DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The following is a Non-Final Office Action in response to applicant’s filing on November 10, 2024. Claims 1-10 are pending, of which claims 1, and 8 are in independent form.
Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract is objected because it includes unnecessary technical and procedural detail and substantially tracks the claim language. The abstract should be limited to a brief summary of the disclosed invention and should not read as a restatement of the claim.
Further, the specification is objected to for failing to provide antecedent basis and supporting disclosure for the mathematical formula and associated terminology recited in claim 6 as recited “importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhi”.
Accordingly, the specification never introduces:
an “importance level representation formula”
sigmoid functions “σ”
activation functions
Matrix A
Matrix B
Network flow partial chronological feature vectors “ωi”
Summation of hi across N
Averaging term (1/N) ∑hi
Therefore, the formula and its associated terminology appear only in the claim 6 and are not supported by the specification. Appropriate correction is required.
Claim Objections
Claim 6 objected to because of the following informalities: Claim 6 recites “Si=σ(A*ωi+B*1/N∑i=1Nhi”. However, the formula fails to include a closing parenthesis corresponding to the opening parenthesis. Appropriate correction is required.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) ELEMENT IN CLAIM FOR A COMBINATION. — An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary
skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection |, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AlA35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a cybersecurity-related data obtaining module , a network flow chronological feature extracting module, a log semantics feature extracting module, a feature fusing module and an attacker's behavior mode determining module” in claims 8 and 9.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim
limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 4-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 4 recites “semantically encoding said network log to obtain a network log semantics feature vector sequence,”. In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". And MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed." For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date.
The non-provisional specification fails to provide written description support for the claim limitation of “semantically encoding”. Given that the limitation of claim 4 the specification describes ( semantically encoding the network log to obtain a network log semantics feature vector sequence. That is, capturing a semantics feature of the network log, and understanding and analyzing various events recorded in the network log., see paragraph [0050]), Accordingly, the specification does not reasonably convey possession of the subject matter in claim 4. The specification merely states that the network log is “semantically encoded” to obtain a feature vector sequence, without disclosing how such encoding is performed and what semantic encoding technique was used.
Further, claim 5 recites “said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism;”. In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". And MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed." For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date.
The non-provisional specification fails to provide written description support for the claim limitation of “gate attention mechanism”. Given that the limitation of claim 5 the specification describes (the step of fusing the network flow chronological feature and the log semantics feature to obtain a network flow-log semantics cross-fusion feature includes the sub-steps of obtaining a network flow-log semantics cross-fusion feature vector from the network flow partial chronological feature vector sequence and the network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism; and taking the network flow-log semantics cross-fusion feature vector as the network flow-log semantics cross-fusion feature., see paragraph [0052]), Accordingly, the specification mentions gate attention at a conceptual level. However, it does not provide sufficient guidance to implement gate-attention based fusion. Moreover, the specification does not provide no operational steps, algorithm or technique, for implementing gate attention mechanism.
Furthermore, claim 6 recites “calculating an importance level representation vector between said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence according to a following importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhi;”. In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". See MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed."
Claim 6 recites calculating an “importance level representation vector” using a mathematical formula involving metrices A and B, a sigmoid function, vector summation and averaging operations, and weighted dynamic updating of network flow partial chronological feature vectors. However, the claimed formula is not disclosed anywhere in the specification, either explicitly or implicitly. Even if the formula were assumed to exist in the specification, multiple essential variable and structural relationships are missing, rendering the claim unsupported.
Claim 6 recites “Si=σ(A*ωi+B*1N∑i=1Nhi;”, However, the specification never introduces:
an “importance level representation formula”
sigmoid functions “σ”
activation functions
Matrix A
Matrix B
Network flow partial chronological feature vectors “ωi”
Summation of hi across N
Averaging term (1/N) ∑hi
The specification does not describe how any such calculated importance values are applied to dynamically update network flow partial chronological feature vectors.
Thus, the non-provisional specification fails to provide written description support for the claim limitation of “Si=σ(A*ωi+B*1/N∑i=1Nhi”. Given that the limitation of claim 6 the specification describes (the step of fusing the network flow chronological feature and the log semantics feature to obtain a network flow-log semantics cross-fusion feature includes the sub-steps of obtaining a network flow-log semantics cross-fusion feature vector from the network flow partial chronological feature vector sequence and the network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism; and taking the network flow-log semantics cross-fusion feature vector as the network flow-log semantics cross-fusion feature, see paragraph [0052]). Accordingly, the disclosure fails to provide adequate written description for dynamic updating of network flow feature vectors. Moreover, the specification discloses gate attention fusion only at a conceptual level and does not describe the specific mathematical operations recited in claim 6.
