. Claims 1-20 are pending and have been considered below.
Priority
Acknowledgment is made of no clam of foreign priority.
Drawings
The drawings filed on 04/10/2024 are accepted.
Specification
The amendment to the specification filed on 04/10/2024 is accepted.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2020/0329072 A1.
Claims 1, 11 and 16:Dubois et al method, a system comprising:
a non-transitory computer readable storage medium comprising instructions for a server that, when executed by a processing device (par.7-8, 36), cause the processing device to perform operations comprising:
a memory (par.36): and
a processing device coupled to the memory, the processing device to perform operations comprising (par.36):
receiving a plurality of records each corresponding to respective one or more events associated with a set of computing resources of one or more entities (par.23, 78, receive event logs from one or more of the security devices of the security infrastructure of a customer's network or other networks);
for each of the plurality of records, determining, using a trained artificial intelligence (AI) model, a level of confidence that a respective record is indicative of a security threat (par.78, a system that uniquely identifies end devices may also have the ability to report the behavior of such end devices to the IP network 202, such as by sharing the information for that end device with a network based system. Further, one or more profiles and models of expected behaviors of the end user devices may be created either manually from the received information or via one or more machine learning or artificial intelligence processes of similar end user devices on other environments analyzed in an aggregated manner);
responsive to determining that a level of confidence of a first record of the plurality of records satisfies a first threshold criterion (par.69-71, If the threat level value of the threat entry that matches the event log entry does not exceed the threat level threshold of the security policy, the security management system 218 may return to operation 704 to receive additional even log information 326 for further analysis. If the threat level value of the threat entry that matches the event log entry meets or exceeds the threat level threshold of the security policy, the security management system 218 may configure one or more security devices/services of the security infrastructure 220 in response to the match and according to one or more security policies of the infrastructure. For example, a firewall rule may be generated by the security.):
forwarding the first record to a security threat detection platform (par.43, , any activity conducted by the security device 206-210 of the customer network 204 may be included in an event log of the corresponding security device and transmitted to the customer log receiver 316 of the security management application 310. and
responsive to determining that a level of confidence of each of a second record and a third record of the plurality of records fails to satisfy the first threshold criterion but satisfies a second threshold criterion (par. 69-70, the security management system 218 may compare any aspect of the device logs 326 to any aspect of the entries in the threat data 324 to determine if a match occurs. If no match between an entry in the threat intelligence data 324 and the log entries occurs, the security management system 218 may return to operation 704 and receive additional security log information 326 from one or more security devices of the security infrastructure 220.):
Dubois et al fails to teach, however Lotem et al in the same field of endeavor teaches
aggregating the second record with the third record to create aggregated data (par.183, the channel log based detection analytics method 700A further includes aggregating associated channel features over a time duration—step 716, combining current computed feature values of a channel with historic computed feature values for a matched channel, identified by a pair of asset and host.); and
forwarding at least part of the aggregated data to the security threat detection platform (par.193-196, , a report may be transmitted).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Lotem et al in order to provide the ability for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers, as suggested by Lotem et al abstract.
Claims 2-3, 12-13 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1in further view of Alagna et al 2022/0342707 A1.
Claims 2, 12 and 17: the combination fails to teach, however Alagna et al in the same field of endeavor teaches
wherein each of the plurality of records is received by a forwarder agent running on a computing resource of a respective set of computing resources (par.26).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Alagna et al in order to provide security solutions to effectively leverage data to detect, alert, and prevent security events, as suggested by Alagna et al par.01.
Claim 3, 13 and 18: the combination fails to teach, however Alagna et al in the same field of endeavor teaches
wherein each of the plurality of records is received by a filtering component from a forwarder agent running on a computing resource of a respective set of computing resources(par.26-27,44, 103) .
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Alagna et al in order to provide security solutions to effectively leverage data to detect, alert, and prevent security events, as suggested by Alagna et al par.01.
Claims 4-5, 14-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1in further view of Landy et al 2024/0089256 A1.
Claims 4, 14 and 19: the combination fails to teach, however Landy et al in the same field of endeavor teaches wherein:
a level of confidence of a record satisfies the first threshold criterion when the level of confidence of the record is above a first threshold associated with the first threshold criterion (par. 12, 16, 39, 43, 95, 130); and
a level of confidence of a record satisfies the second threshold criterion when the level of confidence of the record is above a second threshold associated with the second threshold criterion, wherein the first threshold is higher than the second threshold (par12, 16, 39, 43, 95, 130).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Landy et al in order to provide the ability for verifying authentication credentials in an electronic network, as suggested by Landy et al abstract.
