DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 4/20/2020, 10/20/2021, and 2/14/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:
The claimed invention is directed to anomaly detection in a computer system using a hybrid machine learning model. The hybrid model combines the use of unsupervised and semi-supervised machine learning techniques to help reduce false positives and manual data classification reviews by human analysts. See [0017] and [0025] of the filed specifications.
The relevant prior arts to the claimed invention are:
 US 2018/0096261 (cited in the IDS filed 4/20/2020): An ensemble of unsupervised anomaly detection machine learning models are used to generate a set of pseudo-labels on a dataset comprising of feature vectors from a collection of sensor data (see [0066]; Fig. 6). A supervised machine learning algorithm is executed on the dataset of pseudo-labels to generate an anomaly detection model (see also [0066]; Fig. 6).
 US 2016/0217022: A supervised or semi-supervised learning method is used to train a model, wherein user feedback is collected for a training set of anomaly event candidates (see [0063]). A supervised or semi-supervised method are better suited because what constitutes as an anomaly changes from user to user and application to application, thus user feedback is important (see [0064]).
 US 2015/0269050: Traditionally, anomalies are detected by a human being studying a log trace (a record). Due to the increasing growth of computer systems, these studies are becoming more difficult. The BACKGROUND section provides information about known supervised, semi-supervised, and unsupervised techniques. Semi-supervised anomaly detection typically involves construction of a model representing normal behavior from one type of labeled data: either from data that is labeled normal or from data that is labeled abnormal but both types of labeled data are not provided. See [0001]-[0002].
 Chen X, Li B, Proietti R, Zhu Z, Yoo SB. Self-taught anomaly detection with hybrid unsupervised/supervised machine learning in optical networks. Journal of Lightwave Technology. 2019 Apr 1;37(7):1742-9. (Processed data is input to an unsupervised data clustering module (DCM) for pattern analysis. The analysis determines similarities within the data and divides them into clusters and outliers, wherein the outliers are determined to be network anomalies. The learned pattern of the data is then input into a supervised data regression and classification module (DRCM) for online anomaly detection. See II. SELF-TAUGHT ANOMALY DETECTION FRAMEWORK, pg. 1743.)
Ruff L, Vandermeulen RA, Görnitz N, Binder A, Müller E, Müller KR, Kloft M. Deep semi-supervised anomaly detection. arXiv preprint arXiv:1906.02694. 2019 Jun 6. (Describes semi-supervised approach in network anomaly detection as utilizing a set of unlabeled samples with a set of labeled samples, e.g. samples verified by a domain expert. See Abstract. Further discloses some background information about semi-supervised anomaly detection: “Most existing ‘semi-supervised’ AD [anomaly detection] methods, both shallow…and deep, only incorporate the use of labeled normal samples but not labeled anomalies.” See pg. 2.).
N. Alghanmi, R. Alotaibi and S. M. Buhari, "HLMCC: A Hybrid Learning Anomaly Detection Model for Unlabeled Data in Internet of Things," in IEEE Access, vol. 7, pp. 179492-179504, 2019, doi: 10.1109/ACCESS.2019.2959739. (Discloses a hybrid learning model: “This study proposes a Hybrid Learning Model which uses both Clustering and Classification methods (HLMCC) to automate the labelling process and detect anomalies in IoT data. The model consists of two practical phases, automatic labelling and detecting anomalies. First, the HLMCC groups the data into normal and anomaly clusters by adopting Hierarchical Affinity Propagation (HAP) clustering. Second, the labelled data obtained from the clustering phase is used to train the Decision Trees (DTs) and to classify future unseen data. The results show that the HLMCC is able to automate the labelling of data, which is beneficial to minimize human involvement.” See Abstract.)
X. Zhu. Semi-Supervised Learning Literature Survey. Computer Sciences Technical Report 1530. University of Wisconsin - Madison. 2008 July 19. Accessed at https://pages.cs.wisc.edu/~jerryzhu/pub/ssl_survey.pdf on 2 May 2022. (Discloses a review of semi-supervised learning literature. Semi-supervised learning is described as a solution to the problem of manually labelling data instances by using a large amount of unlabeled data with labeled data to build a classifier. See pp. 3-4.)
Thus, references A, D, and F are considered to the most relevant prior arts to the claimed invention. Those references present a general process of using unsupervised learning models to label a dataset and providing the labeled dataset to a semi-supervised/supervised learning model, which is similar to the process of the claimed invention. However, they fail to disclose: “performing, by the semi-supervised machine learning model, a similarity analysis of the unlabeled log data in the partially labeled dataset with entries in the selected subset of entries; and propagating, by the semi-supervised machine learning model, anomaly classification labels of the selected subset of entries to the other unlabeled log data based on results of the similarity analysis to thereby generate a fully labeled dataset” as required in the independent claims. Therefore, the claimed invention, as a whole, is allowable over the currently cited prior arts.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-03-2022