DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Objections
Claims 5 and 16 contain:
a term " blacklisted visitor" in line 3, which should read "a blacklisted visitor". 
a term "probability of the visitor solving captcha when blacklisted" in line 5, which should read "a probability of the visitor solving captcha when blacklisted".
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 5-10 and 16-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claims 5 and 16, 
limitation “determine blacklist size of this size” is ambiguous because it is unclear the meaning of “this size”.  
Regarding claims 8 and 19, the first term “the total number of visitors” is lack of antecedent basis. 
Dependent claims 6-10 and 17-21 are also rejected for inheriting the deficiencies of the independent claims from which they depend on.

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 10 and 21 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.
Claims 10 and 21 are improper dependent claims because it doesn’t further limit the claim it depends from. Instead, it requires both the Business Limit per Day (BLpD) and the number of iterations to occur per day (NpD) factors which only one of the factor is claimed in the parent claims 6 and 17. respectively.  It extend the scope of claims 6 and 17. Therefore, it is rejected under 35 U.S.C. 112(d). 
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 11-12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Xie et al. (Pub. No.: US 2010/0313264, hereinafter Xie) in view of Kar et al. (Pub. No.: US 2019/0058719, hereinafter Kar).
Regarding claim 12: Xie discloses:
a processing circuitry (Xie - [0102]: Fig. 11, at least one processing unit 1102); and
a memory (Xie - [0102]: Fig. 11, memory 1104), the memory containing instructions that, when executed by the processing circuitry, configure the system to:
determine, based on the at least one detected anomaly, a number of visitors to be blacklisted (Xie - [0096]: At 1050, a blacklist 940 may be generated using information pertaining to the seed 915 malicious events, the tracked user groups 920. The blacklist 940 is a tracklist. The tracklist 940 comprises information about IP addresses to block and information); and
store the determined number of visitors to be blacklisted to the memory (Xie - [0096]: Using the information of the tracklist 940, malicious activities are blocked 950 and normal (i.e., non-malicious) activities are allowed (e.g., let through) 955).
However Xie doesn’t explicitly teach, but Kar discloses:
receive unlabeled data regarding a visitor of a web source (Kar - [0074]: transactional data associated with one or more transactions between one or more users is retrieved. [0040]: the anomaly detection subsystem 104 may be accessed through a web address via the terminal device 106);
group the received unlabeled data with similar characteristics into a group of data (Kar - [0079]: At step 810, one or more first level data clusters are generated based on the data set and the transactional attributes);
detect, based on the group of data, at least one anomaly (Kar - [0081]: At step 814, anomaly detection values are generated based on the generated first level data clusters, the datatype and one or more behavioural parameters derived from the data clusters);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Xie with Kar so that the unlabeled data is clustered and anomaly is detected based on the cluster. The modification would have allowed the system to detect anomaly based on data cluster. 
Regarding claim 15: Xie as modified discloses wherein the system is further configured to:
block each visitor added to the blacklist (Xie - [0096]: The IP addresses on the tracklist 940 are blocked pursuant to the rules at 1060).
Regarding claims 1 and 4: Claims are directed to method and do not teach or further define over the limitations recited in claims 12 and 15. Therefore, claims 1 and 4 are also rejected for similar reasons set forth in claims 12 and 15. 
Regarding claim 11: The limitations of claim 11 are substantially similar to the limitations of claim 12, thus it is interpreted and rejected for the reasons set forth above in the rejection of claim 12.

Claims 2-3 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Xie et al. (Pub. No.: US 2010/0313264, hereinafter Xie) in view of Kar et al. (Pub. No.: US 2019/0058719, hereinafter Kar) and SHUMPERT (Pub. No.: US 2016/0342903).
Regarding claims 2 and 13: Xie as modified doesn’t explicitly teach but SHUMPERT discloses wherein the system is further configured to:
save the detected at least one anomaly (SHUMPERT - [0061]: If the anomaly is confirmed as being new (in step S420), then the knowledgebase 514 is updated (step S422)) further comprises:
any one of a conceptual drift, or a clustering of the group of data in a database (SHUMPERT - [0034]: the knowledgebase is updated with information about the respective instance), 
wherein the concept drift is a change in a relationship between input and output over a predetermined period of time (SHUMPERT - [0098]: the centroid calculations use a weighted mean of the assigned cluster instances that are received over time. This not only increases the accuracy of the predictions as more clusters are discovered, but it is also beneficial when dealing with the concept drift that machines exhibit over time).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Xie and Kar with SHUMPERT so that the anomaly instance information is saved in the knowledgebase and concept drift that exhibited over time is obtained. The modification would have allowed the system to increases the accuracy of the predictions as more clusters are discovered (SHUMPERT - [0098]).
Regarding claims 3 and 14: Xie as modified doesn’t explicitly teach but SHUMPERT discloses wherein the system is further configured to:
provide feedback to an adaptive learning component to train a bot detection component (SHUMPERT - [0064]: Using the unsupervised prediction techniques described below, some instances eventually will be flagged as potentially anomalous and sent for review. Once confirmed or denied, that information is fed back, and this step is repeated with the newly classified (and thus labeled) data).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Xie and Kar with SHUMPERT so that feedback is provided for potential anomalous or normal instances. The modification would have allowed the system learning model to learn to discriminate between the various classes of operation (SHUMPERT - [0064]).

Allowable Subject Matter
Claims 5-10 and 16-21 are objected to as being dependent upon a rejected base claim, but would be allowable if the 112b and 112d rejection, set forth in this Office action, are overcome and if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The reason for allowance will be furnished upon allowance of the application.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Dodson et al. (Pub. No.: US 2018/0314835) - Anomaly And Causation Detection In Computing Environments
Urmanov et al. (Pub. No.: US 2018/0322363) - MULTI-DISTANCE CLUSTERING
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437