DETAILED ACTION
	Claims 1-6 and 8-9 are pending. Claim 7 is canceled. This is in response to the application filed on December 10, 2018 which claims priority to a Japanese application filed on December 13, 2017.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-6 and 8-9 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by PG Pub 20170013018 (hereinafter Nakata)

an information processing device comprising: 
 	a memory; and at least one processor coupled to the memory, the processor performing operations (Figs. 1, 19 and par. [0034]-[0037]) disclose the analysis rule adjustment device with memory an d processors performing Intrusion Detection from a log data that comprises information such as "time stamp", "LogSource", "source IP address", "source port number", "destination IP address", and "destination port number", etc.), the operations comprising: 
 	extracting, based on a first data extraction policy being a policy for extracting first processing data to be used for counting a first frequency related to a transmission source from communication data, the first processing data from the communication data; counting, based on a first counting policy being a policy for counting the first frequency relating to the transmission source in the first processing data, the first frequency related to the transmission source in the first processing data (par. [0034]-[0037] and [0045]-[0049] disclose using the analysis rule “the number of appearances of a destination IP address that appears frequently in the malignant log among destination IP addresses with which the arbitrary source IP address communicates and a threshold being ten times in one hour”); and 
 	extracting, based on a first transmission-source extraction policy being a policy for extracting the transmission source and the first frequency, the transmission source (par. [0049] discloses “the analysis rule, there are set a parameter such as the number of communications performed by using a predetermined source port number from an arbitrary source IP address and the number of connections to the same destination wherein the first data extraction policy includes at least the transmission source and a communication time in the communication data, the first counting policy includes at least a period related to counting and data included in the first processing data to be targeted for counting, and the first transmission-source extraction policy includes a threshold value or a range of the first frequency relating to the transmission source to be an extraction target (see claim 1 rejection in view of par. [0048]-[0049]).  	Regarding claim 3, Nakata discloses extracting, from the communication data that includes at least one piece of data that is not included in the first processing data among data included in the communication data and includes the transmission source extracted based on a second data policy being a policy for extracting a second processing data to be used for calculating a frequency related to the transmission source, the second processing data, counting a second frequency related to the transmission source in the second processing data, based on a second counting policy being a policy for counting the second frequency related to the transmission source in the second processing data, and extracting the transmission source, based on a second transmission-source extraction policy being a policy for extracting the transmission source, and the second frequency (See claim 1 rejection and Figs. 5-6, 14-17 and related text. Nakata teaches analysis on the log file based on the rule set by going wherein the operations further comprise extracting, from the communication data that includes at least one piece of data that is not included in the first processing data among data included in the communication data and includes the transmission source extracted based on a second data policy being a policy for extracting the second processing data to be used for calculating a frequency related to the transmission source, the second processing data, and extracting the transmission source, based on a second transmission-source extraction policy being a policy for extracting the transmission source from the second processing data, and the second processing data (see claim 3 rejection; different set of rules with different set of frequencies and associated communication data).  	Regarding claim 5, Nakata discloses wherein the first data extraction policy further includes a destination in the communication data, and the first counting policy includes, as the first frequency, a frequency related to a combination of the transmission source and the destination (as presented in claims 1 and 3 rejections, the analysis comprises set of rules and data for analysis comprises “source IP address and the number of connections to the same destination within a certain period of time”).  	Regarding claim 6, Nakata discloses wherein the first data extraction policy further includes a destination in the communication data, and the second transmission-source extraction policy includes a policy for extracting the transmission source executing predetermined transmission to the destination responding to the transmission source (see claims 3-5 rejections for different set analysis rules based on different set of frequency thresholds and associated data such as source/destination addresses among other information).

	Regarding claims 8-9, they are rejected in view of claim 1.

Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 
/TRI M TRAN/Primary Examiner, Art Unit 2432