DETAILED ACTION
Claims 1-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Rigel Menard (Reg. No. 66520) on February 11, 2022.
The application has been amended as follows: 

1.	(Currently Amended) A method performed by hardware processing circuitry, comprising:
obtaining a first time series of operational parameter values of a device attached to a network;
comparing the operational parameter values of the first time series to a first parameter value range and a second parameter value range;
determining, based on the comparing, that the operational parameter values of the first time series are within the first parameter value range;
based on the determining, selecting, from a plurality of distributions, a first distribution;
comparing the first time series to the selected first distribution; 
 the first time series, a first probability at which values of the operational parameter values in the first time series occur in the selected first distribution;
determining, based on the first probability, a likelihood of a brute force attack on the network; 
based on the first time series, adjusting a boundary between the first parameter value range and the second parameter value range resulting in at least one of an updated first parameter value range or an updated second parameter value range; and
determining, based on the updated first parameter value range or the updated second parameter value range

5.	(Currently Amended) The method of claim 1, wherein the adjusting of the boundary comprises updating a threshold value            
                 
                
                    
                        τ
                    
                    
                        p
                    
                
            
         defining the boundary between the first parameter value range and the second parameter value range,             
                
                    
                        τ
                    
                    
                        p
                    
                
            
          defined according to:
            
                
                    
                        τ
                    
                    
                        p
                    
                
                :
                =
                E
                [
                Y
                |
                Y
                >
                
                    
                        Q
                    
                    
                        p
                        -
                        1
                    
                
                ]
            
        
where:
E[] is an expected value function,
Y is the first time series,
tp is [[a]]the threshold value between the first parameter value range and the second parameter value range or the updated first parameter value range and the updated second parameter value range, and
Qp is a qth quantile of a negative binomial distribution.

6.	(Currently Amended) The method of claim 1, wherein the adjusting of the boundary further comprises updating parameters defining the first distribution

7.	(Currently Amended) The method of claim [[1]]6, wherein the parameters are updated via exponential smoothing and a grid of smoothing weights.

first distribution is updated according to:
ɸt+𝝐 = gɸ-1[ɳt+𝝐],
where:
ɸt+𝝐 	is the updated parameter,
gɸ 	is a link function for a parameter ɸ,
            
                
                    
                        η
                    
                    
                        t
                        +
                        ϵ
                    
                
                 
                =
                 
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
                *
                
                    
                        M
                    
                    
                        Φ
                    
                
                [
                
                    
                        y
                    
                    
                        t
                        +
                        ϵ
                    
                
                |
                
                    
                        η
                    
                    
                        t
                    
                
                ]
                +
                (
                1
                -
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
                )
                *
                
                    
                        η
                    
                    
                        t
                    
                
                 
            
        ,

where:
            
                
                    
                        M
                    
                    
                        Φ
                    
                
            
        	is a central moment corresponding to the parameter ɸ,
            
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
            
        	is a smoothing weight,
ɳt	is gɸ[ɸt], and
            
                
                    
                        y
                    
                    
                        t
                        +
                        ϵ
                    
                
            
        	is a sample value included in the first time series. 

9.	(Currently Amended) The method of claim 1, further comprising:
determining a second time series for second operational parameter values of the device;
selecting, based on the second time series, a second distribution;

determining, based on the  the second time series, a second probability at which second values in the second time series occur in the selected second distribution;
applying Fisher’s method to the first probability and the second probability; and
based on the applying, generating a combined indicator of anomaly, wherein the determining of the likelihood of the brute force attack is further based on the combined indicator.

10.  (Currently Amended) A system, comprising:
hardware processing circuitry;
one or more hardware memories storing instructions that when executed configure the hardware processing circuitry to perform operations comprising:
obtaining a first time series of operational parameter values of a device attached to a network;
operational parameter values of the first time series to a first parameter value range and a second parameter value range;
determining, based on the comparing, that the operational parameter values of the first time series are within the first parameter value range;
based on the determining, selecting, from a plurality of distributions, a first distribution;
comparing the first time series to the selected first distribution; 
determining, based on the comparing the first time series, a first probability at which values of the operational parameter values in the first time series occur in the selected first distribution;
determining, based on the first probability, a likelihood of a brute force attack on the network; 
based on the first time series, adjusting a boundary between the first parameter value range and the second parameter value range resulting in at least one of an updated first parameter value range or an updated second parameter value range; and
determining, based on the updated first parameter value range or the updated second parameter value range

14.  (Currently Amended) The system of claim 10, wherein the adjusting of the boundary comprises updating a threshold value            
                 
                
                    
                        τ
                    
                    
                        p
                    
                
            
         defining the boundary between the first parameter value range and the second parameter value range,             
                
                    
                        τ
                    
                    
                        p
                    
                
            
          defined according to:
            
                
                    
                        τ
                    
                    
                        p
                    
                
                :
                =
                E
                [
                Y
                |
                Y
                >
                
                    
                        Q
                    
                    
                        p
                        -
                        1
                    
                
                ]
            
        
where:
E[] is an expected value function,
Y is the first time series,
tp is [[a]]the threshold value between the first parameter value range and the second parameter value range or the updated first parameter value range and the updated second parameter value range, and
Qp is a qth quantile of a negative binomial distribution.

distribution

16.  (Currently Amended) The system of claim [[10]]15, wherein the parameters are updated via exponential smoothing and a grid of smoothing weights.

