Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1, 3-5, 10, 12-14, 19-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hackmentor (J. Zhang et al., "HackMentor: Fine-Tuning Large Language Models for Cybersecurity," 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Exeter, United Kingdom, 2023)
Regarding Claim 1,
Zhang (“HackMentor: Fine-Tuning Large Language Models for Cybersecurity” Zhang, et. al.) teaches a cyber security appliance to detect a cyber threat, comprising:
a set of low-rank adaptation (LoRA) attachments, where each LoRa attachment in the set is specifically trained on identifying and confirming at least one of i) a particular indication of the cyber threat or ii) another property being analyzed for cyber security purposes (pg. 453 teaches “The Llama and Vicuna models are fine-tuned using the low-rank adaptation (LoRA) method, resulting in a family of cybersecurity LLMs called HackerMentor”),
a base machine learning model trained generally on analyzing cyber security data and detecting one or more cyber threats, where the base machine learning model and one or more of the LoRa attachments in the set of attachments are paired to work in tandem with each other to analyze input data to look for the particular indication of the cyber threat and/or other property being analyzed for cyber security purposes (pg. 454 teaches “selects the training data and base model for LoRA fine-tuning”)
an ensemble machine learning model configured to analyze a compilation of produced embedding understandings of each particular indication of the cyber threat and/or other property being analyzed for cyber security purposes from two or more pairings of LoRa attachment with the base machine learning model to form a final output decision of whether the cyber threat is present or not in a system being monitored (pg. 456 teaches “we use Llama and Vicuna as the base models and fine-tune them with LoRA approach on the constructed instructions and conversations to obtain a series of cybersecurity LLMs”), and then the final output decision of whether the cyber threat is present or not is conveyed to a display screen to a user of the system (pg. 457 teaches “ZenoEval offers an interactive interface that allows users to examine the responses of various models and analyze examples with lower scores”) and
where instructions implemented in software for the LoRa attachments, the base machine learning model, and the ensemble machine learning model are configured to be stored in one or more non-transitory storage mediums to be executed by one or more processing units.
Regarding Claim 3,
Zhang teaches the cyber security appliance of claim 1, where the pairing of LoRa attachment and base machine learning model working in tandem with each other are configured to produce an embedding understanding of the particular indication of the cyber threat and/or other property being analyzed for cyber security purposes, under analysis, is present or not, and after a mixture of LoRA attachments paired with the base machine learning model that each provide their own embedding understanding of their particular indication of the cyber threat and/or other property being analyzed for cyber security purposes, then all of the embedding understandings are provided as a multi-modal input into the ensemble machine learning model (pg. 458 and Table II teaches different LoRA attachments, wherein HackMentor is the ensemble machine learning model)
Regarding Claim 4,
Zhang teaches the cyber security appliance of claim 1, where the ensemble machine learning model is configured to look at information from the embedding understandings from each of the two or more pairings of LoRa attachment with the base machine learning model to determine what are interesting parts and important factors in the embedding understandings to then determine an output of whether the cyber threat is actually likely present or not from the ensemble machine learning model (pg. 459 in particular Fig. 5 teaches different pairings of LoRa attachments to determining evaluation of cybersecurity performance metrics)
Regarding Claim 5,
Zhang teaches the cyber security appliance of claim 1, where a first LoRa attachment is composed of neural network layers with a first set of weights to analyze the input data and cooperate with neural network layers of the base machine learning model which have a second set of weights to analyze the input data to produce an embedding understanding of a first indication of the cyber threat to assist in understanding whether the cyber threat is present or not (pg. 456 teaches network layers with a set of weights, wherein the LoRa weights can be integrated with the original weights)
Regarding Claims 10, 12-14,
Claims 10, 12-14 are similar in scope to Claims 1, 3-5 and are rejected for a similar rationale.
Regarding Claims 19-20,
Claims 19-20 are similar in scope to Claims 1, 4 and are rejected for a similar rationale.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2, 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Chen (US 2022/0383126).
Regarding Claim 2,
Zhang teaches the cyber security appliance of claim 1. Zhang teaches with the first LoRa attachment with the base machine learning model to accurately detect and confirm whether a first indication of the cyber threat, in context with additional cyber security data available, is present or not, accurately detect and confirm whether a second indication of the cyber threat, in context with additional cyber security data available, is present or not (pg. 457-458, Fig. 3 teaches comparing different LoRA attachments with detecting cyber threats, Table II shows different LoRas that confirm indications of whether cyber threats are present).
but does not explicitly teach further a scheduler is configured to change out a pairing of a first LoRa attachment over to a second LoRa attachment with the base machine learning model
Chen (US 2022/0383126) teaches a scheduler is configured to change out a pairing of a first LoRa attachment over to a second LoRa attachment with the base machine learning model (Fig. 3, paragraphs [0033-0034] teaches removing first LoRA attachment and adding a second LoRa attachment)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zhang with the method of changing out a first LoRa attachment to a second LoRa attachment and the results would be predictable (i.e. the first LoRa attachment would be changed to a second LoRa attachment)
Regarding Claim 11,
Claim 11 is similar in scope to Claims 2 and are rejected for a similar rationale.
