Prosecution Insights
Last updated: July 17, 2026
Application No. 19/097,511

SYSTEMS AND METHODS FOR TRAINING MACHINE-LEARNING MODELS ON ATTACK PATHS

Non-Final OA §103
Filed
Apr 01, 2025
Priority
Apr 09, 2024 — provisional 63/631,843
Examiner
KNACKSTEDT, JACOB BENEDICT
Art Unit
Tech Center
Assignee
Cisco Technology Inc.
OA Round
1 (Non-Final)
88%
Grant Probability
Favorable
1-2
OA Rounds
1y 2m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 88% — above average
88%
Career Allowance Rate
46 granted / 52 resolved
+28.5% vs TC avg
Strong +15% interview lift
Without
With
+15.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 6m
Avg Prosecution
14 currently pending
Career history
70
Total Applications
across all art units

Statute-Specific Performance

§103
96.4%
+56.4% vs TC avg
§112
3.6%
-36.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 52 resolved cases

Office Action

§103
DETAILED ACTION This office action is in response to the application filed on 04/01/2025. Claim(s) 1-20 is/are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement(s) (IDS) submitted on 04/01/2025 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner. Priority The instant application claims priority to the U.S. Provisional Patent Application No. 63/631843, filed April 09, 2024. Claim Objections Claim(s) 1, 5, 7, 9-11, 13, 17objected to because of the following informalities: claim 1, “one or more components of system”, add “the” before the “system. Claims 1, 7, 13: First introduced as “one or more logical attack paths” — the addition of “predicted” midway through the claim creates a potential inconsistency in antecedent basis. The claims later alternate between “predicted one or more logical attack paths” and “one or more predicted logical attack paths.” Claims 5, 11, 17: “the plurality of training logical paths”, drops the word “attack” --- previously introduced as “plurality of training logical attack paths”. Claims 9 and 10 depend from claim 7, but claim 7 does not recite any probability. Only claim 8 introduces probabilities. These claims likely should depend from claim 8.] Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-4, 6-10, 12-16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koo (US 2023/0047450 A1), hereinafter Koo in view of Busany (US 2023/0379356 A1), hereinafter Busany in further view of Palmer (US 12,580,936 B1), hereinafter Palmer. Regarding Claim(s) 1, 7, and 13 Koo teaches: A method, comprising: (Koo ¶ 12 teaches, An apparatus for training an intelligent attack path prediction model according to an embodiment includes memory in which at least one program is recorded and a processor for executing the program. ¶ 76 teaches, an apparatus and method for inferring a cyberattack path based on attention. ¶ 234 teaches, The computer system may include one or more processors 1010, memory 1030, a user-interface input device 1040, a user-interface output device 1050, and storage 1060, which communicate with each other via a bus 1020.) analyzing an application to determine a plurality of assets associated with the application and a plurality of topologies associated with the application; (Koo ¶ 12 teaches, The program may perform generating and collecting a virtual network topology and host asset information required for predicting cyberattack vulnerabilities in a computer network system; extracting at least one of global feature data and specific feature data from the collected network topology and host asset information) executing a machine-learning model over the plurality of assets and the plurality of topologies to (Koo ¶ 24 teaches, A method for training an intelligent attack path prediction model according to an embodiment may include generating and collecting a virtual network topology and host asset information required for predicting cyberattack vulnerabilities in a computer network system; extracting at least one of global feature data and specific feature data from the collected network topology and host asset information; and training a neural network model for predicting attack vulnerabilities in the network system by using at least one of the extracted global feature data and specific feature data as training data.) and wherein the machine-learning model was trained based on a plurality of training physical attack paths, a plurality of training logical attack paths, (Koo ¶ 19 teaches, training the neural network model may include preprocessing the training data. Preprocessing the training data may include reading a predetermined number of pieces of positive attack path data and negative attack path data from a generated attack path data file; labeling a positive attack path and a negative attack path with different values; dividing all attack paths into training data and validation data; standardizing