DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is in response to the communications and remarks filed on 10/5/2021. Claims 1 and 5-24  are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 12-13, filed 10/5/2021, regarding the objection to the specification have been fully considered and are persuasive. The objection has been withdrawn in view of the amended specification.
Applicant's arguments, see pages 12-13, filed 10/5/2021, regarding the 101 rejection of Claim 15, have been fully considered and are persuasive. The rejection has been withdrawn in view of the amended claim.
Applicant's arguments, see pages 12-13, filed 10/5/2021, regarding the 103 rejections of Claims 1-15, have been fully considered and are persuasive. The rejection has been withdrawn and the claims are now in condition for allowance.


Allowable Subject Matter
Claims 1 and 5-24 are allowed.
The following is an examiner’s statement of reasons for allowance:
Regarding Claims 1, 14, and 15, although the closest prior art of record (such as Sanders et al., (US 20160048683 A1), Kindlund et al., (US 9565202 B1), Alme et al., (US 20100115620 A1), Tang et al., (US 20130104230 A1), Su et al., (US 8424091 B1), and Sargent (US 20080250128 A1)) teaches A system, comprising: a processor configured to: execute a potentially malicious sample and record one or more network activities associated with the executing of the potentially malicious sample; compare at least some of the recorded network activities to a previously generated malware profile, wherein the malware profile comprises a set of network activities taken by a known malicious application during execution of the known malicious application; and assign a malicious verdict to the potentially malicious sample based at least in part on a determination that the recorded network activities match the malware profile; and a memory coupled to the processor and configured to provide the  processor with instructions.
However, none of the prior art, alone or in combination teaches wherein the malware profile is generated at least in part by abstracting a capture of network traffic associated with the execution of the known malicious application into the set of network activities taken by the known malicious application, wherein the abstracting includes aggregating raw network packets into request-response pairs, and wherein the abstracting further includes correlated source and destination packets in view of other limitations of the independent claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J STEINLE/Primary Examiner, Art Unit 2497