DETAILED ACTION
	Claims 1-27 are presented on 08/29/2019 for examination on merits.  Claims 1, 10, and 19 are independent base claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Set #1.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted as for examination on merits are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Specification
The disclosure is objected to because of the following informalities: 
The specification at lines 3-4 of page 25 has the following unclear sentence: “States that the attacker is not capable of do not decrease by launching attacks and the attacker does not need to go back to the privileges already gained.”  It appears that there are some missing parts in this sentence.  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-27 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
The rationale for this determination is explained below:  
First – following Step 1 of the guidance, Claims 1-27 are directed to a method comprising a series of functional steps, a non-transitory computer readable medium or a system of one or more computers.  Therefore, the claimed invention falls into one of the four statutory categories.
Secondly – following Step 2 of the guidance, claims 1-20 are analyzed for its underlying inventive concept with a new two-prong inquiry (1) does the claim recite an abstract idea, law of nature, or natural phenomenon, and/or judicial exceptions? And (2) does the claim recite additional elements that integrate the judicial exception into a practical application?
It is determined that claimed invention is directed to an abstract idea or at least one of the judicial exceptions, because the concept of the invention is basically graphing network attacks and generating alerts based on path values of a graph representative of a set of action states within a network; the first prone of the inquiry.  The invention is a concept that can be performed in the human mind (including an observation, evaluation, judgment, opinion), which is categorized as Mental processes in the 2019 PEG guideline.  It is noted that computer 

Regarding the second prone, the identified additional elements – one or more computer or devices failed to integrate the idea of “graphing network attacks and generating alerts” into a practical application.  
The claims does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites computer implemented method or a system of one or more computers.  These elements only perform or suggest to perform functions of a general computer such as receiving, retrieving, and storing data.  The outputting and/or displaying alerts, if applied, is a generic computing operation that does not enhance the functionality of the computer. Further, the claim does not recite an improvement to another technology or technical field, an improvement to the functioning of the computer itself, or meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment.  Therefore, the claim is abstract without significantly more.
Dependent claims 2-9, 11-18, and 20-27, when analyzed individually or as a whole, are held to be patent ineligible under 35 U.S.C. 101 because, the additional recited limitation(s) fail(s) to amount to “significantly more” than the judicial exception, and thereby non-statutory.

Please see “The 2019 Revised Patent Subject Matter Eligibility Guidance (or “2019 PEG” for short) published in January 2019 at USPTO Website.  Note that the groupings of abstract ideas in the 2019 PEG are not the same as those on the Abstract Ideas QRS or in the MPEP. The groupings in the 2019 PEG should be FOLLOWED for identifying abstract ideas. The 2019 PEG does not change the analysis at Step 2B which pertains to an improvement to conventional functioning of a computer or to technological processes; see also MPEP 2106.05(a).


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claims 1, 10, and 19 each recite a limitation “action states relative to each other” unclearly in the second determining step after defining “a set of action states within a network” in the providing step. It is understood that a set of action states within a network constitutes a state graph which is the base for determining both path stealthiness values and path hardness values.  However, the “action states relative to each other” in the second determining step appear to be separate action states from the set of action states within the network as defined in the providing step.  The limitation “relative to each other” is unclear if the set of action states is undefined.
Claims 1, 10, and 19 each recite a limitation “to repeatedly perform an action of an action state” unclearly in the second determining step because it is uncertain how this action state is related to the set of action states within the network as defined in the providing step.
generating an alert" wherein it is unclear whether the generated alert is related to the one or more alerts generated in the base claims 1, 10, and 19, respectively.  It appears that there is insufficient antecedent basis for this limitation in the claims when considering “one or more alerts” have been selectively generated in the respective base claims.
Claims 6, 7, 15, 16, 24, and 25 each recite the limitation "violates a respective threshold value” unclearly.  It is understood that a value may be greater than or less than a threshold value in comparison.  However, it is unclear whether the meaning of violating a respective threshold value is “greater than” or “less than” a threshold value.
Dependent claims 2-9, 11-18, and 20-27 are further rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph because they each depend from the rejected base claims 1, 10, and 19, respectively.

Allowable Subject Matter
Claims 1-27 are allowable over prior art for the following reasons:
The closest prior art, Rosen, Ahmed, Crowley, and Holloway do not disclose the features of “determining a path stealthiness value for each attack path of a set of attack paths within the network, path stealthiness values being determined based on a mapping that maps each action state to one or more technique-tactic pairs and one or more security controls; 
determining a path hardness value for each attack path of the set of attack paths within the network, path hardness values being determined based on a state correlation matrix that correlates action states relative to each other, and a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state” as recited in independent claims 1, 10, and 19, respectively.  
The first closest art Peled (US 20190188389 A1) filed December 14, 2017 discloses a network graph being used for assessing risks of network attacks and to contain or restrict an a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state. 
The second closest art Bassett (US 20160205122 A1) published July 14, 2016 teaches an improved method for analyzing computer network security to detect attacks (par. 0006).  In Bassett, the attack graph are connected to observable nodes associated with physical sensors on the network, and attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security (par. 0006, 0027 and 0028).  However, Bassett failed to discloses any path [hardness] value for each attack path of the set of attack paths within the network, path hardness values being determined based on a state correlation matrix that correlates action states relative to each other, and a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state.
The third closest art Paine (US 20180255077 A1) filed September 8, 2017 discloses deviation values for each of the system endpoints and a cumulative risk value.  However these two values are not for the same use of the claimed path stealthiness value and path hardness value.  Paine discloses a service configured to take a first snapshot of the corresponding system endpoint, wherein the first snapshot is to be associated with the second snapshot to form an aggregated snapshot for generating a cumulative risk value (the Abstract and par. 0036).  Paine’s cumulative risk value is not the same as either of the claimed path stealthiness value and path hardness value.  Furthermore, Paine failed to discloses any path [hardness] value for each attack path of the set of attack paths within the network, path hardness values being determined based on a state correlation matrix that correlates action states relative to each other, and a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        08/11/2021