Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION

Response to Arguments
	Applicant’s arguments filed May 05, 2022 have been fully considered but are not persuasive. A new ground(s) of rejection is presented due to Applicant’s claim language.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 7 – 8, 10 – 12, 23 – 26, 29 – 31 and 34 – 35 are rejected under 35 U.S.C. 103 as being unpatentable over AAPA (Applicant Admitted Prior Art as disclosed in as-filed disclosure) in view of La Marca (US Pub. No. 2019/0199743 A1) in view of Stein (WO 2020/178811 A1).


Per claim 7, AAPA suggests a method, comprising: receiving (reads on gateway which routes messages among the multiple CAN buses wired or wireless messages sent to ECUs connected to the CAN bus, see AAPA para 0001 – 0003 and 0035 – 0037), at a gateway of a Controller Area Network (CAN) bus on a vehicle and via at least one of a wireless interface or a wired interface of the vehicle (reads on multiple CAN buses connected via wire or wirelessly via a gateway which routes messages among the multiple CAN buses, see AAPA para 0001 – 0002), a plurality of messages targeted at one or more electronic control units (ECU) coupled with the CAN bus (reads on network packets sent to a ECU connected to the CAN bus, see AAPA para 0001 – 0003); wherein each of the plurality of messages includes an arbitration identifier and a payload (reads on the messages include an arbitration identifier and content, see AAPA para 0035).


[0001] Modern vehicles are integrated with a number of hardware devices, known as Electronic Control Units (ECUs). Controlled by complicated computer programs, ECUs can control various subsystems of the vehicle, such as the powertrain system, the security system, the
infotainment system, etc. The ECUs are typically connected over one or more in-vehicle networks, such as Controller Area Network (CAN) buses. Multiple CAN buses can be connected via a gateway which can route messages among the multiple CAN buses.

[0002] Recently, modern vehicles are becoming smarter by equipping automotive networking services, including Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I), which altogether are generally referred as (Vehicle-to-Everything) V2X. V2X provides external access
to, for example, inspect the internal status of a vehicle, or otherwise access other functionalities provided by the ECUs (e.g., infotainment system), and can have a direct impact on the
functionality of ECUs. The ECUs can also be accessible by other wired or wireless network connections, such as Bluetooth connection, Universal Serial Bus (USB) connection, etc.

[0003] However, V2X communications, along with other potential network connections such as Bluetooth and USB connections, can pose threats regarding the security of ECUs. Specifically, an adversary would be able to send malicious network packets remotely via the
network connections into an ECU, which can then distribute the network packets to each ECU connected to the CAN bus. The malicious network packets can compromise the operations of the ECUs, which can put the passengers of the vehicle in danger or otherwise adversely affect the operation of the vehicle.

[0035] Modern vehicles are integrated with a number of Electronic Control Units (ECUs). Controlled by complicated computer programs, ECUs can control various subsystems of the vehicle, such as the powertrain system, the security system, the infotainment system, etc. The ECUs are typically connected over one or more in-vehicle networks, such as Controller Area Network (CAN) buses. The CAN bus operates based on a multi-master serial bus standard, in
which each component connected to the CAN bus, such as an ECU, a gateway, etc., can take turns in driving the serial bus to send a broadcast message. The broadcast message can then reach each component connected to the CAN bus, and a target component of the broadcast message can then consume the message. Each component connected to the CAN bus is assigned with an identifier, such as an arbitration identifier. The arbitration identifier can be included in
the message and can determine the priority by which each component sends the message in the CAN bus when multiple components attempt to send a message at the same time. Multiple CAN buses can be connected via a gateway which can route messages among the multiple CAN buses.

[0036] Some of the ECUs, such as ECUs involved in communication, are externally accessible via various wired/wireless network interfaces, such as V2X communications, Bluetooth and USB connections, etc. These network interfaces can receive data packets from a remote source,
and transmit the data packets to the communication ECUs. The communication ECUs may then transmit the content of the network packets over the CAN bus in the form of broadcast messages. The network interfaces can provide network connectivity to a vehicle. For example, through the network interfaces and the CAN bus, a remote user can obtain data that reflect the operation state of a vehicle from various ECUs of the vehicle. As another example, a broadcaster can transmit content wirelessly to a vehicle, which can then deliver the content to the passenger via the infotainment system.

[0037] While these interfaces bring about network connectivity to a vehicle, the network connectivity can also pose security risks. Specifically, an adversary would be able to send malicious network packets remotely via the interfaces into the CAN buses to compromise the operations of the ECUs. Currently, the CAN bus lacks a mechanism to prevent these malicious network packets from reaching the ECUs. The CAN bus simply broadcasts the received malicious network packets as messages to each ECU connected on the CAN bus. These malicious network packets can compromise the operations of the ECUs, which can put the passengers of the vehicle in danger or otherwise adversely affect the operation of the vehicle.