global feature data of the attack path data; and substituting a specific feature value, which represents an attack path in the attack path data as a host index, with a global feature value of a corresponding host in the topology.) Koo does not appear to explicitly teach but in related art: predict one or more logical attack paths and one or more physical attack paths associated with each of the one or more logical attack paths, wherein the predicted one or more physical attack paths associated with each of the one or more predicted logical attack paths map to that predicted logical attack path, wherein each of the predicted one or more logical attack paths comprises a sequence of logical steps of the real-world attack, (Busany ¶ 130 teaches, An abstracted AAG is the minimum representation of an AAG. Facts are collapsed according to a maximum labeled bisimulation, while rules are not. That is, apart from considering the topology of the graph, nodes can become equivalent only if they keep the exact rule for rule nodes, and can become equivalent if they have the same predicate name (regardless of the arguments) for fact nodes. ¶ 26 teaches, An abstract AAG can be generated from a concrete AAG by processes of abstraction, which can be referred to as collapsing or folding. The abstract AAG maintains the topology of the original graph. This ensures that the abstract AAG is a compact yet accurate representation of the concrete AAG, and thus different analytics can be performed over the abstract AAG.) and correlations between the plurality of training physical attack paths and the plurality of training logical attack paths; and (Busany ¶ 148 teaches, considering path enumeration, p=[n.sub.1, n.sub.2, . . . , n.sub.m] can be an abstract path and a procedure to obtain a single concrete path associated with it can be provided. Iteratively applying the procedure according to lexicographical order of nodes selection yields all concrete paths associated with it. For example, the set of concrete nodes of n.sub.1 can be used and a concrete node n′.sub.1 can be selected. The dictionary of the abstract edge (n.sub.1, n.sub.2) can be used to find all outgoing transitions from n′.sub.1 to concrete nodes in n.sub.2. For example, n′.sub.2∈n.sub.2 can be such node, can be selected and the process repeated by selecting a concrete node that follows n′.sub.2 in n.sub.3. The process terminates when a concrete node in n′.sub.m∈n.sub.m is reached.) transmitting the predicted one or more logical attack paths and the predicted one or more physical attack paths associated with each of the predicted logical attack paths to one or more monitoring systems for display. (Busany ¶ 151 teaches, the abstract AAG accommodates more easy display and discernment. For example, the examples of FIGS. 5A and 5B is taken from a computer-executable tool that enables a user to navigate between a concrete AAG and an abstract AAG, search and highlight graph elements, and find attack paths over both the AAG and the abstract AAG.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Koo with Busany, to modify the system for inferring cyberattack paths based on attention of Koo with the abstracting of a graphs and analysis of Busany. The motivation to do so, Busany ¶ 26, to ensure the abstract AAG is a compact yet accurate representation of the concrete AAG, and thus different analytics can be performed over the abstract AAG. Koo in view of Busany does not appear to explicitly teach but in related art: wherein each of the predicted one or more physical attack paths comprises a respective set of physical assets of the application that can be used in a real-world attack, (Palmer Col. 4 Ln. 19-27 teaches, Compute assets may include, but are not limited to, containers (e.g., container images, deployed and executing container instances, etc.), virtual machines, workloads, applications, processes, physical machines, compute nodes, clusters of compute nodes, software runtime environments (e.g., container runtime environments). Col. 20 Ln. 54-62 teaches, suppose that user B, an administrator of datacenter 106, is interacting with data platform 12 to view visualizations of polygraphs in a web browser (e.g., as served to user B via web app 120). One type of polygraph user B can view is an application-communication polygraph, which indicates, for a given one hour window (or any other suitable time interval), which applications communicated with which other applications.