In addition, claim 8 recites “a cybersecurity-related data obtaining module , a network flow chronological feature extracting module, a log semantics feature extracting module, a feature fusing module and an attacker's behavior mode determining module;”. In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". And MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed." For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. The non-provisional specification fails to provide written description support for the claim limitation of “a cybersecurity-related data obtaining module , a network flow chronological feature extracting module, a log semantics feature extracting module, a feature fusing module and an attacker's behavior mode determining module”. Given that the limitation of claim 8 the specification describes (a cybersecurity-related data obtaining module used to obtain cybersecurity-related data, wherein the cybersecurity-related data includes network flow values at a plurality of predetermined time points within a predetermined time length and a network log of the predetermined time length; a network flow chronological feature extracting module used to extract a network flow chronological feature of the network flow values at the plurality of predetermined time points; a log semantics feature extracting module used to extract a log semantics feature of the network log; a feature fusing module used to fuse the network flow chronological feature and the log semantics feature, so as to obtain a network flow-log semantics cross-fusion feature; and an attacker's behavior mode determining module used to determine a mode of attacker's behaviors based on the network flow-log semantics cross-fusion feature, see paragraph [0012]). Accordingly, the specification does not disclose concrete hardware architecture, software architecture, or structure. The claim broadly recites functional modules without corresponding disclosure of system architecture, algorithms, or alternative implementations sufficient to support the breath of the claim.
Note though that a claim will not be found inadequate on section 112(a) ground simply because the embodiments of the specification do not contain examples explicitly covering the full scope of the claim language. That is because the patent specification is written for a person of ordinary skill in the art, and such a person comes to the patent disclosure with the knowledge of what has come before. While a claim will not usually be limited to a particular species described in the specification, it is clear from the non-provisional specification in this application that the disclosed.
The level of detail required to satisfy the written description requirement varies depending on the nature and scope of the claims and on the complexity and predictability of the relevant technology. Ariad, 598 F.3d at 1351, 94 USPQ2d at 1172; Capon v. Eshhar, 418 F.3d 1349, 1357-58, 76 USPQ2d 1078, 1083-84 (Fed. Cir. 2005). Computer-implemented inventions are often disclosed and claimed in terms of their functionality. For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 682. 114 USPQ2d 1349, 1356 (citing Ariad Pharm., Inc. V. Eli Lilly & Co, 598 F.3d 1336, 1351, 94 USPQ2d 1161, 1172 (Fed. Cir. 2010) in the context of determining possession of a claimed means of accessing disparate databases).
Dependent claims 7, 9-10 are similarly rejected due to inherited dependencies.
Claims 6-7, 9-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention.
Claim 6 recites “calculating an importance level representation vector between said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence according to a following importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhiwhere, A represents a matrix of 1×Nω, B represents a matrix of 1×Nh, σ represents a sigmoid function, ωi represents the ith network flow partial chronological feature vector within said network flow partial chronological feature vector sequence, hi represents the ith network log semantics feature vector within said network log semantics feature vector sequence, N represents a number of the vectors within said network log semantics feature vector sequence, Si represents a feature value at the ith position within said importance level representation vector; and taking each feature value of said importance level representation vector as a weight to dynamically update each network flow partial chronological feature vector within said network flow partial chronological feature vector sequence, so as to obtain said network flow-log semantics cross-fusion feature vector.”.
Claim 6 requires calculating an importance level representation vector using a specific ,mathematical formula involving matrix operations, vector averaging… and dynamic updating of features vectors. The specification, however, does not teach how to implement the recited formula, does not define sigmoid function (σ), does not disclose how the metrices are constructed or applied (A and B), does not define dimensional relationship between operands (A*ωi) and (B*1N∑hi), does not define enablement of the averaging ((1/N) ∑hi) and does not explain how the resulting importance values dynamically update feature vectors. Moreover, mathematical expression recited in the claim contains incomplete parenthetical notation.
As a result, a person of ordinary skill in the art would be required to engage in undue experimentation to determine the algorithmic structure and computational steps necessary to practice the claimed invention, Accordingly, claim 6 is not enabled.
Dependent claims 7, 9-10 are similarly rejected due to inherited dependencies.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 6-7, 8-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 6 is rejected as being indefinite. Claim 6 recites “Si=σ(A*ωi+B*1/N∑i=1Nhi”, the mathematical expression recited in the claim contains incomplete parenthetical notation, such that the scope of the claim cannot be determined with reasonable certainty.
Claim 8 is rejected as being indefinite. Claim 8 recites “a cybersecurity-related data obtaining module , a network flow chronological feature extracting module, a log semantics feature extracting module, a feature fusing module and an attacker's behavior mode determining module;”.