AAPA is silent on explicitly stating generating one or more input vectors based on the plurality of messages, each of the one or more input vectors having a first number of elements:  generating, using one or more machine learning models, a corresponding output vector based on each of the one or more input vectors, each output vector having the first number of elements; generating one or more comparison results between each of the one or more input vectors and the corresponding output vector; and  based on the one or more comparison results, performing one of: allowing the plurality of messages to enter the CAN bus or preventing the plurality of messages from entering the CAN bus,  wherein each of the plurality of messages includes an arbitration identifier and a payload, wherein the one or more input vectors are generated based on at least one of the arbitration identifier or the payload of each of the plurality of messages, wherein the one or more machine learning models comprise one or more encoders and one or more corresponding decoders, wherein generating, using one or more machine learning models, a corresponding output vector based on each of the one or more input vectors comprises: transforming, using the one or more encoders, each of the one or more input vectors to a corresponding intermediate vector, the intermediate vector having a second number of elements, the second number being smaller than the first number; and reconstructing, using the one or more corresponding decoders, the one or more output vectors from the corresponding one or more intermediate vectors, wherein the one or more comparison results comprise a combined reconstruction loss between the one or more input vectors and the corresponding one or more output vectors; and wherein the plurality of messages is prevented from entering the CAN bus based on the combined reconstruction loss exceeding a threshold.
La Marca suggests 
generating one or more input vectors based on the plurality of messages (reads on the input quantity vector is formed from one or more current data packets or a portion of a data packet, see La Marca para 0040 and 0047), each of the one or more input vectors having a first number of elements (reads on the exemplary x1 and x2 of input quantity vector x, see La Marca Figure 2 and para 0040): generating (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040), using one or more machine learning models (reads on using an autoencoder, see La Marca para 0039 – 0040), a corresponding output vector based on each of the one or more input vectors (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040), each output vector having the first number of elements (reads on x’ having the same number of elements as x, see La Marca Figure 2 and para 0040);
generating one or more comparison results between each of the one or more input vectors and the corresponding output vector (reads on the reconstruction error between the respective input quantity vector x and the resulting output quantity vector x’ is as low as possible, see La Marca para 0022); and wherein the one or more input vectors are generated based on at least one of the arbitration identifier or the payload of each of the plurality of messages (reads on the input quantity vector is determined from at least a portion of one or a plurality of the data packets of the data stream used, see La Marca para 0016, 0026, 0030, 0044, 0045 and 0047), wherein the one or more machine learning models comprise one or more encoders and one or more corresponding decoders (reads on the variational autoencoder has an encoder and decoder part, see La Marca para 0039), wherein generating (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040), using one or more machine learning models (reads on using an autoencoder, see La Marca para 0039 – 0040), a corresponding output vector based on each of the one or more input vectors (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040) comprises: transforming, using the one or more encoders, each of the one or more input vectors to a corresponding intermediate vector (reads on the encoder uses the input quantity vector x as input and produces one or more intermediate layers that has a lower dimensionality than the input quantity vector x, see La Marca para 0040), the intermediate vector having a second number of elements, the second number being smaller than the first number (reads on the one or more intermediate layers have a lower dimensionality than the input quantity vector x, see La Marca para 0040); and reconstructing, using the one or more corresponding decoders, the one or more output vectors from the corresponding one or more intermediate vectors (reads on the decoder maps the output of the encoder into an output quantity vector x’ that has the same dimensionality as the input quantity vector x, see La Marca para 0040), wherein the one or more comparison results comprise a combined reconstruction loss between the one or more input vectors and the corresponding one or more output vectors (reads on the reconstruction error between input quantity vector x and output quantity vector x′ becomes as small as possible, see La Marca para 0042).


[0022] In addition, the variational autoencoder can be trained with data packets of an anomaly-free data stream, so that on the one hand the reconstruction error between the respective input quantity vector x and the resulting output quantity vector x′ is as low as possible, and on the other hand the distribution of the latent quantities z in the latent space corresponds as closely as possible to the specified reference distribution; here in particular a distribution deviation between the distribution achieved through the one or more distribution parameters and the specified reference distribution should be minimized to the greatest possible extent.

[0023] In particular, the distribution deviation that is to be minimized during the training of the variational autoencoder can be ascertained as a measure of a difference between the achieved distribution and the specified reference distribution, the distribution deviation being ascertained in particular as a Kullback-Leibler divergence.

[0024] According to a specific embodiment, the data packet can be recognized as an anomalous data packet as a function of the degree of a measure of deviation between the distribution of the latent quantities for the respective applied data packet and the specified reference distribution.

[0026] In addition, it can be provided that the degree of deviation is checked using a threshold value comparison in order to recognize a data packet applied as input quantity vector as an anomalous data packet.

[0038] An anomaly recognition system 4, which can be realized separately or as part of one of the network components 2, is connected to communication bus 3. Anomaly recognition system 4 reads the data transmitted via communication bus 3 and carries out an anomaly recognition method based on prespecified rules. Anomaly recognition system 4 may be realized separately or may be part of a network component 2.

[0039] A variational autoencoder 10 is the core of the anomaly recognition method described herein, in anomaly recognition system 4. A variational autoencoder is shown as an example in FIG. 2. It has an encoder part 11 and a decoder part 12. Encoder part 11 and decoder part 12 are each realized as neural networks having neurons N. Neurons N each implement a neural function defined for example through the application of an activation function to a sum of a product of weighted inputs with a bias value.

[0040] Encoder part 11 maps an input quantity vector x onto a representation z (latent quantities) in a latent space. The latent space has a lower dimensionality than does input quantity vector x. Encoder part 11 has an input layer 11E, one or more intermediate layers 11Z, and an output layer 11A that correspond to, or represent, the latent space. Decoder part 12 maps representation z of the latent space into an output quantity vector x′. The latent space has a lower dimensionality than does output quantity vector x′. In addition to an input layer 12E, which corresponds to or represents the latent space, decoder part 12 can have one or more intermediate layers 12Z and an output layer 12A that has the same dimensionality as input layer 11E of encoder part 11.

