Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Attorney William R. Allen on 05/04/2022.
The application has been amended as follows:
In Claims:
Claim 8, line 1, “claim 1” has been changed to –claim 6--.

Reasons for Allowance
Claims 1-10 are allowed.
The following is an examiner’s statement of reasons for allowance: Regarding claim 1 and 6, the primary reason for allowance is the prior art fail to teach for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem. It is these limitations as they are claimed in the combination with other limitations of claim, which have not been found, taught or suggested in the prior art of record, that make these claims allowable over the prior art.
US Patent No 10,261,851 disclose a technology relates to learning how to efficiently display anomalies in performance data to an operator. In particular, it relates to assembling performance data for a multiplicity of metrics across a multiplicity of resources on a network and training a classifier that implements at least one circumstance-specific detector used to monitor a time series of performance data or to detect patterns in the time series. The training includes producing a time series of anomaly event candidates including corresponding event information used as input to the detectors, generating feature vectors for the anomaly event candidates, selecting a subset of the candidates as anomalous instance data, and using the feature vectors for the anomalous instance data and implicit and/or explicit feedback from users exposed to a visualization of the monitored time series annotated with visual tags for at least some of the anomalous instances data to train the classifier. 851’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
US 2019/0188212 disclose a method of anomaly detection operating on batches of data samples with potentially huge feature dimensionality, comprising: receiving a training set of labelled samples, representing known behaviors or categories; learning, based on the training set, a generative parsimonious null mixture model, which characterizes sample-groups of known behaviors or categories and their group-specific salient features; receiving a batch of un-labelled samples some of which may reflect one or more unknown behaviors or categories; sequentially identifying, and prioritizing by statistical significance, groups of samples of the batch which, when compared to the null hypothesis model, are better fit by a different generative parsimonious mixture model that is associated with the alternative hypothesis that unknown behaviors or categories are present therein, wherein the comparison involves a model cost that is a penalized likelihood; and jointly with identifying these sample groups, identifying potentially small feature subsets that saliently characterize these putative unknown behaviors or categories. 212’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
US 2018/0248905 disclose systems and methods implemented by a computer to detect abnormal behavior in a network include obtaining Performance Monitoring (PM) data including one or more of production PM data, lab PM data, and simulated PM data; determining a model based on machine learning training with the PM data; receiving live PM data from the network; utilizing the live PM data with the model to detect an anomaly in the network; and causing an action to address the anomaly. 905’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
US 2017/061322 disclose a method (and structure) generates a classifier for an anomalous detection monitor for a target user on a system or application used by a plurality of users and includes providing an access to a memory device storing user data samples for all users of the plurality of users. A target user is selected from among the plurality of users. Data samples for the target user and data samples for other users of the plurality of users are used to generate a normal sample data set and an abnormal (anomalous) sample data set to serve as a training data set for training a model for an anomaly detection monitor for the target user. 322’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
US 2013/0198119 disclose a system includes training module configured to train a set of training corpus, which may represent a set of data (e.g., malware, network traffic patterns, a set of genetic biomarkers) obtained from one or more data providers or other entities, to generate one or more BBN models using one or more machine learning algorithms. BBN models includes at least one anomaly detection model that performs anomaly detection on each of the N features in a data set, given known observed values of the remaining (N-1) features of the data set to generate an estimate for that selected feature, and to aggregate the estimates of all N features to derive a similarity score. BBN models may be utilized subsequently by diagnostic model  to perform anomaly detection on new set of claim data and to provide a report to the client. Data and report  may be fed back to the training system for future training and/or adjustment of BBN models.119’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
US Patent No 7,424,619 disclose a method of generating an anomaly detection model for classifying activities of a computer system, using a training set of data corresponding to activity on the computer system, the training set comprising a plurality of instances of data having features, and wherein each feature in said plurality of features has a plurality of values. For a selected feature and a selected value of the selected feature, a quantity is determined which corresponds to the relative sparsity of such value. The quantity may correspond to the difference between the number occurrences of the selected value and the number of occurrences of the most frequently occurring value. These instances are classified as anomaly and added to the training set of normal data to generate a rule set or other detection model. 619’ fails to specify for each type of anomalous activity, generate a benchmarking dataset which comprises a first number of samples drawn from the pool of negative samples, and a second number of samples drawn from the pool of positive samples corresponding with the type of anomalous activity, wherein the first number of samples is substantially larger than the second number of samples; for each combination of a candidate machine learning algorithm selected from the plurality of candidate machine learning algorithms with a type of anomalous activity: draw a plurality of training and cross-validation sets from the benchmarking dataset corresponding with the type of anomalous activity, wherein each training set comprises only negative data samples, and each cross-validation set comprises a mix of negative and positive data samples, for each one of the plurality of training and cross-validation sets, train a machine- learning model based on the candidate algorithm using the training set, and validate the machine-learning model using the cross-validation set with average precision as a performance metric, and compute a mean average precision value for the candidate machine learning algorithm across the average precision performance metrics obtained using the plurality of training and cross-validation sets; for each candidate machine learning algorithm, compute a ranking value based upon at least the mean average precision values computed for the candidate machine learning algorithm for each type of anomalous activity; and select a machine learning algorithm from the candidate machine learning algorithms based upon the computed ranking values, wherein a machine learning model based on the selected algorithm is deployed to the monitoring subsystem, which is configured to execute the deployed machine learning model to detect anomalies of the monitored subsystem as now recited in claim 1 and 6 of the present invention. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN H LE whose telephone number is (571)272-2275.  The examiner can normally be reached on Monday-Friday from 7:00am – 3:30pm Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John E. Breene can be reached on (571) 272-4107.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JOHN H LE/Primary Examiner, Art Unit 2862