DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with gayathri Natter Ranganathan on 19 Feburary 2021.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

CLAIM 1:
An apparatus for detection of malicious documents using machine learning, comprising: 
a memory; and 
a processor device communicatively coupled to the memory, the processor device configured to receive a first potentially malicious file and a second potentially malicious file, the first potentially malicious file having a first file format, the second potentially malicious file having a second file format different than the first file format, 
, wherein the first plurality of strings being from a file having the first file format and the second plurality of strings being from a file having the second file format, 
the processor device configured to generate a first histogram based on a length of each string from the first plurality of strings and a second histogram based on a length of each string from the second plurality of strings, 
the processor device configured to define a first feature vector based on the first histogram, 
the processor device configured to define a second feature vector based on the second histogram, 
the processor device configured to provide the first feature vector as an input to a machine learning model to produce a maliciousness classification of the first potentially malicious file corresponding to a first type of malware, 
the processor device configured to provide the second feature vector as an input to the machine learning model to produce a maliciousness classification of the second potentially malicious file corresponding to a second type of malware.  

CLAIM 10:
A non-transitory processor-readable medium storing code representing instructions to be executed by a processor device for detection of malicious documents using machine learning, the code to cause the processor device to: 
receive a potentially malicious file having an archive format, wherein a first potentially malicious file having a first file format and a second potentially malicious file having a second file format different than the first file format; 
identify a central directory structure of the potentially malicious file; 
extract, based on identifying the central directory structure, a plurality of strings from the central directory structure, wherein extract a first plurality of strings from the first potentially malicious file having the first file format, and extract a second plurality of strings from the second potentially malicious file having the second file format; 
generate a histogram based on a length of each string from the plurality of strings, wherein generate a first histogram based on a length of each string from the first plurality of strings and a second histogram based on a length of each string from the second plurality of strings; 
define a respective feature vector based on each of the respective histogram; and 
provide the respective feature vector as an input to a machine learning model to produce a maliciousness classification of the potentially malicious file corresponding to a respective type of malware.  

CLAIM 16:
A method for detection of malicious documents using machine learning, comprising: 
training, using a length of each string from a first plurality of strings and a length of each string from a second plurality of strings, a machine learning model to produce a maliciousness classification corresponding to a respective type of malware for files having a first file format and files having a second file format different from the first file format, the first plurality of strings being from a file having the first file format and the second plurality of strings being from a file having the second file format; 
generating a first histogram based on a length of a plurality of strings within a first potentially malicious file, the first potentially malicious file having the first file format; 
defining a first feature vector based on the first histogram; 
identifying a maliciousness classification of the first potentially malicious file corresponding to a first type of malware by providing the first feature vector to the machine learning model; 
generating a second histogram based on a length of a plurality of strings within a second potentially malicious file, the second potentially malicious file having the second file format; 
defining a second feature vector based on the second histogram; and 
identifying a maliciousness classification of the second potentially malicious file corresponding to a second type of malware by providing the second feature vector to the machine learning model.  


Allow Subject Matter

Claims 1 – 24 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 10 & 16 (& associated dependent claims).

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e).  Specifically, applicant’s claim amendments and arguments filed on 2/11/2021 and Examiner’s Amendment are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2169 - 2021)