17.  (Currently Amended) The system of claim 16, where at least one parameter of the first distribution is updated according to:
ɸt+𝝐 = gɸ-1[ɳt+𝝐],
where:
ɸt+𝝐 	is the updated parameter,
gɸ 	is a link function for a parameter ɸ,
            
                
                    
                        η
                    
                    
                        t
                        +
                        ϵ
                    
                
                 
                =
                 
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
                *
                
                    
                        M
                    
                    
                        Φ
                    
                
                [
                
                    
                        y
                    
                    
                        t
                        +
                        ϵ
                    
                
                |
                
                    
                        η
                    
                    
                        t
                    
                
                ]
                +
                (
                1
                -
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
                )
                *
                
                    
                        η
                    
                    
                        t
                    
                
                 
            
        ,

where:
            
                
                    
                        M
                    
                    
                        Φ
                    
                
            
        	is a central moment corresponding to the parameter ɸ,
            
                
                    
                        
                            
                                α
                            
                            ~
                        
                    
                    
                        θ
                    
                
            
        	is a smoothing weight,
ɳt	is gɸ[ɸt], and
            
                
                    
                        y
                    
                    
                        t
                        +
                        ϵ
                    
                
            
        	is a sample value included in the first time series. 

19.  (Currently Amended) The system of claim 18, wherein the first distribution is included in the finite mixture of distributions.

20.  (Currently Amended) A non-transitory computer readable storage medium comprising instructions that when executed configure hardware processing circuitry to perform operations, comprising:
obtaining a first time series of operational parameter values of a device attached to a network;
comparing the operational parameter values of the first time series to a first parameter value range and a second parameter value range;
operational parameter values of the first time series are within the first parameter value range;
based on the determining, selecting, from a plurality of distributions, a first distribution;
comparing the first time series to the selected first distribution; 
determining, based on the comparing the first time series, a first probability at which values of the operational parameter values in the first time series occur in the selected first distribution;
determining, based on the first probability, a likelihood of a brute force attack on the network; 
based on the first time series, adjusting a boundary between the first parameter value range and the second parameter value range resulting in at least one of an updated first parameter value range or an updated second parameter value range; and
determining, based on the updated first parameter value range or the updated second parameter value range

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “obtaining a first time series of operational parameter values of a device attached to a network; comparing the operational parameter values of the first time series to a first parameter value range and a second parameter value range; determining, based on the comparing, that the operational parameter values of the first time series are within the first parameter value range; based on the determining, selecting, from a plurality of distributions, a first distribution; comparing the first time series to the selected first distribution; determining, based on the comparing the first time series, a first probability at which values of the operational parameter values in the first time series occur in the selected first distribution; determining, based on the first probability, a likelihood of a 
The following is considered to be the closest prior art of record:
Momot (US 2016/0004580) – teaches gather historical data for the number of crash events during specific time periods. A Poisson cumulative density function is used to determine the probability and likelihood that a brute force attack is occurring. However, Momot does not specifically teach “comparing the operational parameter values of the first time series to a first parameter value range and a second parameter value range; determining, based on the comparing, that the operational parameter values of the first time series are within the first parameter value range; based on the determining, selecting, from a plurality of distributions, a first distribution” or “based on the first time series, adjusting a boundary between the first parameter value range and the second parameter value range resulting in at least one of an updated first parameter value range or an updated second parameter value range; and determining, based on the updated first parameter value range or the updated second parameter value range, a second likelihood of a brute force attack" as currently claimed.
Khi (US 2019/0171825) – teaches preventing brute force attacks.
Apap (US 7913306) – teaches using a consistency check to check for anomalies.
Ray (US 5046846) – teaches comparing the current data to historical data using a mathematical model.
Li (US 8230262) – teaches analyzing data for a specific time period.
Tuvell (US 9009818) – teaches detecting the likelihood that something has occurred.
Bolzoni (US 2014/0090054) – teaches using a detection model to detect anomalies.
However, the limitations of “comparing the operational parameter values of the first time series to a first parameter value range and a second parameter value range; determining, based on the comparing, that the operational parameter values of the first time series are within the first parameter value range; based on the determining, selecting, from a plurality of distributions, a first distribution” and “based on the first time series, adjusting a boundary between the first parameter value range and the second parameter value range resulting in at least one of an updated first parameter value range or an updated second parameter value range; and determining, based on the updated first parameter value range or the updated second parameter value range, a second likelihood of a brute force attack" in combination with the rest of the claimed limitations cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are 
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/John B King/
Primary Examiner, Art Unit 2498