DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the amendments/argument filed on 03/28/2022. Claims 1-20 are currently pending.)
IDS filed on 02/18/2019 have been previously considered in the Non-Final office action. 
Response to Amendment
The applicant’s amendments to the specification and claims have overcome each and every objection, and 112(b) rejections previously set forth in the Non-Final Office Action mailed 12/30/2021.
Regarding the 101 rejection in the non-final office action, the amendment to those claims to recite “computer program product” fails to overcome the earlier 101 rejection. This is because a product must have a physical or tangible form in order to fall within one of the four statutory categories subject matter. Computer program product is not physical or tangible in form and does not have any structural recitation.
I think it will be better if the claim recites “a non-transitory computer readable medium comprising executable instructions that when executed by a processor causes the processor to”
Applicant have also amended claims 1, 8, and 15 to overcome the art of Edwards in view of Mu. The amendments include the following limitation being added to aforementioned claims 1, 8, and 15.
Receive data extraction instructions, wherein the data extraction instructions identify one or more rules from the threat model and rule parameter values for the one or more identified rules.
Apply the one or more identified rules from the threat model to the data using a first machine learning model.
Block data communications that contain the data within a network in response to detecting the data manipulation attack.
Paragraphs 28, 32, and 34 of published application were cited as containing those amendments.
Regarding the first limitation in the amendment and paragraph 28, it is the data loading engine that receives the data extraction instructions that identify one or more threat models and not the alert engine. Also, it is one or more threat models that were identified and not one or more rules
At no point does the specification discloses that the alert engine receives data extraction instructions to identified one or more rules from the threat model. It is equally noteworthy to point out that the rule parameter values are associated with the identified threat model and not with the one or more identified rules as amended in those claims.
 	Regarding the second limitation in the amendment and paragraph 32, the alert engine applies the identified set of rules and not one or more rules to the data using a first machine learning model. This limitation is equivalent to the art of Mu in ¶0075 “The detection layer 412 may utilize one or a combination of security knowledge, high-level rule, or machine learning model to identify threats, such as attacks and data leakage”
Regarding the third limitation in the amendment and paragraph 34, the examiner believes this limitation has no impact on the scope of the invention because every network security system has one way or the other to implement mitigation or correction measures before or when an attack is detected.
Regarding Edwards ¶43, the arguments are mot because at no point in the applicant’s disclosure suggests or teaches that the machine learning should not be a trained one. More so, configuring the first learning machine model to apply set of rules to the data does not suggest that the learning machine has not been trained before being configured to apply the set of rules to the data.
Referring to applicant’s ¶47, “The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted, or not implemented”. The examiner understands this as an indication that it does not matter whether the machine learning model has been previously trained or not before inputting data set into it.
However, for the advancement of the prosecution of this application, the examiner rejects the limitations added in the amended claims using a new prior art in this final office action.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because claim 15 recites “A computer program product comprising executable instructions”. A product must have a physical or tangible form in order to fall within one of the four statutory categories subject matter. Computer program product is not physical or tangible in form and does not have any structural recitation. In addition, “a non-transitory computer readable medium” in claim 15 can be interpreted not being part of the claimed “computer program product”. Therefore claim 15 is directed to program product per se. Claims 16-20 fail to cure the deficiency and are rejected for the same reason by virtue of their dependency on claim 15.




