DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 4, 6, 8, 10, 11, 13, 15, 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tamir et al. (hereinafter, “Tamir”), US 2016/0328561 in view of Kune et al. (hereinafter, “Kune”), US 2018/0007074.

As per claim 1: Tamir discloses: An apparatus for detecting (detecting malware or other anomalies [Tamir, ¶1]): a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time (monitoring a set of hardware counters of a computer system over a time period [Tamir, ¶¶68-69]); a machine learning model processor to apply a machine learning model to predict a third value corresponding to the second time (the monitored data from the hardware counters are compared to stored ‘fingerprints’, representing normal behavior (e.g. expected/predicted values) [Tamir, ¶68]; wherein the fingerprint is trained in a neural network, or other machine learning-based network [Tamir, ¶67]); an error vector generator to generate an error vector representing a difference between the second value and the third value (obtaining a difference between the monitored data and fingerprint data [Tamir, ¶71]); an error vector analyzer to determine a probability of the error vector indicating an anomaly (if the difference exceeds a predetermined threshold from the fingerprint model, then an anomaly presence is detected [Tamir, ¶71]); and an anomaly detection orchestrator to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate a side channel anomaly (an alert for an action is triggered in response to the detection of malware/anomaly [Tamir, ¶73]).
Tamir does not disclose detecting the anomalies associated to “side channel[s]”. However, side channel analysis have been a well-known and common technique in detecting 
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the techniques of Tamir for detecting side channel anomalies. Side channel attacks exploit the weaknesses of the computer system itself (e.g. the physical aspects), rather than system’s implemented software or algorithms. It would have been advantageous to expand the scope of anomaly detection in Tamir to include such attacks and not just on malware (e.g. software).

As per claim 3: Tamir in view of Kune disclose all limitations of claim 1. Furthermore, Tamir in view of Kune disclose: further including a machine learning model trainer to train the machine learning model based on benign hardware performance counter data (defining behavioral models (fingerprints) for normal or expected behavior [Tamir, ¶50]).

As per claim 4: Tamir in view of Kune disclose all limitations of claim 3. Furthermore, Tamir in view of Kune disclose: wherein the machine learning model trainer does not train the machine learning model based on attack hardware performance counter data (the fingerprint, or behavioral model, is trained as a neural network from collected hardware counter data; the neural network is representative of a normal system [Tamir, ¶¶50, 67]; thus, it is implied that anomalous data is not included in the training, as the neural network is supposedly representative of what a ‘normal’ system behaves – in other words, anomalous data is not 

As per claim 6: Tamir in view of Kune disclose all limitations of claim 1. Furthermore, Tamir in view of Kune disclose: wherein the hardware performance counter data organizer is further to impute a fourth value having a timestamp intermediate the first time and the second time (collecting hardware counter data over a period of time [Tamir, ¶¶51, 54]).

As per claim 8: Claim 8 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 8 is directed to a non-transitory computer-readable medium corresponding to the apparatus of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 8.

As per claim 10: Claim 10 incorporates all limitations of claim 8 and is directed a non-transitory computer-readable medium corresponding to the apparatus of claim 3. Therefore, the arguments set forth above with respect to claims 3 and 8 are equally applicable to claim 10 and rejected for the same reasons.

As per claim 11: Claim 11 incorporates all limitations of claim 10 and is directed a non-transitory computer-readable medium corresponding to the apparatus of claim 4. Therefore, the arguments set forth above with respect to claims 4 and 10 are equally applicable to claim 11 and rejected for the same reasons.

As per claim 13: Claim 13 incorporates all limitations of claim 8 and is directed a non-transitory computer-readable medium corresponding to the apparatus of claim 6. Therefore, the arguments set forth above with respect to claims 6 and 8 are equally applicable to claim 13 and rejected for the same reasons.

As per claim 15: Claim 15 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 15 is directed to an apparatus corresponding to the apparatus of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 15.

As per claim 17: Claim 17 incorporates all limitations of claim 15 and is directed an apparatus corresponding to the apparatus of claim 3. Therefore, the arguments set forth above with respect to claims 3 and 15 are equally applicable to claim 17 and rejected for the same reasons.

As per claim 18: Claim 18 incorporates all limitations of claim 17 and is directed an apparatus corresponding to the apparatus of claim 4. Therefore, the arguments set forth above with respect to claims 4 and 17 are equally applicable to claim 18 and rejected for the same reasons.

