DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-15 have been considered but are moot based on new grounds of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 - 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hittel, publication number: US 2018/0288087 in view of Al-Harbi, publication number: US 2012/0180133.
As per claims 1, 9 and 10, Hittel teaches a computer-implemented method of simulating the propagation of malware in a network, the method comprising:
accessing a model of the network, the model comprising a plurality of computer nodes, each computer node of the plurality of computer nodes being connected to at least one edge of a plurality of edges, wherein each edge of the plurality of edges connects a pair of computer nodes of the plurality of computer nodes (network model with nodes and edges, Fig. 6, [0086-0087][0116]);
initiating an outbreak of the malware in the model at a predetermined source computer node of the plurality of computer nodes (Simulation, [0022], user zero, [0026]); and
propagating the malware through the model of the network from the source computer node, the propagation being determined based on a rate of transmission, wherein the rate of transmission is based upon a contact rate for each edge of the plurality of edges (simulation based on connection privileges of nodes connected to an edge, [0103][0107][0045][0094]);
Hittel does not teach wherein the contact rates vary individually for each edge in the network; and
The contact rate for each edge of the plurality of edges is based upon a contact size of network traffic passing between the computer nodes connected by the edge over a predetermined time period, the contact size for an edge comprising a measure of an amount, degree, or timing of the network traffic passing between the computer nodes connected by that particular edge over the predetermined time period.
In an analogous art, Al-Harbi teaches wherein the contact rates vary individually for each edge in the network; and
The contact rate for each edge of the plurality of edges is based upon a contact size of network traffic passing between the computer nodes connected by the edge over a predetermined time period, the contact size for an edge comprising a measure of an amount, degree, or timing of the network traffic passing between the computer nodes connected by that particular edge over the predetermined time period (determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053], analysis being periodic, [0023][0025]).
Therefore, it would have been obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to modify Hittel’s malware simulation system to include susceptibility based classification of nodes as described in Al-Harbi’s risk assessment system for the advantages of prioritizing system resources or actions during a breach.
As per claim 2, the combination teaches wherein the contact rate for each edge of the plurality of edges is based at least upon the amount of data passing along the corresponding edge over the predetermined time period (Al-Harbi: determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053]).
As per claim 3, the combination teaches wherein the contact rate for each edge of the plurality of edges is based at least upon the number of packets of data passing along the corresponding edge over the predetermined time period (Al-Harbi: determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053]).
As per claim 4, the combination teaches wherein the contact rate for each edge of the plurality of edges is based at least upon one or more ports of the computer nodes, the one or more ports being used for the network traffic passing between the computer nodes connected by that edge over a predetermined time period (Al-Harbi: determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053]).
As per claim 5, the combination teaches wherein the contact rate for each edge of the plurality of edges is based at least upon the how recently data has passed along the corresponding edge over the predetermined time period (Al-Harbi: determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053]).
As per claim 6, the combination teaches wherein the rate of transmission for each edge of the plurality of edges is at least partially determined according to a decaying exponential function;
wherein the decaying exponential function is defined by the contact rate being based upon the how recently data has passed along the corresponding edge over the predetermined time period (Al-Harbi: determining node susceptibility based on network topology and traffic analysis, [0016][0020][0053], analysis being periodic, [0023][0025]).
As per claim 7, the combination teaches comprising:
simulating a propagation of the malware through the set of computer systems using a model of the set of computer systems, wherein the simulating comprises the method of claim 1; and
identifying one or more malware protection measures to be deployed to one or more of the set of computer systems based on the simulating (Hittel: security actions, [0154], Al-Harbi: topology, [0016], mitigation, [0021]).
As per claim 8, the combination teaches comprising: deploying the one or more malware protection measures to the one or more computer systems (Hittel: security actions, [0154], Al-Harbi: topology, [0016], mitigation, [0021]).
Claims 11-15 are rejected based on claims 2-6.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUGBENGA O IDOWU whose telephone number is (571)270-1450. The examiner can normally be reached Monday-Friday 8am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/OLUGBENGA O IDOWU/ Primary Examiner, Art Unit 2494
Prosecution Insights