DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 11/29/2019.
Status of claims in the instant application:
Claims 1-14 are pending. Examiner suggests all “(..)” be removed from claim language.
Priority
The instant application claims priority to “INDIA 201941011135 filed on 03/22/2019”
Information Disclosure Statement
Information Disclosure Statements (IDS) filed on 04/28/2021 have been considered, and a signed copies of the IDS forms have been attached to this office action.
Drawings
Drawings filed on 11/29/2019 have been inspected, and it’s in compliance with MPEP 608.02.
Specification
Specification filed on 11/29/2019 has been inspected and it’s in compliance with MPEP 608.01.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2015/0058993 A1 to Choi et al. (hereinafter “Choi”) in view of Pub. No.: US 2015/0033340 A1 to Giokas (hereinafter “Giokas”).
Regarding Claim 1. Choi discloses A method for predicting an attack path in a computer network, the computer network comprising a plurality of connected nodes (Choi, Abstract, FIG. 18: … A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration …), the method comprising:
receiving, by an attack path prediction system (101), static [and dynamic] data associated with a source node attacked in the computer network (105) from an attack detection system (103), wherein the static [and dynamic] data comprises information regarding the source node and one or more vulnerabilities associated with the source node (Choi, Para [0012-0014]: … The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker … The illustrative embodiments also provide for another computer-implemented method. The method includes a computer accessing a configuration of a network and the computer determining dependencies between security vulnerabilities associated with nodes in the network. The method also includes the computer ranking the security vulnerabilities based on statistical probabilities applied to the dependencies and combined with qualitative attributes associated with nodes in the network. The method also includes the computer applying an ordered weighted average algorithm to the ranked security vulnerabilities. The method also includes the computer determining at least one network attack path based on application of the ordered weighted average algorithm … The illustrative embodiments also provide a system for discovering network attack paths …);
However, Choi does not explicitly teach, but Giokas from same or similar field of endeavor teaches, “dynamic data (Giokas, Para [0030, 0056]: … In some embodiments, the plurality of sources include a common vulnerabilities and exposures list. In some embodiments, the sources include a dynamic list maintained by one or more vendors … Management of the machine farm 38 may be de-centralized. For example, one or more servers 106 may comprise components, subsystems and modules to support one or more management services for the machine farm 38. In one of these embodiments, one or more servers 106 provide functionality for management of dynamic data …)”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Giokas into the  Choi, because it discloses that “systems and methods of the present disclosure provide a self-tuning network intrusion detection and prevention system, which is designed to automatically adapt to current threats to the network (Giokas, Para [0002])”.
Choi further discloses:
“obtaining, by the attack path prediction system (101), static and dynamic risk attributes of one or more vulnerabilities associated with one or more target nodes reachable from the source node in the computer network (105) (Choi, Para [0012-0014]: … The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker … The method also includes the computer ranking the security vulnerabilities based on statistical probabilities applied to the dependencies and combined with qualitative attributes associated with nodes in the network …);
calculating, by the attack path prediction system (101), a likelihood score for each of the one or more vulnerabilities associated with the one or more target nodes in relation to each of the one or more vulnerabilities associated with the source node based on the static and dynamic risk attributes (Choi, Para [0056, 0071, 0076-0079], FIGs. 6-8: … node 112 and node 116 may have some type of relationship or interdependency such that a risk bearing on node 112 is contingent upon node 116 in some manner. If a first event must occur in association with node 116 in order for a second event to occur to node 112 but the second event can occur to node 114 without contingency, then the absolute weights of the risk of second event to node 112 and node 114 are not the same. Bayesian probability model 124 applies probabilities to risks of vulnerabilities being realized based on dependencies between risks, including multiple dependencies and involvement of more than two of node 112, node 114, and node 116 in the calculation … FIG. 4 also includes new attack graph 428 which may graphically present output of numerous iterations or cycles of the workflow depicted in FIG. 4. For each of node 404, node 406, node 408, node 410, node 412, and node 414, the workflow depicted in FIG. 4 may calculate likelihood that the particular node will be an object of attack from a person, organization, or other entity. New attack graph 428 may provide rankings of node 404, node 406, node 408, node 410, node 412, and node 414 in order of vulnerability to a possible attack …);