[0047] FIG. 4 shows a flow diagram illustrating a method for anomaly recognition in a data stream in a communication network. For this purpose, in step S1 an input quantity vector is applied to the previously trained variational autoencoder 10, the input quantity vector being formed from one or more current data packets or a portion of a data packet.

[0048] In step S2, the distribution parameters are read out from encoder part 11. The distribution parameters can correspond to the contents of neurons N of intermediate layer 11Z immediately before output layer 11A, or can be derived from these contents.

[0049] In step S3, a measure of deviation is ascertained based on a comparison of the current distribution indicated by the distribution parameters with the reference distribution on which the training is based and that is indicated by the reference distribution parameters. The measure of deviation preferably corresponds to a measure for evaluating a deviation between two distributions, and can be determined in particular as a Kullback-Leibler divergence.

[0050] In step S4, the degree of deviation can be checked using a threshold value comparison. If a threshold value is exceeded (alternative: yes), then in step S5 an anomaly is signaled and corresponding measures are carried out. Otherwise (alternative: no), in step S6 the latent quantities z can be used to subsequently train the variational autoencoder based on the non-faulty data packet. In this way, the variational autoencoder can be adapted so that the variational autoencoder can be constantly readjusted corresponding to the normal behavior of the communication network. For the subsequent training of the variational autoencoder, a plurality of non-faulty data packets can also be collected before the new training is carried out. Subsequently, a jump takes place back to step S1.


Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the message reception teachings of the prior art of record by integrating the determining if received messages are anomalous teachings of La Marca to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the CAN message reception teachings of the prior art of record the ability to determine through the use of encoders/decoders whether the messages are anomalous as taught by La Marca, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized the results of the combination were predictable. The motivation to combine the references is applied to all dependent claims under this heading.
Stein suggests 
the one or more input vectors are generated based on at least one of the arbitration identifier or the payload of each of the plurality of messages (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5); based on the one or more comparison results (reads on based on the model reconstruction error of the introduced sequences classifying the input as anomalous or not and when classified as anomalous preventing/blocking at least one of the CAN messages of the sequence before it is transmitted on the CAN bus, see Stein page 5 lines 8 – 20), performing one of: allowing the plurality of messages to enter the CAN bus or preventing the plurality of messages from entering the CAN bus (reads on preventing/blocking at least one of the CAN messages of the sequence before it is transmitted on the CAN bus, see Stein page 5 lines 8 – 20, page 7 line 27 – page 8 line 11 and page 56 lines 6 – 14); wherein the plurality of messages is prevented from entering the CAN bus (reads on preventing/blocking at least one of the CAN messages of the sequence before it is transmitted on the CAN bus, see Stein page 5 lines 8 – 20, page 7 line 27 – page 8 line 11 and page 56 lines 6 – 14) based on the combined reconstruction loss exceeding a threshold (reads on determining the sequence is anomalous based on the autoencoder reconstruction error, see Stein page 5 lines 8 – 20, page 9 line 29 – page 10 line 8, page 39 lines 22 – 30, page 54 line 32 – page 55 line 8 and page 56 line 6 – 14. The Examiner construes the classification based on a reconstruction error to at least implicitly teach an exceeded threshold); wherein each corresponding pair of encoder and decoder is (reads on applying the specific model for the target CAN message type of a plurality of CAN message type classification models/encoder-decoder/pre-defined model types for a plurality of respective CAN message types, see Stein page 8 line 18 – page 9 line 10, page 9 lines 24 – 28, page 34 lines 1 – 23 and page 34 lines 31 – page 35 line 15 and page 35 line 22 – page 36 line 3 and page 52 lines 15 – 24) trained based on a training set of only normal (reads on the CAN messages of the training set can be obtained from valid operation of the vehicle, see Stein page 31 lines 1 – 12) messages having the associated arbitration identifier, the training set of normal messages received from one or more vehicles during normal operations of the one or more vehicles (see Stein page 31 lines 1 – 12); wherein the training is an unsupervised training operation (see Stein page 34 lines 6 – 23). 



[page 5 lines 3 – 7]

In some cases, for at least part of the CAN message type classification models, the training further includes training an encoder-decoder, with a first sequence of payloads of the target instances as output, and a second sequence of respective payloads of instances of CAN messages of the training set represented by the statistically significant columns and preceding the respective target instances as input.

[page 5 lines 8 – 12]

In accordance with a second aspect of the presently disclosed subject matter, there is provided a classification system comprising a second processing resource, the second processing resource being configured to: receive a sequence of CAN messages intercepted on a monitored vehicle; and classify the sequence as comprising anomalies or not comprising anomalies using the model generated according to the first aspect.

[page 5 lines 13 – 14]

In some cases, the second processing resource is further configured to perform an action upon determining that the sequence comprises anomalies.

[page 5 lines 15 – 20]

In some cases, the action includes one or more of the following: providing an alert to an entity indicative of the sequence comprising anomalies; performing a prevention measure for blocking or correcting at least one of the CAN messages of the sequence before it is transmitted on a CAN bus of the monitored vehicle on which the CAN messages are to be transmitted, wherein the sequence is classified before it is transmitted on the CAN bus of the monitored vehicle.