Claim 8 recites multiple elements using functional “module” language, without reciting sufficient structure for performing the claimed functions. As a result, the scope of the claim cannot be determined with reasonable certainty.
Claim 9 is rejected as being indefinite. Claim 9 recites “said network flow chronological feature extracting module;”. Claim 9 recites element using functional “module” language, without reciting sufficient structure for performing the claimed functions. As a result, the scope of the claim cannot be determined with reasonable certainty.
Dependent claims 7 and 10 are similarly rejected due to inherited dependencies.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite a method for auctioning goods or services which is considered a judicial exception because it falls under Certain Methods of Organizing Human Activity such as commercial or legal interactions including sales activities. This judicial exception is not integrated into a practical application as discussed below and the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception as discussed below.
This part of the eligibility analysis evaluates whether the claim falls within any statutory category. MPEP 2106.03. In claim(s) 1 the claim recites at least one step or act, including obtaining cybersecurity related data, extracting a network flow chronological feature, extracting a log semantics feature, fusing and determining a mode of attacker's behaviors. Thus, the claim is to a process, which is one of the statutory categories of invention.
Analysis
Step 1 (Statutory Categories) — 2019 PEG pq. 53
Claims 1-7 are directed to the statutory categories of invention.
Step 2A, Prong 1 (Do the claims recite an abstract idea?) — 2019 PEG pq. 54
Claim 1 recites the following types of subject matter that are judicial exceptions: Abstract idea — mental processes and data manipulation/analysis:
“obtaining cybersecurity-related data, including network flow values at a plurality of predetermined time points within a predetermined time length and a network log of said predetermined time length” (collecting information);
“extracting a network flow chronological feature of said network flow values at said plurality of predetermined time points” (analyzing the information);
“extracting a log semantics feature of said network log” (analyzing the information);
“fusing said network flow chronological feature and said log semantics feature to obtain a network flow-log semantics cross-fusion feature” (combining the information); and
“determining a mode of attacker's behaviors based on said network flow-log semantics cross-fusion feature” (making a classification).
Such activities fall within the judicial exceptions of mental processes and data analysis, as they can be characterized as organizing and evaluating information to reach conclusion.
Accordingly, claim 1 is directed to an abstract idea.
Step 2A, Prong 2 (Does the claim recite additional elements that integrate the judicial exception into a practical application?) - 2019 PEG pq. 54
Although, the specification names physical components (terminal device) the claim merely uses conventional components to perform the abstract tasks of data collection, analyzing the information and making a classification. Claim 1 does not describe a particular improvement to the functioning of the computer or other technology, nor does it recite a specific technical implementation or non‑generic arrangement of components that meaningfully limits the claim to an applied technological solution. The steps are recited at a high level of abstraction, focusing on desired results rather than a technical solution.
Therefore, claim 1 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B (Does the claim recite additional elements that amount to significantly more than
the judicial exception?) - 2019 PEG pq. 56
The recited (data acquisition, feature extraction, feature fusion and classification) are well-understood, routine and conventional activities in the field of data analytics and cybersecurity. Because the claim 1 merely instructs practitioners to implement the abstract idea using routine, conventional components and high-level ML functionality, and does not recite a specific, non‑conventional manner of performing the claimed steps (e.g., data acquisition, feature extraction, feature fusion and classification), the claim does not provide an “inventive concept” sufficient to amount to significantly more than the abstract idea.
Accordingly, under Step 2B of the PEG, the claim 1 is not patent eligible.
Dependent claims 2-7 are rejected by virtue of dependency to independent claim 1.
Dependent claims — analysis and reasons for rejection
Claim 2 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 1, wherein the step of extracting a network flow chronological feature of said network flow values at said plurality of predetermined time points includes the sub-steps of: performing data preprocessing on said network flow values at said plurality of predetermined time points to obtain a network flow partial chronological input vector sequence; obtaining a network flow partial chronological feature vector sequence from said network flow partial chronological input vector sequence through a chronological feature extractor based on a one-dimensional convolutional layer; and taking said network flow partial chronological feature vector sequence as said network flow chronological feature”.
Step 1: Statutory category
Claim 2 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 1 and incorporates the abstract idea and a mathematical concept and data analysis, which include manipulating data using mathematical operations and algorithms. Such concepts have been identified as abstract idea.
Accordingly, claim 2 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 2 does not integrate the abstract idea into a practical application because, the claim recites generic data preprocessing and feature extraction steps without specifying a particular improvement to network hardware, computer performance, and data transmission. Thus, the claim merely applies the abstract idea using generic computer-implemented machine learning techniques, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 2 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 2 does not recite an inventive concept because data preprocessing and feature extraction using conventional networks are are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept.