 calculating, by the attack path prediction system (101), a prediction score for each of the one or more vulnerabilities associated with the one or more target nodes based on corresponding likelihood score and the static and dynamic risk attributes (Choi, Para [0062-0065]: … Method 200 may begin as the process may generate, using a computer, scoring system results based on analysis of vulnerabilities of nodes in a network configuration (operation 202). Next, the process may apply, using the computer, Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes (operation 204). Next, the process may apply, using the computer, a weight-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker (operation 206) … CVSS Knowledge Base 322 may contain scoring results about vulnerabilities of devices or nodes that may described in network attributes 320 … CVSS Knowledge Base 322 may be combined with Bayesian Net 324 and operating attributes 326 in a similar manner as scoring results 122 are combined with Bayesian probability model 124 and qualitative data 126 are combined in system 100. The combination of CVSS Knowledge Base 322 with Bayesian Net 324 and operating attributes 326 is then provided to OWA Fusion/Aggregation 304 wherein risks associated with components of network attributes 320, for example nodes, are ranked in order of their likelihood of attack. The ranking is provided in aggregated attack graph 328 …); and
predicting based on the prediction score, by the attack path prediction system (101), the attack path between the source node and the one or more target nodes in the computer network (105) (Choi, Para [0013]: … The illustrative embodiments also provide for another computer-implemented method. The method includes a computer accessing a configuration of a network and the computer determining dependencies between security vulnerabilities associated with nodes in the network. The method also includes the computer ranking the security vulnerabilities based on statistical probabilities applied to the dependencies and combined with qualitative attributes associated with nodes in the network. The method also includes the computer applying an ordered weighted average algorithm to the ranked security vulnerabilities. The method also includes the computer determining at least one network attack path based on application of the ordered weighted average algorithm …).”
Regarding Claim 2. The combination of Choi-Giokas discloses the method as claimed in claim 1, Choi further discloses, “wherein the static risk attributes comprises predefined Common Vulnerability Scoring System score (CVSS) (Choi, Para [0053, 0064-0070]: … system drawn upon for purposes of receiving scoring result 122 may be the Common Vulnerability Scoring System (CVSS). The Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of vulnerabilities of various systems, including network 110 and its component node 112, node 114, and node 116. The Common Vulnerability Scoring System may establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts to mitigate risks may be prioritized. Scoring results 122 may be based on a series of measurements (called metrics) based on expert assessment … CVSS Knowledge Base 322 may contain scoring results about vulnerabilities of devices or nodes that may described in network attributes 320 …).”
Regarding Claim 3. The combination of Choi-Giokas discloses the method as claimed in claim 1, Giokas further discloses, “wherein the dynamic risk attributes comprises a correlation score, attacker skill indicator and topological impact on node (Choi, Para [0088-0089]: … the network security tool of the present disclosure can automatically implement a plan of action to address findings of the VA tool. For example, the network security tool can provide context and coherence with regard to maintenance, ground, and sound structuring of network defense information by dynamically assessing vulnerabilities in context with a current a network and by taking into account settings of the underlying infrastructure of the examined network and the actual risk posed by the identified vulnerabilities … the network security tool can obtain, identify, or collect security information related to vulnerabilities, exploits and IDS/IPS signatures. The tool can collect security information related to vulnerabilities, exploits and IDS/IPS signatures from a large number of sources (Web, mailing lists, hacking websites, security systems, vulnerability scanning reports, specific tools like SNORT of CISCO Corporation of San Jose, Calif.), and store them in one or more databases. The tool may then normalize the vulnerability information (e.g. redundant data may be de-duplicated) and correlate the vulnerability information with relative exploit code or IDS/IPS signatures. When the tool 120 parses a report from a VA tool (e.g., Open Vulnerability Assessment System ("OpenVAS") which is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution), the tool can identify current vulnerabilities. In some embodiments, the tool may construct the attack and response paths for the identified vulnerabilities using Topological Vulnerability Analysis techniques, score one or more (some or all) identified vulnerability using a Common Vulnerability Scoring System from 0 to 10 (e.g., CVSSv2 which is an industry standard for assessing the severity of computer system vulnerabilities and maintained by the National Infrastructure Advisory Council of the United States of America) and provide the IDS/IPS signature(s) required to confront this particular attack. Thus, the tool can used as a proactive security mechanism (e.g. during the vulnerability analysis of a network infrastructure) and as an ongoing, continuous self-tuning mechanism. Moreover the tool can be used for efficiently and effectively tuning the IDS systems according to the unique security requirements of the network infrastructure …)”.
