DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application was filed on 06/30/2017.
This action is in response to amendments and remarks filed with the AFCP 2.0 request submitted on 12/21/2020. Claims 2, 4, 9, 11, and 18 were previously cancelled and claims 1, 8, 12, 15, 16, and 19 are currently amended. Claims 1, 3, 5-8, 10, 12-17, and 19-24 are pending and have been examined.
In response to amendments and remarks filed with the AFCP 2.0 request submitted on 12/21/2020, which have been entered, the 35 U.S.C. 103 rejection to claims 1, 3, 5-8, 10, 12-17, and 19-24 made in the previous Office Action has been withdrawn.

Allowable Subject Matter
Claims 1, 3, 5-8, 10, 12-17, and 19-24 are allowed. These claims are renumbered as claims 1-19 upon allowance.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent Claim 1 is directed to a computer-implemented method for modifying probabilistic model. None of the prior arts, either alone or in combination, teaches the following limitations:
...determining second generation fitness scores for each member of the second generation, the second generation fitness score for a given member of the second generation of variant files being a difference between one and a probability, p, assigned by the probabilistic model to the existence of the feature in the given member of the second generation of variant electronic files; determining differences between the second generation fitness scores and first generation fitness scores for each member of the second generation and its corresponding first generation progenitor; mapping at least one of the 

Independent Claim 8 is directed to a system for modifying probabilistic model. None of the prior arts, either alone or in combination, teaches the following limitations:
...determining second generation fitness scores for each member of the second generation, the second generation fitness score for a given member of the second generation variant files being a difference between one and a probability, p, assigned by the probabilistic model to the existence of the feature in the given member of the second generation of variant electronic files; determining differences between the second generation fitness scores and first generation fitness scores for each second generation member and a corresponding first generation progenitor of the second generation member; based on at least one of the differences; determining a second region of the seed file for which the probabilistic model fails to detect the feature; and modifying the probabilistic model based upon the second region of the seed file by retraining the probabilistic model with additional examples corresponding to the second region of the seed file.

Independent Claim 15 is directed to a non-transitory machine-readable medium for modifying probabilistic model. None of the prior arts, either alone or in combination, teaches the following limitations:
...determining second generation fitness scores for each member of the second generation, the second generation fitness score for a given member of the second generation of variant files being a difference between one and a probability, p, assigned to the likelihood that the given member of the second generation of variant files evades detection by the malware detector; vi. determining differences between the second generation fitness scores and first generation fitness scores for each member of the 

The closest prior arts of record are the following:
Xu et al. (“Automatically Evading Classifiers”) teaches developing and evaluating a method for automatically finding variants that evade classifiers.
Zhang et al. (“Adversarial Feature Selection Against Evasion Attacks”) teaches a systematic security evaluation of classification algorithms exploiting reduced feature sets.
Makandar et al. (“Malware Class Recognition Using Image Processing Techniques”) teaches classifying malware variants by applying image processing techniques.
Tobiyama et al. (“Malware Detection with Deep Neural Network Using Process Behavior”) teaches developing malware process detection method using Deep Neural Network based on process behavior in possible infected terminals.
Srndic et al. (“Practical Evasion of a Learning-Based Classifier: A Case Study”) teaches experimentally investigate the effectiveness of classifier evasion using a deployed system.
Dai et al. (“Using Genetic Algorithm for Optimal Security Hardening in Risk Flow Attack Graph”) teaches a multi-objective genetic algorithm to infer the priority of hardening strategies automatically for Risk Flow Attack Graph.
Mehdi et al. (“IMAD: In-Execution Malware Analysis and Detection”) teaches IMAD, a realtime, dynamic, efficient, in-execution zero-day malware detection scheme, which analyzes the system call sequence of a process to classify it as malicious or benign.
Friedrichs et al. (US 9,088,601 B2) teaches detecting malicious software through machine learning techniques such as a neural network. [cited but not relied upon]

However, taken alone or in combination, the aforementioned prior art references do not sufficiently teach or suggest the claim limitations as recited in the claimed invention in each of independent claims 1, 8, and 15, which includes the features recited above. Therefore, the present claims are allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YING YU CHEN whose telephone number is (571)270-1484.  The examiner can normally be reached on Monday-Friday 7:30 am-5:00 pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamran Afshar can be reached on (571) 272-7796.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/Y.C./Examiner, Art Unit 2125                                                                                                                                                                                                        

/KAMRAN AFSHAR/Supervisory Patent Examiner, Art Unit 2125