Claim 2 does not recite additional elements that amount to significantly more than the judicial
exception. Therefore, claim 2 is directed to an abstract idea and a mathematical process. The steps of claim 2 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 2 is not patent eligible.
Claim 3 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 2, wherein the sub-step of performing data preprocessing on said network flow values at said plurality of predetermined time points to obtain a network flow partial chronological input vector sequence includes:
arranging said network flow values at said plurality of predetermined time points into a network flow partial chronological input vector in line with a time dimension; and
segmenting said network flow partial chronological input vector to obtain said network flow partial chronological input vector sequence”.
Step 1: Statutory category
Claim 3 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 2 and incorporates the abstract idea and mental process and data analysis, which include organizing information and grouping information. Such concepts have been identified as abstract idea.
Accordingly, claim 3 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 3 does not integrate the abstract idea into a practical application because, the claim recites arranging data by time and segmenting data into sequences, which are generic data-organization techniques without specifying a particular improvement to network hardware, computer performance, and data transmission. Thus, the claim merely applies the abstract idea using generic computer-implemented machine learning techniques, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 3 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 3 does not recite an inventive concept because arranging data according to time and segmenting data into sequences are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept.
Claim 3 does not recite additional elements that amount to significantly more than the judicial
exception. Therefore, claim 3 is directed to an abstract idea and a mathematical process. The steps of claim 3 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 3 is not patent eligible.
Claim 4 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 3, wherein the step of extracting a log semantics feature of said network log includes: semantically encoding said network log to obtain a network log semantics feature vector sequence, and
taking said network log semantics feature vector sequence as said log semantics feature”.
Step 1: Statutory category
Claim 4 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 4 and incorporates the abstract idea and data analysis, which include semantically encoding … obtain a network log semantics feature vector sequence, and
taking said network log semantics feature vector sequence as said log semantics feature. These steps fall within the judicial exception for mental process and data analysis. Such activities constitute abstract ideas.
Accordingly, claim 4 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 4 does not integrate the abstract idea into a practical application because, the claim recites semantic encoding of text at a high level, without specifying a particular encoding model, algorithm or architecture. Thus, the claim merely applies the abstract idea using generic computer-implemented machine learning techniques, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 3 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 4 does not recite an inventive concept because semantically encoding … obtain a network log semantics feature vector sequence, and taking said network log semantics feature vector sequence as said log semantics feature are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept.
Claim 4 does not recite additional elements that amount to significantly more than the judicial
exception. Therefore, claim 4 is directed to an abstract idea. The steps of claim 4 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 4 is not patent eligible.
Claim 5 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 4, wherein the step of fusing said network flow chronological feature and said log semantics feature to obtain a network flow-log semantics cross-fusion feature includes the sub-steps of:
obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism; and
taking said network flow-log semantics cross-fusion feature vector as said network flow-log semantics cross-fusion feature”.
Step 1: Statutory category
Claim 5 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 4 and incorporates the abstract idea and mental process and data analysis, which include analyzing and obtaining feature vector sequences, associative fusion based on a gate attention mechanism and obtaining a network flow-log semantics cross-fusion feature vector . These analyses constitute data analysis and mathematical processing of information, which fall within judicial exception for abstract ideas.
Accordingly, claim 5 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 5 does not integrate the abstract idea into a practical application because, the claim recites associative fusion module based on a gate attention mechanism, at a high level of abstraction, without specifying a concrete algorithm. Thus, the claim merely applies the abstract idea using generic computer-implemented machine learning techniques, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 5 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 5 does not recite an inventive concept because feature fusion using gate attention are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept. Claim 5 does not recite additional elements that amount to significantly more than the judicial exception. Therefore, claim 5 is directed to an abstract idea. The steps of claim 5 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 5 is not patent eligible.
Claim 6 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 5, wherein the sub-step of obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism includes:
calculating an importance level representation vector between said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence according to a following importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhi where, A represents a matrix of 1×Nω, B represents a matrix of 1×Nh, a represents a sigmoid function, ωi represents the ith network flow partial chronological feature vector within said network flow partial chronological feature vector sequence, hi represents the ith network log semantics feature vector within said network log semantics feature vector sequence, N represents a number of the vectors within said network log semantics feature vector sequence, Si represents a feature value at the ith position within said importance level representation vector; and
taking each feature value of said importance level representation vector as a weight to dynamically update each network flow partial chronological feature vector within said network flow partial chronological feature vector sequence, so as to obtain said network flow-log semantics cross-fusion feature vector”.