Claim(s) 6-8, 15-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Shamir (US 2025/0252292)
Regarding Claim 6,
Zhang teaches the cyber security appliance of claim 1. While Zhang teaches determining each indication of whether the cyber threat and/or other property being analyzed for cyber security purposes is likely present or not (pg. 456 teaches “we use Llama and Vicuna as the base models and fine-tune them with LoRA approach on the constructed instructions and conversations to obtain a series of cybersecurity LLMs”)
Zhang does not explicitly teach where a scheduler is configured to keep the base machine learning model loaded in a memory during each pairing of LoRa attachment, and where the scheduler is configured to temporarily load each relevant LoRa attachment into the memory
Shamir (US 2025/0252292) teaches where a scheduler is configured to keep the base machine learning model loaded in a memory during each pairing of LoRa attachment, and where the scheduler is configured to temporarily load each relevant LoRa attachment into the memory (Paragraph [0225] teaches model instances are temporarily cached or loaded into high speed memory)(Paragraph [0145] teaches LoRa tuning)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zhang to include the method of loading relevant LoRa models into memory and the results would be predictable (i.e. the base machine learning model would be loaded into the memory and temporarily loading LoRa attachments into memory)
Regarding Claim 7,
Zhang teaches the cyber security appliance of claim 1, but does not explicitly teach where a scheduler is configured to store an embedding understanding of the particular indication of the cyber threat outputted from the pairing of LoRa attachment with the base machine learning model in a memory for later use and to keep the base machine learning model loaded in the memory in the cyber security appliance but flush out a current LoRa attachment and then load in a next relevant LoRa attachment into the memory for each different particular indication of the cyber threat being analyzed.
Shamir (US 2025/0252292) teaches where a scheduler is configured keep the base machine learning model loaded in the memory but flush out a current LoRa attachment and then load in a next relevant LoRa attachment into the memory (Paragraph [0225] teaches model instances are temporarily cached or loaded into high speed memory)(Paragraph [0145] teaches LoRa tuning)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zhang to include the method of loading relevant LoRa models into memory and the results would be predictable (i.e. the base machine learning model would be loaded into the memory and temporarily loading LoRa attachments into memory)
Regarding Claim 8,
Zhang teaches the cyber security appliance of claim 1, where the scheduler is configured to feed all of the embedding understandings analyses for their particular indication of the cyber threat and/or other property being analyzed for cyber security purposes from each combination of paired LoRA attachment cooperating with a same base machine learning model as a combined input into the ensemble machine learning model (pg. 456 teaches “we use Llama and Vicuna as the base models and fine-tune them with LoRA approach on the constructed instructions and conversations to obtain a series of cybersecurity LLMs”) but does not explicitly teach using a learned gating function.
Shamir (US 2025/0252292) teaches using a gating function (Paragraph [0106-0108] teaches using a “gating function” using layers such as LoRA)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zhang to include the well known method of using a gating function and the results would be predictable (i.e. the LoRA would use a gating function)
Regarding Claims 15-17,
Claims 15-17 are similar in scope to Claims 6-8 and are rejected for a similar rationale.
Claim(s) 9, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Kazato (US 2023/0008765)
Regarding Claim 9,
Zhang teaches the cyber security appliance of claim 1, but does not explicitly teach where a first indication of the cyber threat is a string or sequence of characters that convey a specific i) characteristic, ii) purpose, or iii) other property of the cyber threat.
Kazato (US 2023/0008765) teaches where a first indication of the cyber threat is a string or sequence of characters that convey a specific i) characteristic, ii) purpose, or iii) other property of the cyber threat (Paragraphs [0059-0066] teaches cyber threat indication is a string that conveys at least a predetermined characteristic string)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the cyber threats of Zhang to include a specific characteristic of the threat as taught by Kazato and the results would be predictable (i.e. cyber threat indication would contain a string that conveyed characteristics of the threat)
Regarding Claim 18,
Claim 18 is similar in scope to Claim 2 and is rejected for a similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARRIS C WANG/Primary Examiner, Art Unit 2439