Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Application number 16/246/774 filed on 1/14/2019 has been considered.   Claims 1-20 are pending.
Priority
Acknowledgment is made of applicant’s claim for benefit of the provisional US Application No. 62/632,190, filed on 2/19/2018.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/14/2019 is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because claim 17 recites a system for detecting spoofing attacks comprising a training module and a testing module which are obvious to one of ordinary skill in the art that these modules are software, and the claim 17 does not recite any hardware component; as such, the claim 17 directs to a software per se which does not fall within the four categories of patent eligible subject matter.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-10, 12-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Canedo et al. (US 2019/0197238 hereinafter Canedo) in view of Xu et al. (“Unsupervised Anomaly Detection via Variational Auto-Encoder for Seasonal KPIs in Web Applications”, 2018 International World Wide Web Conference Committee, hereinafter Xu) .
Regarding claim 1, Canedo discloses a computer-implemented method executed on a processor for detecting spoofing attacks from network traffic log data, the method comprising: 
training a spoofing attack detector with the network traffic log data received from one or more mobile networks by (¶ [0007], [0026]): 
extracting features that are relevant to spoofing attacks for training data (¶ [0007], [0029]-[0031]; i.e. extracting features from the sensor datasets); 

training an anomaly detection model by employing a deep auto-encoding (¶ [0035]; i.e. deep propagation networks such as Bolzmann machines are used to model the distribution of the binary vectors and set of parameters) Gaussian mixture model (DAGMM); 
obtaining learned parameters (¶ [0035]-[0036]; i.e. the parameters or signatures may be learned during off-line training periods) of DAGMM; and 
storing the learned parameters in a database (¶ [0035]-[0036], [0048]; i.e. database to store time series field data, physics models, signatures, parameters, etc.).
Canedo discloses using deep learning to create signatures or learned parameter but does not explicitly disclose Gaussian mixture model.
However, Xu discloses combining Variational or Deep Auto-Encoder with the statistics of the Gaussian noises in anomaly detectors (section 1 and section 2.1).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Xu’s teaching into Canedo in order to implement generative models for effective anomaly detection on both normal and abnormal data (Canedo, section 1).
Regarding claim 2, Canedo in view of Xu discloses the method of claim 1, further comprising: testing the spoofing attack detector with the network traffic log data 
Regarding claim 4, Canedo in view of Xu discloses the method of claim 1, wherein the learned parameters include a first set of parameters from a deep auto-encoder and a second set of parameters from a Gaussian mixture model (GMM) (Xu, section 2.4; i.e. a deep Bayesian network models the relationship between a Gaussian variable and variable derived from a neural network).
Regarding claim 5, Canedo in view of Xu discloses the method of claim 4, wherein the first set of parameters enable projection of the network traffic log data from their feature space to a compact latent space and the second set of parameters enable evaluation of whether a group of traffic logs are anomalous in terms of spoofing attack related features (Xu, Figure 12, section 5.1).
Regarding claim 6, Canedo in view of Xu discloses the method of claim 1, wherein the spoofing attack alert report includes a start time and an end time of a log group, and the generated alerts are stored in an alert database (Xu, section 4.2).

Regarding claim 8, Canedo in view of Xu discloses the method of claim 1, wherein the testing data is partitioned into a first set of groups and the testing data is partitioned into a second set of groups (Xu, section 5.3).

Regarding claim 9, see claim 1 above for the same reasons of rejections. 
Regarding claim 10, see claim 2 above for the same reasons of rejections. 
Regarding claim 12, see claim 4 above for the same reasons of rejections. 
Regarding claim 13, see claim 5 above for the same reasons of rejections. 
Regarding claim 14, see claim 6 above for the same reasons of rejections. 
Regarding claim 15, see claim 7 above for the same reasons of rejections. 
Regarding claim 16, see claim 8 above for the same reasons of rejections. 
Regarding claim 17, Canedo discloses a system for detecting spoofing attacks from network traffic log data, the system comprising: 
a training module for training a spoofing attack detector with the network traffic log data received from one or more mobile networks by (¶ [0007], [0026]): 
extracting features that are relevant to spoofing attacks for training data (¶ [0007], [0029]-[0031]; i.e. extracting features from the sensor datasets); 
building a first set of vector representations for the network traffic log data (¶ [0033]; i.e. output of the feature extraction module is quantized into a binary vector and merged with binary vectors of other modalities); 

obtaining learned parameters (¶ [0035]-[0036]; i.e. the parameters or signatures may be learned during off-line training periods) of DAGMM; and 
storing the learned parameters in a database (¶ [0035]-[0036], [0048]; i.e. database to store time series field data, physics models, signatures, parameters, etc.); and 
a testing module for testing the spoofing attack detector with the network traffic log data received from the one or more mobile networks by (FIG. 3, ¶ [0044]-[0045]): 
extracting features that are relevant to spoofing attacks for testing data (FIG. 3, ¶ [0045]-[0045]; i.e. extracting features during the online detection). 
Canedo discloses using deep learning to create signatures or learned parameter but does not explicitly disclose Gaussian mixture model; building a second set of vector representations for the network traffic log data; obtaining latent representations of the testing data by the learned model from the training phase; computing a z-score of the testing data based on the latent representations of the testing data; and creating a spoofing attack alert report listing traffic logs generating z-scores exceeding a predetermined threshold.
However, Xu discloses combining Variational or Deep Auto-Encoder with the statistics of the Gaussian noises in anomaly detectors (section 1 and section 2.1); building a second set of vector representations for the network traffic log 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Xu’s teaching into Canedo in order to implement generative models for effective anomaly detection on both normal and abnormal data (Canedo, section 1).
Regarding claim 19, see claim 4 above for the same reasons of rejections. 
Regarding claim 20, see claim 5 above for the same reasons of rejections. 
Allowable Subject Matter
Claims 3, 11 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.D.N/Examiner, Art Unit 2435   

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435