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Koo in view of Busany with Palmer, to modify the system for inferring cyberattack paths based on attention of Koo with the abstracting of a graphs and analysis of Busany with the analysis and graphing of physical components of Palmer. The motivation to do so, Palmer Col. 33 Ln. 63-64, to allow for different types of relationships between entities to be preserved/more easily analyzed. Regarding Claim(s) 2, 8, and 14 Koo-Busany-Palmer teaches: The method of claim 7, (Koo-Busany-Palmer teaches the parent claim above.) wherein each of the predicted one or more physical attack paths and the predicted one or more logical attack paths is associated with a respective probability (Busany ¶ 62 teaches, The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets (e.g., based on shortest, easiest, stealthiest). The AgiRem service 210 identifies remedial actions by exploring attack graph and paths.) inferred by the machine-learning model. (Koo ¶ 216 teaches, the intelligent attack path prediction model is trained and the performance thereof is validated by receiving the training and validation data as input at the step (S132) of training an attack graph model. When training of the model is finished, the weight parameters of the model are saved as a file, whereby a model is able to load the weight parameters and use the same to predict an attack path when a new network topology and host asset information are given.) The motive given in Claim(s) 1, 7, and 13 is equally applicable to the above claim. Regarding Claim(s) 3 Koo-Busany-Palmer teaches: The system of claim 2, the operations further comprising: (Koo-Busany-Palmer teaches the parent limitation above.) generating, by the machine-learning model (Koo ¶ 216 teaches, the intelligent attack path prediction model is trained and the performance thereof is validated by receiving the training and validation data as input at the step (S132) of training an attack graph model. When training of the model is finished, the weight parameters of the model are saved as a file, whereby a model is able to load the weight parameters and use the same to predict an attack path when a new network topology and host asset information are given.) based on the respective probability associated with each of the predicted one or more physical attack paths and the predicted one or more logical attack paths, a recommendation for prioritizing one or more of the predicted one or more physical attack paths and the predicted one or more logical attack paths. (Busany ¶ 62 teaches, The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets (e.g., based on shortest, easiest, stealthiest). The AgiRem service 210 identifies remedial actions by exploring attack graph and paths.) The motive given in Claim(s) 1 is equally applicable to the above claim. Regarding Claim(s) 4 Koo-Busany-Palmer teaches: The system of claim 2, the operations further comprising: (Koo-Busany-Palmer teaches the parent limitation above.) generating, by the machine-learning model (Koo ¶ 216 teaches, the intelligent attack path prediction model is trained and the performance thereof is validated by receiving the training and validation data as input at the step (S132) of training an attack graph model. When training of the model is finished, the weight parameters of the model are saved as a file, whereby a model is able to load the weight parameters and use the same to predict an attack path when a new network topology and host asset information are given.) based on the respective probability associated with each of the predicted one or more physical attack paths and the predicted one or more logical attack paths, a recommendation for remediating one or more of the predicted one or more physical attack paths and the predicted one or more logical attack paths. (Busany ¶ 62 teaches, The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets (e.g., based on shortest, easiest, stealthiest). The AgiRem service 210 identifies remedial actions by exploring attack graph and paths.) The motive given in Claim(s) 1 is equally applicable to the above claim. Regarding Claim(s) 9 and 15 Koo-Busany-Palmer teaches: The method of claim 7, further comprising: (Koo-Busany-Palmer teaches the parent claim above.) generating, by the machine-learning model (Koo ¶ 216 teaches, the intelligent attack path prediction model is trained and the performance thereof is validated by receiving the training and validation data as input at the step (S132) of training an attack graph model. When training of the model is finished, the weight parameters of the model are saved as a file, whereby a model is able to load the weight parameters and use the same to predict an attack path when a new network topology and host asset information are given.) based on the respective probability associated with each of the predicted one or more physical attack paths and the predicted one or more logical attack paths, a recommendation for prioritizing one or more of the predicted one or more physical attack paths and the predicted one or more logical attack