DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-20 are pending in this application.
Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 3/7/2025 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 signed and attached hereto.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-7,9-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nasr-Azadani et al(US 2021/0224425).
Claim 1: Nasr-Azadani disclose detecting an attack on a Machine Learning (ML) model operating environment hosted on a processing medium in (page 1[0009]: a machine learning model may be designed for processing any type of input data and for generating any type of predictions. Machine learning models in production may be exposed to security threats in various forms such as adversarial attacks but are not limited various types including evasion, poisoning, trojaning, backdooring, reprogramming and inference attacks). Nasr-Azadani disclose monitoring all requests from computing devices to the processing medium and determining that a request from at least one computing device is a request to access an ML model operating environment in (fig.1;page 2[0014]: Various live data are collected from various data sources and enter the DE. The live input data that are collected at the DE may include the main data items to be processed by the machine learning model and other meta data. The data are processed by the DE to determine whether the incoming data sample is adversarial or not).
Nasr-Azadani disclose determining from the request, the presence of data indicative of an attack and, if data indicative of an attack can be determined from the request, rejecting the request and, if data indicative of an attack cannot be determined from the request, enabling the request to access the ML model and monitoring the ML model operating environment to determine patterns of resource use indicative of suspicious behavior in (fig.1; pages 2-3[0017-0018]:The live input data enter the system and pass through the generalizable DE stage first. The DE analyzes the data to determine whether the data is safe or unsafe. If the data is determined by the DE as unsafe, the system runs an automatable escalation via the escalator for sending alerts to users and to other components of the system and for making the data and assessment available both via, API.IF the data is determined by the DE as safe, the online pipeline continues to the DT phase and performs a necessary number of transformations of the live data before processing to the model execution phase. The live data processed and transformations by the DT then be passed to the main machine learning model in production for generating a prediction output).
Claim 2: Nasr-Azadani disclose monitoring the ML model operating environment to determine patterns of resource use indicative of suspicious behavior comprises monitoring system metrics in (page 3[0021]).
Claim 3: Nasr-Azadani disclose monitoring the ML model operating environment to determine patterns of resource use indicative of suspicious behavior comprises monitoring hardware usage in (page 6[0042]).
Claim 4: Nasr-Azadani disclose monitoring the ML model operating environment to determine patterns of resource use indicative of suspicious behavior comprises monitoring output from the ML model in (page 5[0034-0035]).
Claim 5: Nasr-Azadani disclose monitoring the ML model operating environment to determine patterns of resource use indicative of suspicious behavior comprises monitoring the use of classifications in the ML model identified as vulnerable in (page 4[0029-0030]).
Claim 6: Nasr-Azadani disclose the determination of the presence of data indicative of an attack comprises the application of a neural network to the request data in (page 1[0010]).
Claim 7: Nasr-Azadani disclose the neural network is trained using data from a pre-run attack in (page 3[0021]).
Claim 9: Nasr-Azadani disclose assessing the effect of an attack on a machine learning model, the method implemented on a processing resource in (page 1[0009]: a machine learning model may be designed for processing any type of input data and for generating any type of predictions. Machine learning models in production may be exposed to security threats in various forms such as adversarial attacks but are not limited various types including evasion, poisoning, trojaning, backdooring, reprogramming and inference attacks). Nasr-Azadani disclose receiving parameters describing the configuration of an attack; retrieving a machine learning (ML) model and loading it into an environment; retrieving a dataset and loading it into said model; retrieving data describing said attack in (fig.1;page 2[0014]; page 3[0017-0018]: Various live data are collected from various data sources and enter the DE. The live input data that are collected at the DE may include the main data items to be processed by the machine learning model and other meta data. The data are processed by the DE to determine whether the incoming data sample is adversarial or not. The live input data enter the system and pass through the generalizable DE stage first. The DE analyzes the data to determine whether the data is safe or unsafe. If the data is determined by the DE as unsafe, the system runs an automatable escalation via the escalator for sending alerts to users and to other components of the system and for making the data and assessment available both via, API.IF the data is determined by the DE as safe, the online pipeline continues to the DT phase and performs a necessary number of transformations of the live data before processing to the model execution phase. The live data processed and transformations by the DT then be passed to the main machine learning model in production for generating a prediction output. Potentially adversarial data detected and collected by the DE include but are not limited to data source location, data storage type, data type, data author, suspected adversarial attack type and suspected adversarial data sample(s)).
Claim 10: Nasr-Azadani disclose the model is translated into a model representation language in (page 4[0026]).
Claim 11: Nasr-Azadani disclose the model representation language enables the ML model to be analysed in a framework independent manner in (page 4[0025]).
Claim 12: Nasr-Azadani disclose monitoring the environment whilst the attack is executed to determine attack data; and recording the attack as data describing the attack in (page 2[0013-0014]).
Claim 13: Nasr-Azadani disclose monitoring at least one usage, system usage, network connections, input and output from the ML model and parameters of the ML model in (page 6[0042]).
Claim 14: Nasr-Azadani disclose utilising the data to train a neural network to determine the presence of the attack or a similar attack in (page 1[0010]).
Claim 15: Nasr-Azadani disclose analysing the data from the said attack by scoring the robustness of the model against a predefined suite of ML model attacks; determining risk and loss associated with the attack on the ML model in (page 4[0026]).
Claim 16: Nasr-Azadani disclose analysing the data from the said attack to identify potential security vulnerabilities; identifying improvements in the model to enable resistance against the identified security vulnerabilities in (page 4[0025-0026]).
Claim 17: Nasr-Azadani disclose receive parameters describing the configuration of an attack; retrieve an environment and retrieve retrieve a machine learning (ML) model and load it into a dataset and load it into said model; and data describing said attack in (fig.1;page 2[0014]; page 3[0017-0018]: Various live data are collected from various data sources and enter the DE. The live input data that are collected at the DE may include the main data items to be processed by the machine learning model and other meta data. The data are processed by the DE to determine whether the incoming data sample is adversarial or not. The live input data enter the system and pass through the generalizable DE stage first. The DE analyzes the data to determine whether the data is safe or unsafe. If the data is determined by the DE as unsafe, the system runs an automatable escalation via the escalator for sending alerts to users and to other components of the system and for making the data and assessment available both via, API.IF the data is determined by the DE as safe, the online pipeline continues to the DT phase and performs a necessary number of transformations of the live data before processing to the model execution phase. The live data processed and transformations by the DT then be passed to the main machine learning model in production for generating a prediction output. Potentially adversarial data detected and collected by the DE include but are not limited to data source location, data storage type, data type, data author, suspected adversarial attack type and suspected adversarial data sample(s)).
Claim 18: Nasr-Azadani disclose monitor the environment whilst the attack is executed to determine attack data; and record the attack as data describing the attack in (page 2[0014]).
Claim 19: Nasr-Azadani disclose utilise the data to train a neural network to determine the presence of the attack or a similar attack in (page 1[0010]).
Claim 20: Nasr-Azadani disclose analyse the data from the said attack by scoring the robustness of the model against a predefined suite of ML model attacks; and determine risk and loss associated with the attack on the ML model in (page 4[0026]).
Allowable Subject Matter
Claim 8 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
USPTO Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOSUK SONG whose telephone number is (571)272-3857. The examiner can normally be reached Mon-Fri: 7:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached 571-270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HOSUK SONG/Primary Examiner, Art Unit 2435