[page 7 line 27 – page 8 line 11]

In accordance with a fifth aspect of the presently disclosed subject matter, there is provided a method for generating a set of rules for detecting Controller Area Network (CAN) messages anomalies, the method comprising: obtaining, by a processing resource, a training set including a plurality of CAN messages associated with respective one or more vehicles, each CAN message having properties including (a) a CAN message type, (b) a size, (c) a payload, and (d) a corresponding timestamp; wherein for each CAN message type appearing in the plurality of CAN messages of the training set, the timestamps of the CAN messages of the corresponding CAN message type are derived from a stationary distribution; training a model, by the processing resource, using the training set, the model characterizing statistical relationships between one or more first types of CAN messages of respective first CAN message type and one or more second types of CAN messages each of respective second CAN message type, wherein the statistical relationships are based on one or more of the properties of the CAN messages of the training set; wherein the model is usable for identifying anomalies within a sequence of input CAN messages upon a first input CAN message of the sequence of input CAN messages, having a first CAN message type, failing to meet a given statistical relationship, of the statistical relationships, with a second input CAN message of the sequence having a second CAN message type.

[page 8 lines 12 – 14]

In some cases, the model is trained to characterize the statistical relationships between changes in the payloads of the one or more first types of CAN messages and changes in the payloads of the one or more second types of CAN messages.

[page 8 lines 15 – 17]

In some cases, the model is further trained to estimate expected payloads of the one or more second types of CAN messages given a sequence of payloads of instances of CAN messages of the one or more first types of CAN messages.

[page 8 line 18 –  page 9 line 10]

In some cases, the model comprises a plurality of CAN message type classification models for a plurality of respective CAN message types that appear in the training set, each of the CAN message type classification models being trained by performing the following for the respective CAN message type, being a target CAN message type: creating a training matrix wherein: each row of the training matrix represents a given target instance of a plurality of target instances of CAN messages of the target CAN message type of the training set, and comprises: a target cell representing presence of a first change between the payload of the given target instance and the payload of a preceding target instance preceding the given target instance in the target instances, if any; and source cells, each of the source cells being associated with a respective CAN message type of the CAN message types excluding the target CAN message type, wherein: upon a source instance of a plurality of source instances of CAN messages of the corresponding CAN message type being present between the target instance and the preceding target instance of the training set, the respective source cell represents presence of a second change between the payload of the given source instance and the payload of a preceding source instance preceding the given source instance in the source instances, if any; and upon the source instance of a plurality of source instances of CAN messages of the corresponding CAN message type not being present between the target instance and the preceding target instance of the training set, the respective source cell represents a non-presence; wherein the source cells in each column of the matrix represents a corresponding CAN message type; and training, by a machine learning algorithm, the respective CAN message type classification model using the training matrix, to identify the correlations between the changes in the payloads of the CAN messages of the target CAN message type, and the changes in the payloads of the CAN message type of the CAN message types excluding the target CAN message type.

[page 9 lines 20 – 23]

In some cases, for at least part of the CAN message type classification models, the training further includes selecting statistically significant columns of the columns of the matrix, wherein the statistically significant columns are representative of the statistical relationships.

[page 9 lines 24 – 28]

In some cases, for at least part of the CAN message type classification models, the training further includes training an encoder-decoder, with a first sequence of payloads of the target instances as output, and a second sequence of respective payloads of instances of CAN messages of the training set represented by the statistically significant columns and preceding the respective target instances as input.

[page 9 line 29 –  page 10 line 2]

In accordance with a sixth aspect of the presently disclosed subject matter, there is provided a classification method comprising: receiving, by a second processing resource, a sequence of CAN messages intercepted on a monitored vehicle; and classifying the sequence as comprising anomalies or not comprising anomalies using the model of the fifth aspect. In some cases, the method further comprises performing an action upon determining that the sequence comprises anomalies.

[page 10 lines 3 – 8]

In some cases, the action includes one or more of the following: providing an alert to an entity indicative of the sequence comprising anomalies; performing a prevention measure for blocking or correcting at least one of the CAN messages of the sequence before it is transmitted on a CAN bus of the monitored vehicle on which the CAN messages are to be transmitted, wherein the sequence is classified before it is transmitted on the CAN bus of the monitored vehicle.

[page 31 lines 1 – 12]

For the purpose of generating the ADE, the ADE generator module 140 obtains a training set including a plurality of CAN messages associated with respective one or more vehicles 202, each CAN message having properties including (a) a CAN message type (noting that in the CAN bus protocol the message type is also referred to as “arbitration ID”, or as a Message Identifier (MID)), (b) a size, (c) a payload, and (d) a corresponding timestamp (block 410). The CAN messages of the training set can be obtained from real-time recordings of CAN messages generated during vehicle rides of vehicles 202 (e.g. using message collectors 222 of vehicles 202 that intercepts CAN messages transmitted over the vehicles 202 CAN bus) and/or from simulations of vehicle rides and/or from any other source, as long as the CAN messages of the training set represent valid operation of the vehicle 202, or at least an assumed valid operation thereof.

[page 34 lines 1 – 5 ]

Having learned attributes in groups of CAN messages (each group comprising CAN messages of identical CAN message type), ADE generator module 140 associates each CAN message type with one or more respective selected pre-defined model types of a plurality of candidate pre-defined model types, based on the attributes learned for the respective CAN message type (block 430).