The motivation to further combine Giokas remains same as in claim 1.
Regarding Claim 4. The combination of Choi-Giokas discloses the method as claimed in claim 1, Choi further discloses, “wherein the likelihood score for each of the one or more vulnerabilities is calculated based on a corresponding correlation score and a Common Vulnerability Scoring System score (CVSS) (Choi, Para [0064-0065]: … CVSS Knowledge Base 322 may contain scoring results about vulnerabilities of devices or nodes that may described in network attributes 320. Bayesian Net 324 may provide probabilities such that dependencies among risks are considered … CVSS Knowledge Base 322 may be combined with Bayesian Net 324 and operating attributes 326 in a similar manner as scoring results 122 are combined with Bayesian probability model 124 and qualitative data 126 are combined in system 100. The combination of CVSS Knowledge Base 322 with Bayesian Net 324 and operating attributes 326 is then provided to OWA Fusion/Aggregation 304 wherein risks associated with components of network attributes 320, for example nodes, are ranked in order of their likelihood of attack. The ranking is provided in aggregated attack graph 328 …).”
Regarding Claim 5. The combination of Choi-Giokas discloses the method as claimed in claim 4, Choi further discloses, “wherein the correlation score for each of the one or more vulnerabilities is calculated based on number of attack intention common Choi, Para [0057-0058, 0074]: … System 100 also includes qualitative data 126 that aggregated with the scoring results 122 and the Bayesian probability model 124 … Qualitative data 126 may include threat evaluation factors such as centrality. Centrality may be expressed in terms of degrees of centrality of at least one node 112, node 114, and node 116 associated with security vulnerabilities. Centrality may include degree centrality including indegree centrality and outdegree centrality. Other factors associated with centrality include betweenness and closeness of node 112, node 114, and node 116 as well as Eigenvector centrality. Systems and methods provided herein account for betweenness centrality of node 112, node 114, and node 116 as a risk factor … Betweenness centrality quantifies the number of times node 112 acts as a bridge along the shortest path between two other node 114 and node 116. Assortativity is a preference for at least one of node 112, node 114, and node 116 to attach to other nodes that may be similar in some way. Systems and methods provided herein account for assortative mixing of node 112, node 114, and node 116 … Factor Integration 510 includes combining Vulnerability Factors 522, Centrality Factors 524, and Known Threat Factors 526 and sends the combined factors to Factor to Link Mapping 528. At Factor to Link Mapping 528, threat evaluation factors are determined at links between individual nodes …).”
Regarding Claim 6. The combination of Choi-Giokas discloses the method as claimed in claim 1, Choi further discloses, “wherein the prediction score for each of the one or more vulnerabilities is calculated based on the corresponding likelihood score and a corresponding Common Vulnerability Scoring System score (CVSS) (Choi, Para [0065]: … CVSS Knowledge Base 322 may be combined with Bayesian Net 324 and operating attributes 326 in a similar manner as scoring results 122 are combined with Bayesian probability model 124 and qualitative data 126 are combined in system 100. The combination of CVSS Knowledge Base 322 with Bayesian Net 324 and operating attributes 326 is then provided to OWA Fusion/Aggregation 304 wherein risks associated with components of network attributes 320, for example nodes, are ranked in order of their likelihood of attack. The ranking is provided in aggregated attack graph 328 …).”
