SYSTEM AND METHOD FOR GENERATING A SIGNATURE OF A SPAM MESSAGE BASED ON CLUSTERING

§102 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action 2. Claims 1-20 are pending in Instant Application. Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/04/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Priority Examiner acknowledges that the present application is a continuation of U.S. Patent Application No. 17/565,570, which claims priority to a Russian Application No. 2021106650, filed on March 15, 2021, the entire contents of which are incorporated herein by reference. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-6, 8-15, and 17-20 are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by US 7,725,475 issued to Alspector et al. (Alspector) (Applicant IDS). As per claim 1, Alspector teaches a method for generating a signature of a spam message (Alspector: Col. 9, ll. 36 - spam signature development), the method comprising: intercepting at least two electronic messages; determining attributes of the at least two intercepted electronic messages (Alspector: Col. 8, ll. (19-26) - an inductive classifier uses a training set of e-mails to develop a classification model. To do so, the training set of e-mails are analyzed to determine the attributes of the e-mails in the training set. Attribute selection techniques are then applied to determine the attributes that discriminate the best between the classes (e.g., that help to distinguish spam e-mails from legitimate)); classifying a first electronic message among the at least two intercepted electronic messages as a spam message based on the determined attributes using a machine learning method (Alspector: Col. 6, ll. (50-58) - an inductive classifier employs machine learning techniques to develop a classification model that allows the classifier to classify an unknown e-mail or other document as spam or non-spam. Typically, a training set of spam and non-spam e-mails or other documents are used by the classifier to determine the attributes that are most useful in classifying an unknown document and the model is developed from these attributes); determining whether the at least two intercepted electronic messages belong to a single cluster based on the classified attributes; and generating a signature of a spam message based on a determination that the two intercepted electronic messages belong to a cluster according to the attributes (Alspector: Col. 18, ll. (10-18) - the attribute information 505 transmitted to duplicate detector 232 then may contain the attribute clusters. Lexicon generator 515 may then designate the lexicon as containing the attribute clusters or a subset of the attribute clusters. Attribute analyzer 530 is then modified to determine the unique attribute clusters in an e-mail. The intersection between the unique attribute clusters in the e-mail and the lexicon of attribute clusters is then determined and used to generate the signature for the e-mail). As per claim 2, Alspector teaches the method of claim 1, wherein the attributes comprise one or more classification attributes and one or more clustering attributes contained (Alspector: Col. 18, ll. (1-9) - For classification and optimization, the operation of attribute analyzer 630 is then adjusted to determine whether the incoming e-mail contains the A attribute clusters. Attribute analyzer 630 then constructs an A element attribute cluster vector for each e-mail, where each entry in the attribute cluster vector is a binary value that indicates whether the Ath attribute cluster is contained in the incoming or evaluation e-mail. The attribute cluster vector is then used by classifier 650 to determine a classification output). As per claim 3, Alspector teaches the method according to claim 2, wherein the one or more clustering attributes comprise at least one of: a sequence of words extracted from a text of a corresponding electronic message, a fuzzy hash value calculated based on the sequence of words from the text of the corresponding electronic message, or a vector characterizing the text of the corresponding electronic message (Alspector: Col. 18, ll. (4-5) - attribute analyzer constructs an A element attribute cluster vector for each e-mail (a vector characterizing the text of the corresponding electronic message)). As per claim 4, Alspector teaches the method of claim 2, wherein the machine learning method is trained using the one or more classification attributes to determine characteristics used for classification of electronic messages as a spam message with a given probability (Alspector: Fig. 11 - obtain a classification output for the unknown e-mail based on whether the e-mail contains the N attributes and check whether Probability measure < threshold, if the answer is “No” then it is classified as spam). As per claim 5, Alspector teaches the method according to claim 3, wherein the machine learning method comprises a trained classification model utilizing at least one of: Bayesian classifiers, logistic regression, a Markov Random Field (MRF) classifier, a support vector method, a k-nearest neighbors method, a decision tree, or a recurrent neural network (Alspector: Col. 11, ll. (19-21) - classifier may be a support vector machine (SVM), a Naive Bayesian classifier, or a limited dependence Bayesian classifier). As per claim 6, Alspector teaches the method of claim 2, further comprising: in response to determining that the one or more clustering attributes of the intercepted second electronic message contain the generated signature, identifying the intercepted second electronic message as a spam message belonging to the single cluster of electronic messages (Alspector: Fig. 3 - teaches after receiving the email, determine