[page 34 lines 6 – 23 ]

Some of the candidate pre-defined model types support modeling of stationarity signals, and some of the candidate pre-defined model types support modeling of non- stationarity signals (noting that non- stationary signals can be a result of an external agent (e.g. a driver of a vehicle on which the CAN messages are intercepted)) under the realm of unsupervised learning paradigms. To this end, ADE generator module 140 can utilize one or more of the following modeling concepts: targeting classification, feature selection, outliers' detection, learning stationarity properties, and more. ADE generator module 140 can utilize, amongst others, deep learning approach such as: Deep belief networks, Restricted Boltzman Machine networks (RBMs), Mixture Density Networks (MDNs), Various embedding techniques including tSNE (t-distributed Stochastic Neighbor Embedding), Recurrent Neural Networks (RNN), Autoencoders, Variational Autoencoders, and various Language-based models. In addition, ADE generator module 140 can use various traditional machine learning algorithms including one or more of: boosting techniques or generally different ensembles-based modeling (e.g. Random Forest, Rotational Forest), a Support Vector Machine (SVM), a One Class SVM, a context tree, a Logistic Regression, and models of learning with noise. In some cases, control schemes such as CUSUM (cumulative sum) and EWMA (Exponentially Weighted Moving Average) can be employed as well.

[page 34 lines 24 – 30 ]

It is to be noted in this respect that some types of models are more suitable to classify CAN messages of certain types that have certain attributes than other types of models. For example, a given pre-defined candidate model type may be suitable to classify a first type of CAN messages that has a synchronicity attribute and a boundedness of its payload’s values attribute, while another pre-defined candidate model type may be suitable for classifying a second type of CAN messages that has an a- synchronicity attribute and a non-boundedness of its payload’s values attribute.

[page 34 lines 31 –  page 35 line 7]

As indicated herein, in some cases, the relationship between the CAN message type and a respective functionality of the vehicles 202 (i.e. the semantic of the CAN message) is unknown to the ADE generator module 140. However, in other cases, the ADE generator module 140 may have information of relationships between at least part of the CAN message types and respective functionalities of the vehicles 202. In such cases, having such information can enable associating CAN messages of such CAN message types (known to be related to a known vehicle 202 functionality) to pre-defined candidate models bases on such knowledge, whether additionally, or alternatively, to the knowledge of the attributes of the CAN messages of such CAN message types of the training set.

[page 35 line 8 – 15 ]

ADE generator module 140 trains, for each CAN message type, one or more models of the respective one or more selected pre-defined model types associated with the respective CAN message type as described with reference to block 430 (block 440). Each model can be trained using a corresponding subset of CAN messages of the training set, the subset being those CAN messages of the training set that are of the respective CAN message type associated with the corresponding model. Each of the trained models trained at block 440 is usable for classifying a given CAN message of the respective CAN message type as anomalous or non-anomalous.

[page 35 line 16 – 21 ]

It is to be noted that in some cases, some of the trained models are not valuable for the purpose of classifying CAN messages of the respective CAN message type, and such models can be excluded so that they are not used to classify CAN messages of the respective CAN message type. For example, in case of context-based anomaly detection (e.g. N-Gram model), when all combinations of the payload sequence are normally included, there is no value for such model for anomaly detection.

[page 35 line 22 – 28 ]

Looking at an example, assuming that as a result of executing block 430 messages of type X are associated with models of types A, B and C. At block 440, three models are trained, one being a model of type A, one being a model of type B and one being a model of type C. Each of the models is trained using the CAN messages of type X of the training set. Due to the fact that the CAN messages of the training set represent valid operation of the vehicle 202 on which the ADE is designed to operate, the models A, B and C are trained to identify anomalous behaviors of messages of type X.

[page 35 line 29 –  page 36 line 3 ]

It is to be noted that the different types of the models (e.g. models A, B and C) may be applied independently, simultaneously and/or in sequence at the operational stage of the ADE. In some cases, the training of the models can be performed in an adaptive manner, so that the model is trained on a subset of the CAN messages of the respective CAN message type out of all the CAN messages of the respective CAN message type.

[page 38 line 21 – page 39 line 3]

Message analyzer 220 classifies the unclassified CAN message obtained at block 510 as anomalous or non- anomalous using the ADE generated by the anomaly detection engine generation process 400, giving rise to a classified CAN message (block 520). The ADE classifies the unclassified CAN message by executing those models that are trained to classify messages of the type of the unclassified CAN message as anomalous or not on the unclassified CAN message. Based on the results of the execution of the models, the ADE determines whether the unclassified CAN message is anomalous or not. In some cases, in order to determine that an unclassified CAN message is anomalous all of the models executed thereon are required to indicate that the unclassified CAN message is anomalous. In other cases, only some of the models executed thereon are required to indicate that the unclassified CAN message is anomalous. In more specific cases, it is enough that one model executed thereon indicates that the unclassified CAN message is anomalous in order to determine that the unclassified CAN message is anomalous. It is to be noted that these are mere examples, and other methods can be used to classify the unclassified CAN message as anomalous or not based on the results of the execution of the models thereon.

[page 39 lines 22 – 30]

In some cases, in addition to, or as an alternative of, providing an alert, the message analyzer 220 can be configured to perform a prevention measure for blocking or correcting the classified CAN message classified as anomalous, before it is transmitted on a CAN bus of a monitored vehicle. It is to be noted that for this purpose, the message analyzer 220 is required to perform the process 500 before the classified CAN message classified as anomalous is transmitted on a CAN bus of a monitored vehicle. This may be possible, for example, when the message analyzer 220 acts as a gateway to the CAN bus.