Step 1: Statutory category
Claim 6 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 5 and incorporates the abstract idea and mathematical concepts and data analysis, mathematical relationship and calculations (Si=σ(A*ωi+B*1N∑i=1Nhi). The claim expressly recites mathematical formula, matrix operations, averaging, and application for sigmoid function , which constitute mathematical concept. Such mathematical relationships are recognized abstract ideas under MPEP 2106.04(a).
Accordingly, claim 6 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 6 does not integrate the abstract idea into a practical application because, the claim the claim focuses on computing and applying a mathematical weighting formula to feature vectors, without reciting a specific improvement to computer performance, or cybersecurity. Thus, the claim merely applies the abstract idea using generic computer-implemented mathematical processing, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 3 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 6 does not recite an inventive concept because mathematical formula, matrix operations, averaging, and application for sigmoid function are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept.
Claim 6 does not recite additional elements that amount to significantly more than the judicial
exception. Therefore, claim 6 is directed to an abstract idea and a mathematical process. The steps of claim 6 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 6 is not patent eligible.
Claim 7 recites: “ The full-scene cybersecurity threat-related analysis method according to claim 6, wherein the step of determining a mode of attacker's behaviors based on said network flow-log semantics cross-fusion feature includes:
performing feature distribution modification on said network flow-log semantics cross-fusion feature vector to obtain a modified network flow-log semantics cross-fusion feature vector; and
obtaining a classification result from said modified network flow-log semantics cross-fusion feature vector through a classifier, wherein said classification result is used to represent a mode label of attacker's behaviors”.
Step 1: Statutory category
Claim 7 is directed to a method comprising a series of data-processing steps for extracting a network flow chronological feature.
Step 2A, Prong 1:
This claim depends from claim 6 and incorporates the abstract idea and mathematical concept and data analysis, which include performing feature distribution modification, obtaining a classification result from said modified network flow-log semantics cross-fusion and represent a mode label of attacker's behaviors. Such concepts have been identified as abstract idea.
Accordingly, claim 7 is directed to an abstract idea.
Step 2A, Prong 2:
Claim 7 does not integrate the abstract idea into a practical application because, the claim recites features distribution modification and classification at a high level of abstraction, without specifying a particular technical improvement to computer performance, network operation, or cybersecurity infrastructure. Thus, the claim merely applies the abstract idea using generic computer-implemented machine learning techniques, which is insufficient to integrate the abstract idea into a practical application.
Therefore, claim 7 is directed to an abstract idea and is not integrated into a practical application under Step 2A.
Step 2B:
Claim 7 does not recite an inventive concept because normalization or distribution medication and classification using classifier are well-understood, routine and conventional activities in the field of data analytics. No recited unconventional technology is present. No inventive concept.
Claim 7 does not recite additional elements that amount to significantly more than the judicial
exception. Therefore, claim 7 is directed to an abstract idea and a mathematical process. The steps of claim 7 merely implements the abstract idea using generic machine learning operations.
Accordingly, under Step 2B of the PEG, the claim 7 is not patent eligible.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-4 and 7-10 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by (Du et al. CN116405299 A), hereinafter Du.
In regards to claim 1, Du discloses a full-scene cybersecurity threat-related analysis method (Du, Page. 1, a feature extractor to monitor abnormal activities in the network and give an alarm in time by analyzing the network logs and network traffic value),
comprising the steps of: obtaining cybersecurity-related data (Du, Page. 1), including network flow values at a plurality of predetermined time points within a predetermined time length and a network log of said predetermined time length (Du, Page. 1, which first obtains network security logs and network traffic values for a predetermined period of time) and (Du, Page. 5, network traffic acquisition module, used to obtain network traffic values at multiple predetermined time points within the predetermined time period);
extracting a network flow chronological feature of said network flow values at said plurality of predetermined time points (Du, Page. 5, a traffic timing change feature extraction module, used to arrange the network traffic values at the multiple predetermined time points according to the time dimension as a network traffic timing input vector A network traffic behavior feature extractor comprising a first convolutional layer and a second convolutional layer is used to obtain a network traffic behavior time-series feature vector;);
extracting a log semantics feature of said network log (Du, Page. 5, a security log semantic understanding module, used to perform word segmentation processing on the network security log, and obtain a semantic understanding feature vector of the network security log through a context encoder including a word embedding layer);
fusing said network flow chronological feature and said log semantics feature to obtain a network flow-log semantics cross-fusion feature (Du, Page. 5, in the technical solution of the present application, when the semantic understanding feature vector of the network security log and the time-series feature vector of network traffic behavior are fused to obtain the classification feature vector, in order to make full use of the semantic information of the network security log expressed by the semantic understanding feature vector of the network security log and the multi-scale neighborhood time-series correlation feature of network traffic expressed by the time-series feature vector of network traffic behavior, the classification feature vector is preferably obtained by directly cascading the semantic understanding feature vector of the network security log and the time-series feature vector of network traffic behavior) and (Du, Page. 8, the feature fusion module includes: using the following formula to fuse the network security log semantic understanding feature vector and the network traffic behavior time-series feature vector to obtain a classification feature vector; wherein the formula is: Vc=Concat[V1, V2] Among them, V1 represents the semantic understanding feature vector of the network security log, V2 represents the time series feature vector of the network traffic behavior, Concat[·,·] represents the concatenation function, and Vc represents the classification feature vector); and
determining a mode of attacker’s behaviors based on said network flow-log semantics cross-fusion feature (Du, Page. 5, a feature fusion module is used to fuse the network security log semantic understanding feature vector and the network traffic behavior time-series feature vector to obtain a classification feature vector; an early warning evaluation module is used to pass the classification feature vector through a classifier to obtain a classification result, and the classification result is used to indicate whether a network security warning prompt is generated) and (Du, Page. 3, considering that network logs and network traffic values are important data sources for identifying network security threats).
