DETAILED ACTION
This office action is in response to the application filed on 01/31/2020. Claims 1-20 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notes on Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 


(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “data resource configured to”, in claims 1 and 15.  
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 1 and 15 are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

The Structure and description of such a system is being illustrated by drawing FIG. 1, item 114 and at least description paragraphs [0025].

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) 

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, Taylor et al. (U.S Pub No. 2017/0195353 A1, referred to as Taylor), Gopalakrishna (U.S Pub No. 2018/0198821 A1, referred to as Gopalakrishna) and Ma et al. (U.S Pub No. 2018/0159895 A1, referred to as Ma).

Taylor discloses a method for detecting malicious network traffic are disclosed. According to one method, the method includes caching network traffic transmitted between a client and a server, wherein the network traffic includes a uniform resource locator (URL) for accessing at least one file from the server. The method also includes determining whether the at least one file is suspicious. The method further includes in response to determining that the at least one file is suspicious, determining whether the at least one file is malicious by replaying the network traffic using an emulated client and an emulated server.

 Gopalakrishna discloses a method for a cyber-vaccination technique. In various implementations, the cyber-vaccination technique includes using a network device that is infected by a malware program to determining a marker generated by the malware 

	Ma discloses a method including acquiring a suspect data traffic set, the suspect data traffic set including data traffic corresponding to each suspect IP address in a suspect IP address set included in original data traffic drawn by a defense terminal located in a cloud platform; acquiring normal data traffic, the normal data traffic being data traffic that remains after the defense terminal cleans the suspect data traffic set according to a preset defense strategy; acquiring host performance parameters, the host performance parameters being a set of parameters extracted from the target terminal after the defense terminal sends the normal data traffic to the target terminal; and quantifying a defense result based on a target parameter set, wherein the target parameter set at least includes: the suspect data traffic set, the normal data traffic and the host performance parameters. The defense result is accurate by comprehensively considering evaluation aspects and indexes.

However, regarding claims 1 and 15, the prior art of Taylor, Gopalakrishna and Ma when taken in the context of the claim as a whole do not disclose nor suggest, “select a first defense strategy for restricting communications using a first port configuration; implement the first defense strategy within the emulated network, wherein implementing the first defense strategy comprises replicating data 15traffic from the network within the emulated network; generate a first duplicate of the malicious software element within the emulated network, wherein the first duplicate of the malicious software element is a copy of the malicious software element; execute the first duplicate of the malicious software element in the 20emulated network; determine a first performance level for the first defense strategy against the first duplicate of the malicious software element; select a second defense strategy for restricting communication using a second port configuration, wherein the second port configuration is different 25from the first port configuration; implement the second defense strategy within the emulated network, wherein implementing the second defense strategy comprises replicating data traffic from the network within the emulated network;  44294840ATTORNEY'S DOCKETPATENT APPLICATION 015444.1545 (P9506-US) 26 generate a second duplicate of the malicious software element within the emulated network, wherein the second duplicate of the malicious software element is a copy of the malicious software element; execute the second duplicate of the malicious software element in the 5emulated network; determine a second performance level for the second defense strategy against the second duplicate of the malicious software element; compare the first performance level with the second performance level; select one of the first defense strategy and the second defense strategy 10with a highest 

Regarding claim 8, the prior art of Taylor, Gopalakrishna and Ma when taken in the context of the claim as a whole do not disclose nor suggest, “selecting a first defense strategy for restricting communications using a first port configuration; implementing the first defense strategy within the emulated network, wherein implementing the first defense strategy comprises replicating data traffic from the network within the emulated network;  15generating a first duplicate of the malicious software element within the emulated network, wherein the first duplicate of the malicious software element is a copy of the malicious software element; executing the first duplicate of the malicious software element in the emulated network;  20determining a first performance level for the first defense strategy against the first duplicate of the malicious software element; selecting a second defense strategy for restricting communication using a second port configuration, wherein the second port configuration is different from the first port configuration;  25implementing the second defense strategy within the emulated network, wherein implementing the second defense strategy comprises replicating data traffic from the network within the emulated network; generating a second duplicate of the malicious software element within the emulated network, wherein the second duplicate of the malicious software element is a 30copy of the malicious software element;  44294840ATTORNEY'S DOCKETPATENT APPLICATION 015444.1545 (P9506-US) 29 executing the second duplicate of the malicious software element in the emulated network; determining a second performance level for the second defense strategy against the second duplicate of the malicious software 

Claims 2-7 depend on claim 1, claims 9-14 depend on claim 8 and claims 16-20 depend on claim 15, and are of consequence allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/HASSAN SAADOUN/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435