Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                          DETAILED ACTION
This is in response to the communication filed on 09/18/2018. Claims 1-20 were pending in the application. Claims 1-20 are allowed.
         Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/18/2018 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
                            Examiner’s Reasons for Allowance
The following is an examiner’s statement of reasons for allowances: 
            Independent claim 1 is patentable over the cited prior arts because they do not anticipate nor fairly and reasonably teach independently or in combination a system comprising besides other limitations: translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and clustering a plurality of operation codes identified in the plurality of disassembled functions into a plurality of operation code clusters according to respective operation code; and associating the plurality of statistical values of the plurality of disassembled functions and the plurality of operation code clusters with the training executable file’s class label to produce a training dataset; and training a file 
Independent claim 14 is patentable over the cited prior arts because they do not anticipate nor fairly and reasonably teach independently or in combination a method comprising besides other limitations: translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and clustering a plurality of operation codes identified in the plurality of disassembled functions into a plurality of operation code clusters according to respective operation code; and associating the plurality of statistical values of the plurality of disassembled functions and the plurality of operation code clusters with the training executable file’s label to produce a training dataset; and training a file classification model using the plurality of training datasets to compute at least one classification score of an input file.
Independent claim 15 is patentable over the cited prior arts because they do not anticipate nor fairly and reasonably teach independently or in combination a system  comprising besides other limitations: translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and clustering a plurality of training operation codes identified in the plurality of training disassembled functions into a plurality of training operation code clusters according to respective training operation code; and associating the plurality of training statistical values of the plurality of training disassembled functions and the plurality of training operation code clusters with 

Closest prior art in the record, Sai, 9,864,956 B1, teaches a method includes training a file classifier from one or more n-gram feature vectors received from a plurality of binary files as input. Sai further teaches another method that includes generating, by the file classifier, output including classification data associated with the file based on the one or more n-gram vectors, where the classification data indicates whether the file includes malware (See Abstract)However, Sai apparently fails to teach expressly translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and clustering a plurality of operation codes identified in the plurality of disassembled functions into a plurality of operation code clusters according to respective operation code; and computing a plurality of statistical values of the plurality of disassembled functions and the plurality of operation code clusters.
           Closest prior art in the record, Sikorski et al, US 10,713,358 B2 teaches a  system and method operable to identify malicious software by extracting one or more features disassembled from software suspected to be malicious software and employing one or more of those features in a machine-learning algorithm to classify such software (See Abstract) However,  Sikorski et al fails to teach expressly clustering a plurality of operation codes identified in the plurality of disassembled functions into a plurality of 
            Closest prior art in the record, Sickendick et al, US 2015/0248556 A1 teaches a method for disassembling firmware wherein a binary firmware image is divided using a sliding window into a plurality of segments. Segments of the plurality of segments are classified as file types. Code file types are identified among the classified segments of the plurality of segments. At least the classified code file types of the binary firmware image are disassembled based on the classified code architecture. The disassembled binary firmware image is evaluated for malware. Sickendick et al uses statistical and SVM classifiers for correctly identifying file segments; and uses file type data, code architecture data and file segmentation data for disassembling binary firmware for malware analysis (See Figure 3 and figure 8 in Sickendick et al) However,  Sickendick et al apparently fails to teach expressly translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and associating the plurality of statistical values of the plurality of disassembled functions and the plurality of operation code clusters with the training executable file’s class label to produce a training dataset; and training a file classification model using the plurality of training datasets to compute at least one classification score of an input file.
          Closest prior art in the record, Schmidtler et al., US 2016/0335435  A1 teaches a system relate to threat detection of executable files wherein the classifier may be Schmidtler et al further teaches determining classification for executables and re-training learning classifiers; and training a linear SVM, wherein resulting classification scores generated by each linear SVM may be combined into a final classification score using a decision tree (See figure 3, and para. [0049] in Schmidtler et al )  However,  Schmidtler et al. apparently fails to teach expressly translating each of the respective plurality of binary functions into a symbolic language to produce a plurality of disassembled functions; and clustering a plurality of operation codes identified in the plurality of disassembled functions into a plurality of operation code clusters according to respective operation code; and associating the plurality of statistical values of the plurality of disassembled functions and the plurality of operation code clusters with the training executable file’s class label to produce a training dataset.
                                                       Conclusion
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays should be clearly labeled “Comments on Statement of Reasons for Allowance.”
          Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHANTO ABEDIN whose telephone number is 571-
/SHANTO ABEDIN/Primary Examiner, Art Unit 2494