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub. No 2019/0188562 to Edwards et al. (hereinafter Edwards) in view of U.S. PGPub. No 2020/0065483 to Mu and Ren (hereinafter Mu) and further in view U.S PGPub. No. 2009/0293123 to Jackson and Yasrebi (hereinafter Jackson) 
Regarding claim 1, Edwards teaches “a data manipulation detection device, comprising: a network interface configured to receive data from a data source;                                             See Edwards disclosure in ¶0043 “As shown in FIG. 1A, under normal operation, the neural network model 130 receives a set of input data 120 from a data source 110”.                                 an alert engine implemented by a processor, configured to: See Edwards disclosure  about alert engine in  ¶0030 “An engine may be, but is not limited to, software, hardware and/or firmware or any combination thereof that performs the specified functions including, but not limited to, any use of a general and/or specialized processor in combination with appropriate software loaded or stored in a machine readable memory and executed by the processor ”.                                                                                                                               obtain an alert vector in response to applying the set of rules to the data,                                    See Edwards disclosure in ¶0042 “The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”;                                                                                      wherein the alert vector comprises an alert status that indicates a data manipulation attack is detected;                                                                                                                                       See Edwards disclosure in ¶0022  “By forcing, through training of the neural network using the mechanisms of the illustrative embodiments, small changes in the input to cause only small changes in the output of the neural network, such adversarial input based attacks, e.g.,evasion or other gradient based attacks, are rendered ineffectual as the small perturbations will not appreciably affect the output of the neural network. To the contrary, with a neural network hardened by the training of the illustrative embodiments, if an adversary wishes to cause a large change in the output of the neural network, the adversary would need to make relatively large and noticeable changes to the input data fed into the neural network, leading to detection and instigation of other mechanisms to prevent such input from causing unwanted operations of the cognitive system.”                                                                                          “send the alert vector to an alert feedback engine; the alert feedback engine implemented by the processor, configured to: receive alert feedback for the alert vector,                                           See Edwards disclosure in  ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”.                                                                                                      and send the alert feedback to a natural language processing (NLP) training engine; and the NLP training engine implemented by the processor, configured to: perform natural language processing on the alert feedback using a second machine learning model,                   See Edwards disclosure in ¶0065 “A cognitive system comprises artificial intelligence logic, such as natural language processing (NLP) based logic, image analysis logic, or the like, and machine learning logic, which may be provided as specialized hardware, software executed on hardware, or any combination of specialized hardware and software executed on hardware. This logic may implement one or more models, such as a neural network model, a machine learning model, a deep learning model, that may be trained for particular purposes, for supporting the particular cognitive operations performed by the cognitive system. In accordance with the mechanisms of the illustrative embodiments, the logic further implements a hardened model engine for training the model, e.g., neural network, using the modified loss function engine 260, neural network training logic 270, and reference training data set generator 280. In this way, the hardened model engine 320 fortifies the neural network, or hardened model 360, from evasion or gradient based attacks”;                                                                                                          modify the rule parameter value for the rule based on the new rule parameter value.  See Edwards disclosure in ¶0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X' or with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”.                                                                                                                        However, Edwards does not teach the following limitations:                                                         apply the one or more identified rules from the threat model to the data using a first machine learning model;                                                                                                                       “wherein: the threat model comprises a set of rules for identifying a data manipulation attack”,                               each rule is associated with a rule parameter value”,                                                              “wherein the alert feedback comprises text comments for the alert status,                            wherein performing natural language processing on the alert feedback comprises: “identifying the text comments for the alert status;                                                                                           and identifying one or more keywords within the text comments associated with a rule parameter value for a rule”, and “determine a new rule parameter value based on the identified one or more keywords,”                                                                                                                                        But Mu teaches the limitations “wherein: the threat model comprises a set of rules for identifying a data manipulation attack’.                                                                                                          