In regards to claim 2, Du discloses the full-scene cybersecurity threat-related analysis method according to claim 1, wherein the step of extracting a network flow chronological feature of said network flow values at said plurality of predetermined time points includes the sub-steps of: performing data preprocessing on said network flow values at said plurality of predetermined time points to obtain a network flow partial chronological input vector sequence (Du, Page. 7, the traffic time-series change feature extraction module 140 is configured to arrange the network traffic values at the plurality of predetermined time points into a network traffic time-series input vector according to the time dimension, and then pass it through a network traffic behavior feature extractor including a first convolutional layer and a second convolutional layer to obtain a network traffic behavior time-series feature vector); obtaining a network flow partial chronological feature vector sequence from said network flow partial chronological input vector sequence through a chronological feature extractor based on a one-dimensional convolutional layer (Du, Page. 5, traffic timing change feature extraction module, used to arrange the network traffic values at the multiple predetermined time points according to the time dimension as a network traffic timing input vector A network traffic behavior feature extractor comprising a first convolutional layer and a second convolutional layer is used to obtain a network traffic behavior time-series feature vector); and taking said network flow partial chronological feature vector sequence as said network flow chronological feature (Du, Page. 7, the traffic time-series change feature extraction module 140 is configured to arrange the network traffic values at the plurality of predetermined time points into a network traffic time-series input vector according to the time dimension, and then pass it through a network traffic behavior feature extractor including a first convolutional layer and a second convolutional layer to obtain a network traffic behavior time-series feature vector).
In regards to claim 3, Du discloses the full-scene cybersecurity threat-related analysis method according to claim 2, wherein the sub-step of performing data preprocessing on said network flow values at said plurality of predetermined time points to obtain a network flow partial chronological input vector sequence includes (Du, Page. 9, the training traffic time-series change feature extraction unit 230 is used to arrange the training network traffic values at the plurality of predetermined time points according to the time dimension as the training network traffic time-series input vector and then pass through the network traffic behavior feature extractor comprising the first convolution layer and the second convolution layer to obtain the training network traffic behavior time-series feature vector): arranging said network flow values at said plurality of predetermined time points into a network flow partial chronological input vector in line with a time dimension (Du, Page. 7, the traffic time-series change feature extraction module 140 is configured to arrange the network traffic values at the plurality of predetermined time points into a network traffic time-series input vector according to the time dimension, and then pass it through a network traffic behavior feature extractor including a first convolutional layer and a second convolutional layer to obtain a network traffic behavior time-series feature vector); and segmenting said network flow partial chronological input vector to obtain said network flow partial chronological input vector sequence (Du, Page. 8, a first scale extraction unit configured to input the network traffic timing input vector into the first convolution layer of the network traffic behavior feature extractor including the first convolution layer and a second convolution layer to obtain a first scale network traffic behavior timing feature vector, wherein the first convolution layer has a first one-dimensional convolution kernel of a first length; a second scale extraction unit is used to input the network traffic timing input vector into the network traffic behavior feature extractor including the first convolution layer and the second convolution layer).
In regards to claim 4, Du discloses the full-scene cybersecurity threat-related analysis method according to claim 3, wherein the step of extracting a log semantics feature of said network log includes: semantically encoding said network log to obtain a network log semantics feature vector sequence, and taking said network log semantics feature vector sequence as said log semantics feature (Du, Page. 10, performing word segmentation processing on the network security logs, and using a context encoder including a word embedding layer to obtain network security log semantic understanding feature vectors).