paths. (Busany ¶ 62 teaches, The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets (e.g., based on shortest, easiest, stealthiest). The AgiRem service 210 identifies remedial actions by exploring attack graph and paths.) The motive given in Claim(s) 7 and 13 is equally applicable to the above claim. Regarding Claim(s) 10 and 16 Koo-Busany-Palmer teaches: The method of claim 7, further comprising: (Koo-Busany-Palmer teaches the parent claim above.) generating, by the machine-learning model (Koo ¶ 216 teaches, the intelligent attack path prediction model is trained and the performance thereof is validated by receiving the training and validation data as input at the step (S132) of training an attack graph model. When training of the model is finished, the weight parameters of the model are saved as a file, whereby a model is able to load the weight parameters and use the same to predict an attack path when a new network topology and host asset information are given.) based on the respective probability associated with each of the predicted one or more physical attack paths and the predicted one or more logical attack paths, a recommendation for remediating one or more of the predicted one or more physical attack paths and the predicted one or more logical attack paths. (Busany ¶ 62 teaches, The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets (e.g., based on shortest, easiest, stealthiest). The AgiRem service 210 identifies remedial actions by exploring attack graph and paths.) The motive given in Claim(s) 7 and 13 is equally applicable to the above claim. Regarding Claim(s) 6, 12, and 18 Koo-Busany-Palmer teaches: The method of claim 7, wherein: (Koo-Busany-Palmer teaches the parent claim above.) the predicted one or more logical attack paths comprises a first logical attack path and one or more second logical attack paths, the first logical attack path comprises a first sequence of logical steps, each of the second logical attack paths comprises a respective second sequence of logical steps, at least one of the logical steps between any two second sequences of logical steps being different, at least one of the logical steps of the first sequence of logical steps and one of each second sequence of logical steps are a same logical step, and a combination of the logical steps of the second sequences of logical steps comprises the logical steps of the first sequence of logical steps. (Busany ¶ 152 teaches, abstract AAGs can be generated for various applications and use cases. For example, based on user input, a first abstract AAG can be generated that collapses node of an initial AAG using identity bisimulation. A second abstract AAG can be generated that collapses node of the initial AAG using label bisimulation. The two abstract AAGs each represent the initial AAG, and can be processed for use in different applications. In this way, different levels of abstraction can be performed based on user input that defines analyses to be performed using the abstracted AAGs.) The motive given in Claim(s) 1, 7, and 13 is equally applicable to the above claim. Allowable Subject Matter Claim(s) 5, 11, and 17 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 2025/0310369 A1 - A threat analysis and risk assessment (TARA) system for implementation during design of a device, such as a software-defined vehicle. The system can be implemented across a manufacturing organization and combines knowledge from a range of entities, e.g., software programmers, hardware designers, network designers, and suchlike. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB BENEDICT KNACKSTEDT whose telephone number is (703)756-5608. The examiner can normally be reached Monday-Friday 8:00 am - 5:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /J.B.K./Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408
Read full office action

Prosecution Timeline

Apr 01, 2025
Application Filed
Jul 09, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670262
SECURITY VULNERABILITY ANALYSIS OF CODE BASED ON MACHINE LEARNING AND VARIABLE USAGE
2y 11m to grant Granted Jun 30, 2026
Patent 12670249
SYSTEMS AND METHODS FOR DETECTING REPLAY ATTACKS TO AN AUTHENTICATION SYSTEM
2y 8m to grant Granted Jun 30, 2026
Patent 12664265
RANSOMWARE MITIGATION USING VERSIONING AND ENTROPY DELTA-BASED RECOVERY
2y 12m to grant Granted Jun 23, 2026
Patent 12665055
DATA SECURITY FOR DATA SEQUENCES
2y 0m to grant Granted Jun 23, 2026
Patent 12639433
BEHAVIORAL DETECTION OF MALWARE THAT PERFORMS FILE OPERATIONS AT A SERVER COMPUTER
2y 11m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
88%
Grant Probability
99%
With Interview (+15.4%)
2y 6m (~1y 2m remaining)
Median Time to Grant
Low
PTA Risk
Based on 52 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month