[page 52 lines 15 – 24]

The model can be trained as follows: a plurality of CAN message type classification models are trained, one per CAN message type (referred to herein as: target CAN message type): the sequence of payloads of CAN messages of the target CAN message type in the training set are encoded as binary "labels" of the classification problem, by the following principle: if the payload changed with respect to a previously observed payload of the target CAN message type we assign a first value (e.g. the value one (1)), whereas in case of no change we assign a second value (e.g. the value zero (0)). In this way we obtain a vector of "binary labels" for the classification problem. A features matrix is composed in a similar way to the labels-vector for all CAN message types excluding the target CAN message type, while noting that: 

[page 54 line 32 –  page 55 line 8]

Encoder-decoder based modeling is in wide usage in the community of machine learning, where it is used mostly in problems of sequence-to-sequence modeling (e.g. language translation, caption generation for images). Both the encoder and the decoder often comprise an RNN system where most simply, the summarized hidden state of the encoder is served as the initial state for the RNN decoder. Given the input and output sequences, the encoder-decoder will learn meaningful features that model the transitions between the input and output sequences. This encoder-decoder based modeling enables revealing features that reflect bit-level interactions between the affecting CAN message types and the corresponding target CAN message type. Often, for anomaly detection, the encoder-decoder based modeling will be reduced to on an autoencoder architecture.

[page 55 lines 9 – 13]

Accordingly, when using encoder-decoder based modeling the training of the model further includes training an encoder-decoder, with a first sequence of payloads of the target instances as output, and a second sequence of respective payloads of instances of CAN messages of the training set represented by the statistically significant columns and preceding the respective target instances as input.

[page 55 lines 14 – 20]

In more specific cases, when using autoencoder based modeling, valid sequences composed on the CAN messages of the target CAN message type and the source CAN message types can be modeled. These sequences can represent payload value concatenated to a binary encoded pertinent MID value. The training of the autoencoder will provide and reflect the existing constraints between the inter dependent CAN messages of each clique of the graph. By controlling the sequence length different time scales of interactions can optionally be controlled.

[page 55 lines 21 – 23]

Having a trained encoder-decoder/autoencoder can enable classifying a given sequence of CAN messages that are identified as having a statistical relationship as anomalous or not.

[page 55 line 24 –  page 56 line 5]

Looking at an example, let’s assume that a statistical relationship is identified between CAN messages of types X and Y and CAN messages of type Z, so that whenever payloads of CAN messages of types X and Y change with respect to the payloads of a preceding occurrence thereof, the payload of a CAN message of type Z changes with respect to the payload of a preceding occurrence thereof. When an encoder-decoder/autoencoder is trained, it can be trained to identify the bit-wise relationships between specific bits of the payloads of the CAN messages of types X and Y, and CAN messages of type Z. So, when a sequence of CAN messages including CAN messages of types X, Y and Z is provided for evaluation, the encoder-decoder checks each occurrence of CAN messages of type Z and validates it with reference to the respective occurrences of the CAN messages of types X and Y, based on the training thereof, to determine if any anomaly is identified (while checking the distance between actual payload values of CAN messages of type Z versus the expected payload values of such CAN messages of type Z given the payload values of the CAN messages of types X and Y that preceded the respective CAN message of type Z).

[page 56 line 6 – 14]

Alternatively, when using an autoencoder, the autoencoder will reconstruct the introduced sequences of messages X, Y, and Z, and based on a reconstruction error, will determine if the sequence is anomalous or not. Accordingly, sequences of a given number of CAN messages of the source CAN message types and the target CAN message type are used for the training, and the autoencoder learns the inter-dependency between the various members of each of the sequences. So, when a given sequence of the given number of CAN messages is obtained, it can be classified as anomalous or not based on a reconstruction error (being a distance between the reconstructed sequence and the actual given sequence.

Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the anomalous message determination teachings of the prior art of record by integrating the anomalous message determination teachings of Stein to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the anomalous CAN message determination teachings of the prior art of record the ability to prevent such messages from entering the CAN bus as taught by Stein, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized the results of the combination were predictable. The motivation to combine the references is applied to all dependent claims under this heading.