In regards to claim 7, Du discloses the full-scene cybersecurity threat-related analysis method according to claim 6, wherein the step of determining a mode of attacker’s behaviors based on said network flow-log semantics cross-fusion feature includes: performing feature distribution modification on said network flow-log semantics cross-fusion feature vector to obtain a modified network flow-log semantics cross-fusion feature vector (Du, Page. 5, the semantic understanding feature vector of network security logs is obtained by semantic coding of the network security log, because the network traffic values at multiple predetermined time points are discretely distributed and the network security log is text data, that is, there is obvious heterogeneity between the two in the data source domain, and the feature encoding methods of the two are also completely different. There is an obvious feature distribution misalignment in the feature space of dimensional data. The superposition of these two aspects will lead to poor continuity of the overall feature distribution of the classification feature vector, which will affect the training effect during model training.
Based on this, the applicant of the present application carries out Gumbel's (Gumbel) normal periodic reparameterization to the classification feature vector, for example denoted as V, to obtain the optimized classification feature vector V', which is specifically expressed as: μ and σ are the mean and variance of the eigenvalue set vi∈V, respectively, and vi′∈V′.); and obtaining a classification result from said modified network flow-log semantics cross-fusion feature vector through a classifier, wherein said classification result is used to represent a mode label of attacker’s behaviors (Du, Page. 5, the Gumbel normal periodic reparameterization converts the eigenvalue vi of each position of the classification feature vector V into the angular feature expression of its probability distribution, and introduces a random periodic distribution into the normal distribution of the eigenvalue set based on the random periodic operation method of the Gumbel distribution, so as to obtain a random periodic continuous differentiable approximation of the original feature distribution, thereby improving the optimized classification feature vector V' through the periodic reparameterization of features… report to the police in time when abnormalities are found, thereby reducing network security risks and improving network security protection capabilities).
In regards to claim 8, the system is similarly analyzed and rejected as the method claim 1.
In regards to claim 9, the system is similarly analyzed and rejected as the method claim 2.
In regards to claim 10, the system is similarly analyzed and rejected as the method claim 3.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over (Du et al. CN116405299 A), hereinafter Du in view of Nesta et al . (US 2019/0354797 A1), hereinafter Nesta.
In regards to claim 5, Du discloses the full-scene cybersecurity threat-related analysis method according to claim 4, wherein the step of fusing said network flow chronological feature and said log semantics feature to obtain a network flow-log semantics cross-fusion feature includes the sub-steps of (Du, Page. 5, a feature fusion module is used to fuse the network security log semantic understanding feature vector and the network traffic behavior time-series feature vector to obtain a classification feature vector; an early warning evaluation module is used to pass the classification feature vector through a classifier to obtain a classification result, and the classification result is used to indicate whether a network security warning prompt is generated): and taking said network flow-log semantics cross-fusion feature vector as said network flow-log semantics cross-fusion feature (Du, Page. 10, using the following formula to fuse the network security log semantic understanding feature vector and the network traffic behavior time-series feature vector to obtain a classification feature vector; wherein the formula is:
Vc=Concat[V1, V2]
Among them, V1 represents the semantic understanding feature vector of the network security log, V2 represents the time series feature vector of the network traffic behavior, Concat [·,·] represents the concatenation function, and Vc represents the classification feature vector).
Du does not explicitly disclose obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism
However, Nesta teaches obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism (Nesta, Para. 26, a Gate Recurrent Neural Network 140 receives the feature vectors zn(l) as an input (e.g., as a single stacked vector z(l)=[zn (l); . . . ; zN(l)]) and is trained to produce fusion weights wn to assign a relative weight to each input modality 110. The fusion module 150 receives the fusion weights wn and prediction vectors yn(l) and is configured to jointly minimize the average prediction error C[y(l), a(l)] between an oracle class a(l) and the total prediction class y(l) computed as y(l)=ΣN wn×yn(l));
Du and Nesta are both considered to be analogous to the claim invention because they are in the same field of extracting a network flow chronological feature of the network and extracting a log semantics feature of the network log, further, fusing the network flow chronological feature and the log semantics feature to obtain a network flow-log semantics cross-fusion feature. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Du to incorporate the teachings of Nesta to include obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism (Nesta, Para. 26). Doing so would aid to modularize to prevent overfitting because a smaller network can be used when treating each modality separately. The network topology of each expert may be optimized to the characteristic of the specific modality (Nesta, Para. 21).
