Notice of Pre-AIA  or AIA  Status
Claims 1-5 and 11-17 are presented for examination.  A preliminary amendment filed 6/28/19 amended claims 5 & 15-17; and cancelled claims 6-10.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/28/19 has been considered by the Examiner.

Claim Objections
Applicant is advised that should claim 16 be found allowable, claim 17 will be objected to under 37 CFR 1.75 as being a substantial duplicate thereof. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1, 2, 11, & 12 are rejected under 35 U.S.C. 103 as being unpatentable over Qian (Chinese Patent CN 10184160 A) in view of Zhang (Chinese Patent CN 103368979 A).1

Regarding claims 1, 11, 16, and 17:
Qian discloses a method, device, and computer program product on a non-transitory computer readable medium for detecting traffic abnormality in a network, the method comprising: obtaining net flows generated by network monitoring nodes in a set period of time (paragraphs 0034-0035); aggregating, for any one of attributes of the net flows, the net flows at a set interval of time according to the any one of the attributes to generate N number of time sequences for the any one of the attributes (paragraphs 0027-0028 & 0037); determining N number of samples to be detected, corresponding to the net flows according to the N number of time sequences corresponding respectively to each of the attributes, wherein each sample to be detected comprises time sequences corresponding to respective attributes in a same aggregation period of time (paragraphs 0039-0041); and determining a first detection result for the first time sequence according to (N−1) number of dissimilarities in angle corresponding to the first time sequence; and determining whether each sample to be detected is an abnormal data flow, according to a detection result for each time sequence in each sample to be detected (paragraphs 0081-0083).


Regarding claims 2 and 12:
The combination further discloses wherein determining the first detection result for the first time sequence according to the (N−1) number of dissimilarities in angle corresponding to the first time sequence comprises: determining whether a sum of the (N−1) number of dissimilarities in angle corresponding to the first time sequence is greater than a set threshold, and if so, then generating a first detection result that the first time sequence is an abnormal time sequence (Qian, paragraph 0067; Zhang, paragraphs 0021 & 0060); otherwise, generating a first detection result that the first time .

Claims 4, 5, 14, & 15 are rejected under 35 U.S.C. 103 as being unpatentable over Qian in view of Zhang as applied to claims 1 & 11 above, and further in view of Bartos (U.S. Patent 9,985,982).

Regarding claims 4 and 14:
The combination further discloses wherein the method further comprises: classifying the first time sequence corresponding to the first attribute in the first sample to be detected (Qian, paragraphs 0037-0043); determining a second detection result for the first time sequence according to a classification result, wherein if the classification result shows a same class, then the second detection result is that the first time sequence is a normal time sequence (Qian, Ibid.); otherwise, the second detection result is that the first time sequence is an abnormal time sequence (Qian, Ibid.); and weighting and summing up the first detection result and the second detection result to obtain a target detection result for the first time sequence (Qian, paragraphs 0085-
	Neither Qian nor Zhang disclose using a preset one-class Support Vector Machine, SVM, classifier corresponding to the first attribute.  However, Bartos discloses a related invention for detecting abnormalities in network traffic flows comprising this limitation (col. 5, lines 5-25; and col. 8, line 60 – col. 9, line 32).  It would have been obvious prior to the effective filing date of the instant application to employ SVM classifiers into the invention disclosed by Qian and Zhang, as doing so makes optimization during a training session easier (Bartos, col. 9, lines 24-26).

Regarding claims 5 and 15:
The combination further discloses wherein the preset one-class SVM classifier corresponding to the first attribute is generated by: obtaining historical net flows before the set period of time; and aggregating, for the first attribute of the historical net flows, the historical net flows at a set interval of time according to the first attribute to generate N number of time sequences for the first attribute, wherein the first attribute is any one of the attributes of the net flows; and generating the one-class SVM classifier for the first .

Allowable Subject Matter
Claims 3 and 13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Patent Publications 2016/0359872 (Yadav), 2012/0284791 (Miller), 2006/0212942 (Barford), 2003/0236995 (Fretwell), and 2003/0097439 (Strayer).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        2/9/2022


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Both references listed by the Applicant in the IDS filed 6/28/19; English translations have been provided herein.