Per claim 8, the prior art of record further suggests wherein the one or more encoders comprises a plurality of (reads on the combination of the model comprises a plurality of message type classification models and one or more autoencoders, see Stein page 8 line 18 – page 9 line 10 and page 34 lines 6 – 23) encoders  (reads on the variational autoencoder of each model has an encoder and decoder part, see La Marca para 0039 and Stein page 8 line 18 – page 9 line 10 and page 34 lines 6 – 23. The Examiner construes the prior art’s disclosure of a classification model including a recitation of the autoencoder being a classification model and the recitation of a plurality of classification models for a plurality of CAN message types, to be reasonably scoped as a plurality of encoders/decoders), each encoder being associated with an arbitration identifier (reads on each component connected to the CAN bus is assigned an arbitration identifier, see AAPA para 0035) included in the plurality of messages (reads on the input/introduced sequences to the autoencoder model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5 and AAPA para 0035); wherein the one or more decoders comprises a plurality of decoders (reads on the variational autoencoder of each model has an encoder and decoder part, see La Marca para 0039 and Stein page 8 line 18 – page 9 line 10 and page 34 lines 6 – 23. The Examiner construes the prior art’s disclosure of a classification model including a recitation of the autoencoder being a classification model and the recitation of a plurality of classification models for a plurality of CAN message types, to be reasonably scoped as a plurality of encoders/decoders), each decoder being associated with the arbitration identifier of the corresponding encoder (reads on each component connected to the CAN bus is assigned an arbitration identifier, see AAPA para 0035); wherein each element of the one or more input vectors is generated based on the payload of a message of the plurality of messages (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5); and wherein generating (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040), using one or more machine learning models (reads on using an autoencoder, see La Marca para 0039 – 0040), an output vector based on each of the plurality of input vectors (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040) comprises, for each input vector of the plurality of input vectors comprises: selecting a corresponding pair of encoder and decoder from, respectively, the plurality of encoders and the plurality of decoders based on the arbitration identifier of the input vector (reads on applying the specific model for the target CAN message type of a plurality of CAN message type classification models/encoder-decoder/pre-defined model types for a plurality of respective CAN message types, see Stein page 8 line 18 – page 9 line 10, page 9 lines 24 – 28, page 34 lines 1 – 23 and page 34 lines 31 – page 35 line 15 and page 35 line 22 – page 36 line 3 and page 52 lines 15 – 24); and generating the output vector for the input vector using (reads on the resulting output quantity vector x’ which is based on the input quantity vector x, see La Marca Figure 2 and para 0022 and 0040) the selected pair of encoder and decoder (reads on applying the specific model for the target CAN message type of a plurality of CAN message type classification models/encoder-decoder/pre-defined model types for a plurality of respective CAN message types, see Stein page 8 line 18 – page 9 line 10, page 9 lines 24 – 28, page 34 lines 1 – 23 and page 34 lines 31 – page 35 line 15 and page 35 line 22 – page 36 line 3 and page 52 lines 15 – 24).
Per claim 10, the prior art of record further suggests wherein the one or more encoders comprises an encoder (see La Marca para 0039); wherein the one or more decoders comprises a decoder (see La Marca para 0039); wherein each element of the one or more input vectors is generated based on the payload and the arbitration identifier of a message of the plurality of messages (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5); and wherein generating, using one or more machine learning models, an output vector based on each of the plurality of input vectors comprises, for each input vector of the plurality of input vectors, generating the output vector for the input vector using the encoder and the decoder (reads on the resulting output quantity vector x’ which is based on the input quantity vector x where x is input into the encoder and x’ is output from the decoder, see La Marca Figure 2 and para 0022 and 0040).
Per claim 11, the prior art of record further suggests transforming the arbitration identifier of each of the plurality of messages to a multi-dimensional identifier vector (The Examiner construes this to be an obvious limitation of the disclosure of the prior art of record because one of ordinary skill in the art would consider it within the realm of conventional mathematics and computer science to transform any identifier into any multidimensional value that does not change the value of the identifier in order to meet the formatting requirements of the technology, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5); wherein each element of the one or more input vectors is generated based on the payload and the identifier vector of the arbitration identifier of a message of the plurality of messages (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5). 
Per claim 12, the prior art of record further suggests determining, for each message of the plurality of messages, a timestamp representing a time when the message is received (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5); and wherein each element of the one or more input vectors is generated based on the payload, the identifier vector, and the timestamp of a message of the plurality of messages (reads on the input/introduced sequences to the model are CAN messages having properties including a CAN message type, payload and timestamp, see Stein page 7 line 27 – page 8 line 11, page 9 lines 24 – 28, page 31 lines 1 – 12, page 55 lines 14 – 20 and page 55 line 24 – page 56 line 5).
Per claim 23, the prior art of record further suggests wherein the vehicle includes a network security system which stores information indicative of features of prior normal messages on the CAN bus during a normal operation of a vehicle when the vehicle is not under any kind of network intrusion and there is no malicious message being transmitted on the CAN bus (reads on training the model/encoder-decoder using CAN messages representing valid operation of the vehicle and using the model/encoder-decoder to identify anomalies within CAN messages, trained, see Stein page 7 line 27 – page 8 line 11 and page 31 lines 1 – 12).  
Per claim 24, the prior art of record further suggests wherein the threshold is 0.01 or less (The Examiner construes this to be an obvious limitation of the prior art’s disclosure of making the reconstruction error as low as possible, see La Marca para 0022, because one of ordinary skill in the art is also one of ordinary creativity and .01 or less is reasonably scoped as a number representing a value as small as possible.  
Per claim 25, the prior art of record further suggests using dimensionality reduction to generate a representation of the normal messages features of input vectors to form the intermediate vectors (reads on the encoder uses the input quantity vector x as input and produces one or more intermediate layers that has a lower dimensionality than the input quantity vector x, see La Marca para 0040), wherein the dimensionality reduction removes noise information (The Examiner construes this to be an obvious limitation of the prior art’s disclosure of lowering the dimensionality of the input vector because one of ordinary skill in the art would consider it within the realm of conventional practice for at least some noise information to be removed as a result of the lowering, see La Marca para 0040).
Claim 26 the apparatus comprising a memory (see La Marca claim 14); and a hardware processor (see La Marca claim 14) is analyzed with respect to claim 7.
Claim 29 is analyzed with respect to claim 23.
Claim 30 is analyzed with respect to claim 25.
Claim 31 the non-transitory computer readable medium (see La Marca claim 14) is analyzed with respect to claim 26.
Claim 34 is analyzed with respect to claim 29.
Claim 35 is analyzed with respect to claim 30.