In regards to claim 6, The combination of Du in view of Nesta discloses the full-scene cybersecurity threat-related analysis method according to claim 5, wherein the sub-step of obtaining a network flow-log semantics cross-fusion feature vector from said network flow partial chronological feature vector sequence (Du, Page. 5, since the time-series feature vector of network traffic behavior is obtained by multi-scale one-dimensional convolutional coding of network traffic values at multiple predetermined time points, and the semantic understanding feature vector of network security logs is obtained by semantic coding of the network security log) and said network log semantics feature vector sequence through an associative fusion module based on gate attention mechanism includes (Du, Page. 5, a security log semantic understanding module, used to perform word segmentation processing on the network security log, and obtain a semantic understanding feature vector of the network security log through a context encoder including a word embedding layer; a traffic timing change feature extraction module, used to arrange the network traffic values at the multiple predetermined time points according to the time dimension as a network traffic timing input vector): calculating an importance level representation vector between said network flow partial chronological feature vector sequence (Du, Page. 5, Based on this, the applicant of the present application carries out Gumbel's (Gumbel) normal periodic reparameterization to the classification feature vector, for example denoted as V, to obtain the optimized classification feature vector V', which is specifically expressed as: μ and σ are the mean and variance of the eigenvalue set vi∈V, respectively, and vi′∈V′) and said network log semantics feature vector sequence according to a following importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhi where (Nesta, Para. 26, a Gate Recurrent Neural Network 140 receives the feature vectors zn(l) as an input (e.g., as a single stacked vector z(l)=[zn (l); . . . ; zN(l)]) and is trained to produce fusion weights wn to assign a relative weight to each input modality 110. The fusion module 150 receives the fusion weights wn and prediction vectors yn(l) and is configured to jointly minimize the average prediction error C[y(l), a(l)] between an oracle class a(l) and the total prediction class y(l) computed as y(l)=ΣN wn×yn(l)), A represents a matrix of 1×Nω, B represents a matrix of 1×Nh, σ represents a sigmoid function, ωi represents the ith network flow partial chronological feature vector within said network flow partial chronological feature vector sequence (Nesta, Para. 23, a system 100 includes a plurality of input modalities 110. Each input modality 110 has an associated input vector xn (l) which might be comprised of a stacked column vector of signals captured at different consecutive time instants), hi represents the ith network log semantics feature vector within said network log semantics feature vector sequence (Nesta, Para. 20, a general approach for fusing multimodal information is implemented with the common task to produce a classification of incoming input vectors. The system can, for example, be applied to joint Audio/Video voice activity detection (AVVAD) but the structure is general and not restricted to this specific task. Weights of the posterior prediction for each modality may be predicted dynamically by using a gate network, which has a goal of determining which modality is more reliable for a determined condition at the input, it is noted that modalities are equated to semantic logs), N represents a number of the vectors within said network log semantics feature vector sequence (Nesta, Para. 23, each input modality 110 has an associated input vector xn (l) which might be comprised of a stacked column vector of signals captured at different consecutive time instants), Si represents a feature value at the ith position within said importance level representation vector (Nesta, Para. 21, individual neural networks are specialized to predict a certain class from each modality independently, and then a gate network fuses this information and outputs fusion weights explicitly); and taking each feature value of said importance level representation vector as a weight to dynamically update each network flow partial chronological feature vector within said network flow partial chronological feature vector sequence (Nesta, Para. 20, the system can, for example, be applied to joint Audio/Video voice activity detection (AVVAD) but the structure is general and not restricted to this specific task. Weights of the posterior prediction for each modality may be predicted dynamically by using a gate network, which has a goal of determining which modality is more reliable for a determined condition at the input), so as to obtain said network flow-log semantics cross-fusion feature vector (Nesta, Para. 21, in some embodiments, individual neural networks are specialized to predict a certain class from each modality independently, and then a gate network fuses this information and outputs fusion weights explicitly).
Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Du to incorporate the teachings of Nesta to include said network log semantics feature vector sequence according to a following importance level representation formula, Si=σ(A*ωi+B*1N∑i=1Nhi where (Nesta, Para. 26), A represents a matrix of 1×Nω, B represents a matrix of 1×Nh, σ represents a sigmoid function, ωi represents the ith network flow partial chronological feature vector within said network flow partial chronological feature vector sequence (Nesta, Para. 23), hi represents the ith network log semantics feature vector within said network log semantics feature vector sequence (Nesta, Para. 20), N represents a number of the vectors within said network log semantics feature vector sequence (Nesta, Para. 23), Si represents a feature value at the ith position within said importance level representation vector (Nesta, Para. 21); and taking each feature value of said importance level representation vector as a weight to dynamically update each network flow partial chronological feature vector within said network flow partial chronological feature vector sequence (Nesta, Para. 20), so as to obtain said network flow-log semantics cross-fusion feature vector (Nesta, Para. 21). Doing so would aid to modularize to prevent overfitting because a smaller network can be used when treating each modality separately. The network topology of each expert may be optimized to the characteristic of the specific modality (Nesta, Para. 21).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571)272-0248. The examiner can normally be reached Monday- Friday 9:00 am- 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached at (571)272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GITA FARAMARZI/Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496