DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/12/2021 has been entered. 

Response to Amendment
This action is in response to the communications and remarks filed on 4/12/2021. Claims 1, 3-22, 25-34, and 36-38 are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 11-14, filed 4/12/2021, regarding the 103 rejections of Claims 1, 3-22, 25-34, and 36-38, have been fully considered and are persuasive. The rejections have been withdrawn and the claims are now in condition for allowance.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  
Authorization for this examiner’s amendment was given in an emailed examiner’s amendment from William Schaal (Reg. No. 39,018) received on 4/15/2021.

Please replace Claim 1 with the following:
(Currently Amended)	A system, implemented with at least one processor and at least one memory including software that, when executed by the at least one processor, detects whether an executable file is associated with a cyber-attack, the system comprising: 
a pre-processor configured to (i) select a section of binary code, included as part of the executable file and corresponding to executable machine code, in lieu of a dissembled version of the binary code and (ii) generate a first representation of the section of the binary code;
a deep neural network including a convolutional neural network communicatively coupled to the pre-processor, the convolutional neural network (CNN) being configured to process a CNN input being the first representation of the section of the binary code by at least applying a plurality of weighting operations executing a programmatic function on the first representation to produce a CNN output, the convolutional neural network configured to identify patterns in the first representation operating as 
a classifier communicatively coupled to the convolutional neural network, the classifier being configured to (i) receive the CNN output including one or more patterns for use in determining 
a message generator configured to generate a message in response to determining the classification of the executable file as being associated with a cyber-attack. 

Please replace Claim 3 with the following:

processor separates the section of the binary code into a first subsection and a second subsection, and each of the first and second subsections 

Please replace Claim 5 with the following:
5.	(Currently Amended)	The system of claim 4, wherein the section of 
the binary code comprises a predetermined number of bytes from one of a starting location of the PE file or an offset from the starting location of the PE file.

Please replace Claim 7 with the following:
7.	(Currently Amended)	The system of claim 6, wherein the post-
analysis subsystem includes grouping logic to concatenate information associated with the received second output and the received CNN output and the classifier communicatively coupled to the grouping logic to receive a representation of the concatenated information and determine 

Please replace Claim 10 with the following:
10.	(Currently Amended)	The system of claim 1, wherein the pre-
processor separates the binary code into [[the ]]one or more code sections of the binary code along a predefined format for the executable file in accordance with an applicable specification, the one or more code sections include the section of binary code. 

Please replace Claim 18 with the following:
     (Currently Amended)	The system of claim 1[[17]], wherein the 
classifier further includes concatenation logic and a score generator, and wherein
the concatenation logic of the classifier being communicatively coupled to [[an]]the intelligence-driven analysis system being configured to (i) receive the executable file, and (ii) operate concurrently with the deep neural network to detect static features associated with a cyber-attack in the executable file; and
the score generator of the classifier to assign the threat score based on a concatenation produced by the concatenation logic of the detected static features provided by the intelligence-driven analysis subsystem and the CNN output provided by the convolutional neural network.

Please replace Claim 19 with the following:
19.     (Currently Amended)	The system of claim 18, wherein the 
concatenation logic of the classifier to provide the detected features in a representation having a format as used by the CNN output provided by the convolutional neural network to the score generator. 

Please replace Claim 22 with the following:
22.	(Currently Amended)	A system for detecting whether an executable 
file including binary code is associated with a cyber-attack, the system comprising:
an intelligence-driven analysis subsystem to (i) receive the executable file, (ii) inspect and compute features of the executable file for indicators associated with a cyber-attack where the features are associated with one or more data patterns, and (iii) produce a first output representing the detected features;
a computational analysis subsystem including a convolutional neural network (CNN) to (i) receive a CNN input being a first representation of at least one section of binary code from the executable file as input, and (ii) process the first representation of the section to produce a second output, the convolutional neural network is configured to identify patterns in the first representation operating as 
a classifier communicatively coupled to the computational analysis subsystem, the classifier being configured to (i) receive the second output including one or more patterns for use in determining  convolutional neural network
a post-analysis subsystem communicatively coupled to both the intelligence-driven analysis subsystem and the computational analysis subsystem, the post-analysis subsystem comprises a classifier being configured to (i) receive the first output from the intelligence-driven analysis subsystem and the second output from the convolutional neural network and (ii) determine a classification assigned to the executable file based, at least in part, on a threat score generated based on the received first output and the received second output from the convolutional neural network. 

Please replace Claim 26 with the following:
    (Currently Amended)	The system of claim 22, wherein the 
computational analysis subsystem comprises the convolutional neural network 

Please replace Claim 34 with the following:
34.	(Currently Amended)	A method for classifying a file as a benign file or a malicious file associated with a cyber-attack, comprising: 
receiving the file, the file comprises a binary code, the binary code corresponding to executable machine code;
selecting a section of the binary code from the file;
encoding the binary code section to produce a first representation of the binary code section;
processing the first representation of the binary code section by a convolutional neural network, the processing performed by the convolutional 
determining a classification assigned to the file at least based, at least in part, on a threat score generated based  on the received output from the convolutional neural network and an output from an intelligence-driven analysis system operating concurrently with the deep neural network, wherein the output is based on static analysis of the executable file.

Please cancel Claim 35.
Please add Claim 39:
39.	(New)	The method of claim 34, wherein the selecting of the section of the binary code comprises separating the binary code into a first subsection and a second subsection, wherein both the first subsection and the second subsection correspond to the first representation processed by the convolutional neural network to generate the CNN output provided to the classifier.

Please add Claim 40:
40.	(New)	The method of claim 34, wherein the file comprises a Portable Executable (PE) file.  

Please add Claim 41:
41.	(New)	The method of claim 41, wherein the section of the binary code comprises a predetermined number of bytes from one of a starting location of the PE file or an offset from the starting location of the PE file.  

Please add Claim 42:
42.	(New)	The method of claim 41, wherein the section of the binary code as comprises either (i) the binary code in its entirety when the binary code has a length less than a first number of bytes or (ii) a portion of the binary code less than the binary code in its entirety when the binary code has a length greater than the first number of bytes, wherein the portion of the binary code being a fixed number of bytes.  

Please add Claim 43:
43.	(New)	The method of claim 42, wherein responsive to the binary code having a length greater than the first number of bytes, selecting the fixed number of bytes as the code section, the fixed number of bytes comprises either (i) the fixed number of contiguous bytes within the binary code or (ii) a first number of bytes and a second number of bytes non-contiguous from the first number of bytes collectively forming the fixed number of bytes.  

Please add Claim 44:
44.	(New)	The method of claim 34 being conducted by an endpoint device including a processor and a memory including remediation logic, wherein the remediation logic preventing execution of the file by the processor.  

Please add Claim 45:
45.	(New)	The method of claim 34, wherein the convolutional neural network operates directly on the section of the binary code without disassembly of the binary code.  

Please add Claim 46:
46.	(New)  The method of claim 34, wherein the convolutional neural network being deployed as part of cloud services.  

Allowable Subject Matter
Claims 1, 3-22, 25-34, and 36-38 are allowed.
This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant's arguments filed on 4/12/2021 are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).  The subsequent examiner’s amendment only clarifies wording and informalities but does not change the scope of the claims as addressed in the applicant’s argument filed on 4/12/2021.  
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923.  The examiner can normally be reached on M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J STEINLE/Primary Examiner, Art Unit 2497