As per claim 20: Claim 20 incorporates all limitations of claim 15 and is directed an apparatus corresponding to the apparatus of claim 6. Therefore, the arguments set forth above with respect to claims 6 and 15 are equally applicable to claim 20 and rejected for the same reasons.
	
Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Tamir in view of Kune and Shah et al. (hereinafter, “Shah”), US 2018/0300621.
As per claim 2: Tamir in view of Kune disclose all limitations of claim 1. Tamir in view of Kune does not disclose: wherein the machine learning model is implemented using a stacked gated recurrent unit architecture. However, both [Tamir, ¶67] and [Kune, ¶35] do disclose and suggest the use of neural networks for training an anomaly detection model. For example, in the background portion of Shah recurrent neural networks (RNN) are one type of known neural networks, which include gated recurrent units (GRU) [Shah, ¶5].
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement the machine learning models in Tamir and/or Kune using GRUs, as disclosed in Shah. GRUs were suited for use in multi-variate time series data analysis [Shah, ¶5], which would have been practical for the monitored hardware counter data over a period of time in Tamir.

As per claim 9: Claim 9 incorporates all limitations of claim 8 and is directed a non-transitory computer-readable medium corresponding to the apparatus of claim 2. Therefore, 

As per claim 16: Claim 16 incorporates all limitations of claim 15 and is directed an apparatus corresponding to the apparatus of claim 2. Therefore, the arguments set forth above with respect to claims 2 and 15 are equally applicable to claim 16 and rejected for the same reasons.

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tamir in view of Kune and Oba (hereinafter, “Oba”), US 2019/0095300.
As per claim 5: Tamir in view of Kune disclose all limitations of claim 1. Tamir and Kune do not disclose how the threshold is determined as in claim 5. However, Oba is directed to analogous art of anomaly detection [Oba, ¶27]. Oba discloses: further including a threshold determiner to determine the threshold based on a first probability associated with benign hardware performance data and a second probability associated with attack hardware performance data (obtaining a threshold for determining if a score is anomalous, wherein the threshold is calculated by employing a cross validation method of the learning data 211 such that the probability of a score being anomalous is accurate as possible [Oba, ¶112]; wherein the learning data includes normal and anomalous data and are used in estimating probability density distribution of the data [Oba, ¶¶69, 74]).
Thus, it would have being obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement a method for calculating the 

As per claim 12: Claim 12 incorporates all limitations of claim 8 and is directed a non-transitory computer-readable medium corresponding to the apparatus of claim 5. Therefore, the arguments set forth above with respect to claims 5 and 8 are equally applicable to claim 12 and rejected for the same reasons.

As per claim 19: Claim 19 incorporates all limitations of claim 15 and is directed an apparatus corresponding to the apparatus of claim 5. Therefore, the arguments set forth above with respect to claims 5 and 15 are equally applicable to claim 19 and rejected for the same reasons.

Allowable Subject Matter
Claims 7, 14, and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2015/0373036: Discloses using a vector classifier model to determine whether a side channel attack is underway. The behavior activity of the device is monitored, including hardware counters.
US 2016/0188876: Discloses training a support vector machine classifier using only normal messages of a CAN bus to minimize false positives and false negatives.
US 2016/0253498: Discloses monitoring hardware counters to observe the behavior of a mobile device and to determine suspicious or benign activities.
US 9,904,587: Discloses receiving values from one or more hardware counters are particular intervals to identify anomalous behavior.
Garcia-Serrano A. Anomaly detection for malware identification using hardware performance counters. arXiv preprint arXiv:1508.07482. 2015 Aug 29. Discloses anomaly detection using hardware performance counters and machine learning models to discover outliers.
Nomani J, Szefer J. Predicting program phases and defending against side-channel attacks using hardware performance counters. In Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy 2015 Jun 14 (pp. 1-4). Discloses mitigating side channel attacks by predicting where program phases should be scheduled.
Li C, Gaudiot JL. Online detection of spectre attacks using microarchitectural traces from performance counters. In 2018 30th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD) 2018 Sep 24 (pp. 25-28). IEEE. Discloses using machine learning classifiers to detect malicious attacks, where the classifiers are trained from collected micro-architectural features of hardware performance counters.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453.  The examiner can normally be reached on Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        2-04-2021