Claims 21 – 22, 27 – 28 and 32 – 33 are rejected under 35 U.S.C. 103 as being unpatentable over AAPA in view of La Marca in view of Stein in view of Sun (US Pub. No. 2021/0397966 A1).


Per claim 21, the prior art of record further suggests wherein the encoders include a first neural network having a first set of weights (reads on Encoder part 11 and decoder part 12 are each realized as neural networks having neurons N. Neurons N each implement a neural function defined for example through the application of an activation function to a sum of a product of weighted inputs with a bias value, see Marca para 0039); the decoders include a second neural network having a second set of weights (reads on Encoder part 11 and decoder part 12 are each realized as neural networks having neurons N. Neurons N each implement a neural function defined for example through the application of an activation function to a sum of a product of weighted inputs with a bias value, see Marca para 0039). The prior art of record is silent on explicitly statingPage 4 of 13 KILPATRICK TOWNSEND 75700145 1Appl. No. 16/945,274Attorney Docket No.: 103343-1191736 Amdt. dated May 11, 2022 Response to Office Action of January 24, 2022the weights of the encoders and the decoders can be iteratively adjusted to reduce the reconstruction loss for normal messages until the reconstruction loss reaches a minimum.  Sun suggests the weights of the encoders and the decoders can be iteratively adjusted to reduce the reconstruction loss for normal messages until the reconstruction loss reaches a minimum (reads on repeating the training process until the reconstruction loss falls below a predetermined threshold by adjusting the respective weights of the encoder and decoder network based on a gradient descent associated with the reconstruction loss, see Sun para 0021 – 0022).


[0021] The reconstructed segmentation mask 210 may be compared to the annotated input mask 206 (e.g., as a ground truth) to determine a reconstruction loss 212. The reconstruction loss 212 may be calculated based on various mathematical formulas including, for example, mean squared error (MSE), L1/L2 norm, etc. In response to determining the reconstruction loss 212, the encoder network 202 and the decoder network 204 may adjust their respective operating parameters (e.g., weights), for example, based on a gradient descent associated with the reconstruction loss to reduce the reconstruction loss 212. The adjustment of the parameters may be performed, for example, by backpropagating the reconstruction error through the encoder and decoder networks. The training process 200 may then repeat until one or more training termination criteria are satisfied (e.g., after completing a pre-determined number of training iterations, after the reconstruction loss falls below a predetermined threshold, etc.).

[0022] FIG. 3 is a simplified block diagram illustrating an example process 300 for training a decoder network 304 (e.g., the decoder network 104) without a corresponding encoder network. The training process 300 may be conducted using a representation (e.g., a latent variable Z) 308 associated with a human anatomical structure (e.g., a human organ). The representation 308 may be initialized, for example, randomly from a normal distribution with a standard deviation. During the training, the decoder network 304 may receive the representation 308 and process the representation through a series of up-sampling and/or deconvolution operations (e.g., via the plurality of layers of the decoder network) to predict a segmentation mask 310 for the concerned anatomical structure based on the representation 308. The decoder network 304 may compare the predicted segmentation mask 310 to an expected segmentation mask 312 (e.g., a ground truth) for the anatomical structure to determine a reconstruction loss 314. The reconstruction loss 314 may be determined, for example, in accordance with a loss or objective function (e.g., MSE, L1/L2 norm, etc.) associated with the decoder network 304. In response to determining the reconstruction loss 314, the decoder network 304 may adjust its operating parameters (e.g., weights), for example, based on a gradient descent associated with the loss function to reduce the reconstruction loss 314. The representation 308 may also be adjusted (e.g., optimized) based on the reconstruction loss 314, for example, using a suitable gradient descent optimization method. The training process 300 may then repeat until one or more training termination criteria are satisfied (e.g., after completing a pre-determined number of training iterations, after the reconstruction loss falls below a predetermined threshold, etc.).


Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the reconstruction loss teachings of the prior art of record by integrating the reconstruction loss teachings of Sun to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the reconstruction loss determination teachings of the prior art of record the ability to minimize the reconstruction loss by modifying weights associated with the encoder/decoder network as taught by Sun, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized the results of the combination were predictable. The motivation to combine the references is applied to all dependent claims under this heading.

Per claim 22, the prior art of record further suggests: adjusting the decoder weight, and the encoder weights to reduce the combined reconstruction loss between training input vectors and training output vectors (reads on repeating the training process until the reconstruction loss falls below a predetermined threshold by adjusting the respective weights of the encoder and decoder network based on a gradient descent associated with the reconstruction loss, see Sun para 0021 – 0022), wherein the adjustment is based on a gradient descent scheme, in which a degree of adjustment of the weights are based on a gradient of the combined reconstruction loss with respect to the weights (reads on repeating the training process until the reconstruction loss falls below a predetermined threshold by adjusting the respective weights of the encoder and decoder network based on a gradient descent associated with the reconstruction loss, see Sun para 0021 – 0022).  
Claim 27 is analyzed with respect to claim 21.
Claim 28 is analyzed with respect to claim 22.
Claim 32 is analyzed with respect to claim 27.
Claim 33 is analyzed with respect to claim 28.


Conclusion
A new ground(s) of rejection is presented due to Applicant’s claim language.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Contact

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Brian Shaw whose telephone number is (571)270-5191.  The examiner can normally be reached on Mon-Thurs from 6:00 AM-3:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's Supervisor, Jorge L. Ortiz Criado can be reached on (571) 272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/BRIAN F SHAW/Primary Examiner, Art Unit 2496