DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The Amendment filed 10/18/2021 has been entered. Claims 1-3, 5-13, 15-18 and 20-23 are pending in this application.

Applicant's arguments with respect to claims 21-23 rejection under 35 U.S.C 103 have been fully considered and persuasive. The rejection has been withdrawn.


Allowable Subject Matter

Claims 1-3, 5-13, 15-18 and 20-23 are allowed.	
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, Carver et al. (U.S Pub No. 2015/0365438 A1, referred to as Carver), Vasseur et al. (U.S Pub No. 2016/0028764 A1, referred to as Vasseur) and Amsler (U.S Pub No. 2014/0201836A1, referred to as Amsler).

Carver discloses methods for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.

Vasseur discloses a method for mitigating the success of an attack. The method includes attack traffic corresponding to a detected DoS attack from one or more attacker nodes is received at a denial of service (DoS) attack management node in a network. The DoS attack management node determines attack information relating to the attack traffic, including a type of the DoS attack and an intended target of the DoS attack. Then, the DoS attack management node triggers an attack mimicking action based on the attack information, where the attack mimicking action mimics a behavior of the intended target of the DoS attack that would be expected by the one or more attacker nodes if the DoS attack were successful.

Amsler discloses a risk assessment and managed security system for network users provides security services for dealing with formidable cyber threats, malware creations and phishing techniques. Automated solutions in combination with human-driven solutions establish an always-alert positioning for incident anticipation, mitigation, discovery and response.

However, regarding claims 1 and 16, the prior art of Carver, Vasseur and Amsler when taken in the context of the claim as a whole do not disclose nor suggest, “presenting the security incident as compared to the defined cyber adversary objective and the related technique matched to the security incident on a security attack graph.”.

Regarding claim 11, the prior art of Carver, Vasseur and Amsler when taken in the context of the claim as a whole do not disclose nor suggest, “present the security incident as compared to the defined cyber adversary objective and the related technique matched to the security incident on a security attack graph.”.

Regarding claims 21 and 23, the prior art of Carver, Vasseur and Amsler when taken in the context of the claim as a whole do not disclose nor suggest, “performing a set of mitigation actions on the computer network based on the matching of the security incident corresponding to the attack on the computer network to the defined cyber adversary objective and the related technique.”.

Regarding claim 22, the prior art of Carver, Vasseur and Amsler when taken in the context of the claim as a whole do not disclose nor suggest, “perform a set of mitigation actions on the computer network based on matching the security incident corresponding to the attack on the computer network to the defined cyber adversary objective and the related technique.”.

Claims 2-3 and 5-10 depend on claim 1, claims 12-13 and 15 depend on claim 11, and claims 17-18 and 20 depend on claim 16, and are of consequence allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 





/HASSAN SAADOUN/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435