DETAILED ACTION

1.	This office action is in response to 8/03/2020. Claims 1, 9, 13 have been amended. Claims 1-15 are allowed. 


Response to Arguments

a.	Applicant argues in substance that - Applicant respectfully submits that the combination of Zoldi and Memon fails to disclose, at least, the amended features of independent claim 1. 
In response to applicant’s argument – As stated below and in the office action, Zolidi discloses a system and method of detecting command and control behavior of malware on a client computer where one or more DNS messages are monitored from one or more client computers to a DNS server to determine a risk that one or more client computers is communicating with a botnet, further one or more scores are generated  via graphical representation representing probabilities that one or more client computers is infected by malware. Memon was introduced to disclose “determine a second subset of the nodes (second set of data points stored within each group Memon [par.0033]) that are associated with malicious activity based on a first portion of the second subset of the nodes that are on the blacklist (secondary source of malicious activity gathered from 

Allowable Subject Matter

Claims 1-15 are allowed.

2.	The following is an examiner’s statement of reasons for allowance: 	
The closest prior art issued Pub.No.: US 2015/0195299 A1 to Zoldi et al(hereafter referenced as Zoldi) in view of Pub.No.: US 2010/0235915 A1 to Memon et al(hereafter referenced as Memon) fails to teach or suggest “determine a second subset of the nodes that are associated with malicious activity based on a first portion of the second subset of the nodes that are on the blacklist and based on a second portion of the second subset of the nodes that are not on a blacklist and not on the whitelist, .
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159.  The examiner can normally be reached on Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/MICHAEL D ANDERSON/Examiner, Art Unit 2432                                                                                                                                                                                                        
/MORSHED MEHEDI/Primary Examiner, Art Unit 2432