DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/29/2021, 9/30/2021 and 02/25/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Drawings
	The drawings filed on November 27, 2019 are accepted. 

Specification
	The specification filed November 27, 2019 is accepted.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-9 and 15-16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Stapleton et al. US 10,045,218 B1 [hereinafter Stapleton].

As pe claims 1, 15 and 16, Stapleton teaches a computer-implemented method for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network, the method comprising: 
retrieving at least one network data traffic sample (i.e., sample call data, column 3, lines 9-16); 
determining one or more feature-associated anomaly scores (i.e., categorical and continuous scores, column 3, line 59-column 4, line 12]; 
determining feature importance for each feature of a feature-associated anomaly score [column 8, lines 59-67]; and 
classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance [column 8, line 59-67 and claims 1 & 7].
	
	As per claim 2, Stapleton further teaches the method wherein at least one feature is representative of inbound and/or outbound traffic between devices in the first part of the network and devices in the second part of the network [column 9, lines 20-22].

	As per claim 3, Stapleton further teaches the method wherein the classifying comprises ranking the one or more anomalies in relation to one another based on a combination of an anomaly score and feature importance [column 8, line 59-column 9, line 13].

	As per claim 4, Stapleton further teaches the method wherein the feature-associated anomalies are determined by applying a forest model comprising a collection of detection trees [column 7, lines 1-21].

	As per claim 5, Stapleton further teaches the method further comprising activating an alarm when the determined anomaly score is above a predetermined anomaly score threshold [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

	As per claim 6, Stapleton further teaches the method further comprising activating the alarm when the feature importance surpasses a predetermined feature importance value [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

	As per claim 7, Stapleton further teaches the method further comprising adjusting the anomaly score threshold based on the determined feature importance [column 16, lines 1-3].

	As per claim 8, Stapleton further teaches the method further comprising triggering automatic collection of further information to determine cause of the alarm, wherein automatic collection of further information comprises retrieval of node logs and/or packet tracing [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

. 

Allowable Subject Matter
Claims 10-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435