query signature of incoming email and determine if it matches a spam signature and if the answer is “yes”, forward e-mail to e-mail handler along with indication that e-mail is spam). As per claim 8, Alspector teaches the method according to claim 1, wherein the signature of the spam message is generated based on one of: a most common sequence of words in text of one or more electronic messages contained in the identified single cluster of electronic messages; or a most common sequence of characters in fuzzy hash values calculated based on the text of the one or more electronic messages contained in the identified single cluster of electronic messages (Alspector: Col. 7, ll. (51-67) - the intersection between the set of unique words and the lexicon is obtained (i.e., the words that are in both the lexicon and the set of unique words are identified). This intersection is then mapped to a single hash value using a hash algorithm such as the Secure Hash Algorithm 1 (SHA1). If the hash value matches the hash value of another document, then the two documents are considered to be duplicates of one another. Using such techniques, after a collection of known spam e-mails has been obtained, the signatures of the known spam e-mails may be calculated to obtain spam signatures). As per claim 9, Alspector teaches the method according to claim 1, wherein the signature of the spam message is generated based on a re-identified cluster of spam messages, and wherein more spam messages are identified by using the generated signature than by using a previously generated signature (Alspector: Col. 7, ll. (51-67) - the intersection between the set of unique words and the lexicon is obtained (i.e., the words that are in both the lexicon and the set of unique words are identified). This intersection is then mapped to a single hash value using a hash algorithm and using such techniques, after a collection of known spam e-mails has been obtained, the signatures of the known spam e-mails may be calculated to obtain spam signatures (so newly generated signature is used)). As per claim 10, the claim resembles claim 1 and is rejected under the same rationale while Alspector teaches a hardware processor (Alspector: Col. 17, ll. 19 - teaches computers comprising at least one processor). As per claim 11, the claim resembles claim 2 and is rejected under the same rationale. As per claim 12, the claim resembles claim 3 and is rejected under the same rationale. As per claim 13, the claim resembles claim 4 and is rejected under the same rationale. As per claim 14, the claim resembles claim 5 and is rejected under the same rationale. As per claim 15, the claim resembles claim 6 and is rejected under the same rationale. As per claim 17, the claim resembles claim 8 and is rejected under the same rationale. As per claim 18, the claim resembles claim 9 and is rejected under the same rationale. As per claim 19, the claim resembles claim 1 and is rejected under the same rationale while Alspector teaches non-transitory computer readable medium storing thereon computer executable instructions (Alspector: Col. 17, ll. (24-27) - a computer usable storage medium or device read into the processor of the computer and executed, the instructions of the program). As per claim 20, the claim resembles claim 2 and is rejected under the same rationale. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 7,725,475 issued to Alspector et al. (Alspector) (Applicant IDS) in view US 8,918,466 issued to Yu. As per claim 7, Alspector teaches the method of claim 1 however does not explicitly teach wherein an intercepted electronic message is classified as spam when the intercepted electronic message is transmitted for at least one of: commission of fraud; unsanctioned receipt of confidential information; or selling of goods and services. Yu however explicitly teaches wherein an intercepted electronic message is classified as spam when the intercepted electronic message is transmitted for at least one of: commission of fraud; unsanctioned receipt of confidential information; or selling of goods and services (Yu: Col. 1, ll. (45-51) - other practices of spammers that can be annoying to a recipient include obtaining information about the recipient for later use in sales or commerce. For example, sellers often desire any type of information on a potential customer such as whether an email address is valid, the likes/dislikes of the customer, etc. On the other hand, users desire to keep such information confidential or otherwise restricted). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Alspector in view of Yu to teach wherein an intercepted electronic message is classified as spam when the intercepted electronic message is transmitted for at least one of: commission of fraud; unsanctioned receipt of confidential information; or selling of goods and services. One would be motivated to do so as other practices of spammers that can be annoying to a recipient include obtaining information about the recipient for later use in sales or commerce. For example, sellers often desire any type of information on a potential customer such as whether an email address is valid, the likes/dislikes of the customer, etc. On the other hand, users desire to keep such information confidential or otherwise restricted (Yu: Col. 1, ll. (45-51)). As per claim 16, the claim resembles claim 7 and is rejected under the same rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SM AZIZUR RAHMAN whose telephone number is (571)270-7360. The examiner can normally be reached on M-F Telework; If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached on 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SM A RAHMAN/Primary Examiner, Art Unit 2434