Claims 5, 15 and 20:Th the combination fails to teach, however Landy et al in the same field of endeavor teaches wherein determining, using the trained AI model, the level of confidence that the respective record is indicative of the security threat (par.130) comprises:
providing the respective record as input to the trained AI model; and
obtaining, from the trained AI model, one or more outputs specifying the level of confidence that the respective record is indicative of the security threat (par.71-74).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Landy et al in order to provide the ability for verifying authentication credentials in an electronic network, as suggested by Landy et al abstract.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1 in further view of Sopan U.S. 11,637,862 B1 and Sharma U.S. 2024/0256785 A1.
Claim 6: the combination fails to teach, however Sopan in the same field of endeavor teaches further comprising:
generating a training input based on a set of historical records of a plurality of historical events associated with a plurality of computing resources (col. 2, lines 3-12);
generating a target output for the first training input, wherein the first target output identifies whether each historical record of the plurality of historical records is indicative of a respective security threat (col.3, lines 44-50); and
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Sopan in order to provide the ability for performing cyber-security alert analysis and prioritization according to machine learning employing a predictive model to implement a self-learning feedback loop. The self-learning feedback loop to receive cyber-security alerts and mitigate the cyberthreats represented in the cybersecurity alerts, as suggested by Sopan abstract.
The combination fails to teach, however Sharma in the same field of endeavor teaches
utilizing training data comprising the training input and the target output for re-training the trained AI model (par.74-75).
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Sharma order to provide the ability for determining a context based on one or more contextual units, as suggested by Sharma abstract.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1 in further view of Sopan U.S. 11,637,862 B1 and Sharma U.S. 2024/0256785 A1 and Gopalakrisnan et al U.S 2023/0134546 A1.
Claim 7: the combination fails to teach, however Gopalakrishnan et al in the same field of endeavor teaches
wherein generating the first training input further comprises: splitting a historical record of the set of historical records into one or more tokens(par.57, 62, 88)”
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Gopalakrishnan et al order to provide the ability for deploy real-time preventative or corrective measures based on the ML model output to counter or mitigate the effects of an attack, as suggested by Gopalakrishnan et al abstract.
Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1 in further view of Sopan U.S. 11,637,862 B1 and Sharma U.S. 2024/0256785 A1 and Liu et al U.S 11,755,626 B1.
Claim 8: the combination fails to teach, however Liu et al in the same field of endeavor teaches
wherein generating the first training input further comprises: transforming each token referenced in a historical record of the set of historical records into one or more stems (col.2, lines 17- 45, col.39, lines 35-45)”
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Liu et al order to provide a monitoring component that facilitates generating performance data related to host device's operating state, including monitoring network traffic sent and received from the host device and collecting other device and/or application-specific information., as suggested by Liu et al col.8, lines 35-45.
Claim 9: the combination fails to teach, however Liu et al in the same field of endeavor teaches
wherein generating the first training input further comprises: transforming each token referenced in a historical record of the set of historical records into one or more lemmas (col.2, lines 17- 45, col.39, lines 35-45)”
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Liu et al order to provide a monitoring component that facilitates generating performance data related to host device's operating state, including monitoring network traffic sent and received from the host device and collecting other device and/or application-specific information., as suggested by Liu et al col.8, lines 35-45.
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Dubois et al U.S. 2020/0329072 A1 in view of Lotem et al U.S. 2016/0156655 A1 in further view of Sopan U.S. 11,637,862 B1 and Sharma U.S. 2024/0256785 A1 and Manolache et al U.S 2022/0327108 A1.
Claim 10: the combination fails to teach, however Manolache et al in the same field of endeavor teaches
wherein generating the first training input further comprises: discarding one or more tokens from a historical record of the set of historical records (par.68-69, 79-80)”
Therefore, it would have been obvious for one ordinary skill in the art before the effective filing date of the invention to modify the teaching of Dubois et al with the additional feature of Manolache et al order to provide the ability to employ a novel procedure of training an artificial intelligence system for anomaly detection in applications such as natural language processing and computer security, as suggested by Manolache et al abstract.
The following prior art are cited to further show the state of the art at the time of applicant’s invention.
Borges U.S. 2023/0105087 A1 systems and methods for detecting malicious hand-on-keyboard activity via machine learning.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685. The examiner can normally be reached 6:30-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sunday, December 28, 2025
/FATOUMATA TRAORE/ Primary Examiner, Art Unit 2436