DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 1 and 13 recite “n x m bitmap of pixels/known file objects/array/objects”. The variables ‘n’ and ‘m’ are not defined in the claims.
Independent claim 19 recite “k individual records/3-tuples”. The variable ‘k’ is not defined in the claim.


Allowable Subject Matter
Claims 1-20 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action.

The following is a statement of reasons for the indication of allowable subject matter:

Overview
The claimed invention is directed to malware detection and identification via visualization. Malware visualization is a known topic in computer security as will be reviewed in the following cited prior arts. However, the claimed invention improves upon conventional techniques in malware detection via visualization (e.g. see [0022] of the filed specifications).

Prior Arts
The following are relevant prior arts to the claimed invention:
Han K, Lim JH, Im EG. Malware analysis method using visualization of binary files. In Proceedings of the 2013 Research in Adaptive and Convergent Systems 2013 Oct 1 (pp. 317-321). (Discloses a method to visually analyze malware by transforming malware binary information into image matrices. See Abstract.
Han K, Kang B, Im EG. Malware analysis using visualized image matrices. The Scientific World Journal. 2014 Jul 16; 2014. (Discloses a method to generate RGB-colored pixels on image matrices from the opcode sequences extracted from malware samples and calculate similarities for the image matrices. See Abstract.)
Shaid SZ, Maarof MA. Malware behavior image for malware variant identification. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST) 2014 Aug 26 (pp. 238-243). IEEE. (Discloses visualizing malware behavior and potential benefit for malware classification. See Abstract.)
Nataraj L, Karthikeyan S, Jacob G, Manjunath BS. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security 2011 Jul 20 (pp. 1-7). (Discloses visualizing malware binaries in grey-scale images. See Abstract.)
Fu J, Xue J, Wang Y, Liu Z, Shan C. Malware visualization for fine-grained classification. IEEE Access. 2018 Feb 12; 6:14510-23. (Discloses visualizing malware as RGB-colored images and extracting global features from the images. Local features from extracted code and data sections of malware are combined with the global features to perform malware classification. See Abstract.)
Singh A, Handa A, Kumar N, Shukla SK. Malware classification using image representation. In International Symposium on Cyber Security Cryptography and Machine Learning 2019 Jun 27 (pp. 75-92). Springer, Cham. (Discloses a method for visually representing malware using RGB-colored images. See I. Introduction.
Irina B. Stavros S. Nicholas K. A Novel Malware Detection System Based On Machine Learning and Binary Visualization. 2019 IEEE International Conference on Communications, 20-24 May 2019. (Discloses malware detection methods using binary visualization and self-organizing incremental neural networks.)
US 10,437,999 (Discloses mapping system processes from the executions of a clean file and a malicious file to image matrices, which are used for determining if an unknown file includes malware. See Abstract.)
US 2018/0183815 (Discloses converting a computer file into a graphic image and classifying the computer file as malicious or benign using machine learning techniques. See Abstract.)
US 9,672,358 (Discloses extracting an image data structure from a binary file and modifying the image data structure to represent a greyscale image. A similarity test is performed on said image to reference images to determine if the binary file is malware. See Abstract.)

The cited prior arts do not teach every element presented in the independent claims. The most relevant prior arts are [1] and [2], which are both written by similar authors and directed to the same proposed method. However, the proposed methods in [1] and [2] (e.g. see section 3 in both articles) are distinct from the claimed invention. For example, in [1], the opcode sequences in a binary sample are mapped to an image matrix using two hash functions (see Fig. 4). The method of [1] begins to diverge from the claimed invention where similarity calculations between image matrices are performed in [1]. See also image matrices from known .

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for 




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        3-21-2022