Regarding Claim 7. The combination of Choi-Giokas discloses the method as claimed in claim 1, Choi further discloses, “further comprising generating an attack path graph in the computer network (105) based on the prediction score (Choi, Para [0071]: … FIG. 4 also includes new attack graph 428 which may graphically present output of numerous iterations or cycles of the workflow depicted in FIG. 4. For each of node 404, node 406, node 408, node 410, node 412, and node 414, the workflow depicted in FIG. 4 may calculate likelihood that the particular node will be an object of attack from a person, organization, or other entity. New attack graph 428 may provide rankings of node 404, node 406, node 408, node 410, node 412, and node 414 in order of vulnerability to a possible attack. New attack graph 428 presents output which may promote a security analyst, network manager, or other interested and informed professional to make decisions about risk mitigation action for network 402 …).”
Regarding Claim 8. This is a system claim corresponding to method claim 1 and contains all the same or similar limitation as claim 1, hence similarly rejected as claim 1.
**** Note: Choi also discloses “The illustrative embodiments also provide a system for discovering network attack paths. The system includes a processor and a memory connected to the processor, the memory storing program code which, when executed by the processor, performs a computer-implemented method (Choi: Para [0014])”
Regarding Claim 9. This is a system claim corresponding to method claim 2 and contains all the same or similar limitation as claim 2, hence similarly rejected as claim 2.
Regarding Claim 10. This is a system claim corresponding to method claim 3 and contains all the same or similar limitation as claim 3, hence similarly rejected as claim 3.
Regarding Claim 11. This is a system claim corresponding to method claim 4 and contains all the same or similar limitation as claim 4, hence similarly rejected as claim 4.
Regarding Claim 12. This is a system claim corresponding to method claim 5 and contains all the same or similar limitation as claim 5, hence similarly rejected as claim 5.
Regarding Claim 13. This is a system claim corresponding to method claim 6 and contains all the same or similar limitation as claim 6, hence similarly rejected as claim 6.
Regarding Claim 14. This is a system claim corresponding to method claim 7 and contains all the same or similar limitation as claim 7, hence similarly rejected as claim 7.
Pertinent Prior Arts: The following prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
	PGPUB US 20160205122 A1, Bassett: Bassett discloses a method for analyzing computer network security. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.
	The invention relates generally to a method for cyber-security analysis based on human behavior.
	PGPUB US 20170286690 A1, Chari et al.: Chari discloses generation of an attack graph. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics 
	This disclosure relates generally to attack graphs and more specifically to calculating a risk to a set of sensitive data objects, which correspond to a regulated service provided by a set of components comprising the regulated service, based on automatically generating a data-centric attack graph of nodes representing the set of components and propagating risk scores to related components along edge paths in the attack graph connecting related components.
	PGPUB US 20170048266 A1, Hovor et al.: Hovor discloses methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and 
	PGPUB US 20180048669 A1, LOKAMATHE et al.: LOKAMATHE discloses systems and methods of the present disclosure provide comprehensive risk assessment in a heterogeneous dynamic network. The framework enables `view` and `analyses` of complete architecture simultaneously in information view, deployment view, business view and security view. Fundamentally, data pertaining to information flow between a plurality of nodes within systems in a network is identified. One or more affected nodes or paths therebetween are identified and attack risk is computed. The graph based framework supports multiple threat models for threat evaluation. It also provides mitigation plans which will reflect reduced risk in the business view and incorporates attack tree simulations to evaluate dynamic behavior of a system under attack.
The embodiments herein generally relate to modeling and analysis of cybersecurity threats in a network, and more particularly to systems and methods for risk assessment in a heterogeneous dynamic network.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434