See mu disclosure in ¶0075 “The detection layer 412 may utilize one or a combination of security knowledge, high-level rule, or machine learning model to identify threats, such as attacks and data leakage”                                                                                                            each rule is associated with a rule parameter value”                                                                     See mu disclosure in ¶0057 “In some embodiments, the contextual behavior may be used to generate a security threat metric (e.g., level of security threat, security threat score) and the detection component 122 may detect a security threat based on the value of the security threat metric, such as based on the value being above a threshold level or a threshold score”;    wherein the alert feedback comprises text comments for the alert status,                             wherein performing natural language processing on the alert feedback comprises: “identifying the text comments for the alert status;                                                                                           See Mu disclosures in ¶0051 “For example, referring to the example behavior for transmitting a file from a file management system, context may include information on whether the file includes confidential or classified information, the level of confidentiality or classification of the information, originator or users of the file or information within the file, copyright or other protective markings inside the file, where the file was stored, where the file is sent, users of the device from which the file was received, users of the device to which the file is sent, the type of information contained within the file (e.g., text document, video file, picture, source code), or other information relating to transmission of the file”,                                                                                             and identifying one or more keywords within the text comments associated with a rule parameter value for a rule”, and determine a new rule parameter value based on the identified one or more keywords.                                                                                                                                       See Mu disclosure in ¶0052 “In some embodiments, context may be determined from analysis of the relevant file or data. For example, referring to the example behavior for transmitting a file from a file management system, context may be determined based on analysis of the file, such as keyword searching or file hashing”.                                                                                          Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of  Edwards to include identifying the text comments for the alert status; and identifying one or more keywords within the text comments associated with a rule parameter value for a rule as disclosed by Mu and be motivated in doing so because it produces a utilization capable of detecting security threats based on the contextual behavior of the events or activities at the computing device; See the abstract of MU.       However, Edwards in view of Mu does not disclose the following limitation taught by Jackson: receive data extraction instructions, wherein the data extraction instructions identify one or more rules from the threat model and rule parameter values for the one or more identified rules;    apply the rule one or more identified rules from the threat model to data using a first machine learning model;                                                                                                                              and block data communications that contain the data within a network in response to detecting the data manipulation attack.                                                                                                   Jackson discloses identify one or more rules from the threat model and rule parameter values for the one or more identified rules; ¶0026 “a mitigation rule selector to determine a DoS attack mitigation rule based on the value” (parameter value), ¶0041 “When DoS attack mitigation information is received at a border element 140 141, 150 and 152, the associated attack mitigator 155 validates the DoS attack mitigation information. If the DoS attack mitigation information is valid, the attack mitigator 155 updates its database 515 (FIG. 5) of DoS attack mitigation rules and/or filters”. The examiner equates the attack mitigator that has the database of the attack mitigation rules to the threat model that has the rules,                                                                                                       and  ¶0068 “the example mitigation rule selector 525 determines and/or selects one or more mitigation rules, parameters and/or filters to be applied by one or more border elements 140, 141, 150 and/or 152 to mitigate the detected DoS attack(s)”.The examiner equates the rule selector that determines and/or selects one or more mitigation rules, parameters and /or filters to be applied to data extraction instructions that identify one of more rules from the threat model and rule parameter values;                                                                                                         apply the one or more identified rules from the threat model to the data (¶0041 “When a call initiation request (e.g., a SIP INVITE message) is received from a calling IMS device 105, 106, the attack mitigator 155 queries its database of DoS attack mitigation rules and/or filters to determine whether the requested communication session is to be rejected”, wherein the rules from the database(threat model)are being applied to the message (data) to determine whether the requested communication session is to be rejected ); The use of machine learning model has already been described in ¶0043 of Edwards and  ¶0075 of Mu.                                                                           block data communications that contain the data within a network in response to detecting the data manipulation attack (¶0035 “When a DoS attack is detected, the DoS attack detector 125 notifies one or more corresponding border elements 140, 141, 150, 152, which mitigate the DoS attack by blocking some or all of the subsequent communication session requests associated with the offending IMS endpoint(s) 105, 106 and/or border element(s) 140, 141, 150-153”).          Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of combination of Edwards and Mu to include identification of one or more rules from the threat model and rule parameter values, and blocking data communications that contain the data within a network in response to detecting the data manipulation attack as disclosed by Jackson and be motivated in doing so because it produces a utilization to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network ; See Jackson abstract. 
Regarding claim 2, the combination of Edwards, Mu, and Jackson discloses a data manipulation detection device according to claim 1. Edwards further teaches “the device of claim 1, wherein the device further comprises a data loading engine implemented by the processor, configured to: generate a script for requesting the data from the data source; execute the script to retrieve the data from the data source; and send the data to the alert engine”. See Edwards disclosure in ¶0070 “the cognitive system 300 is configured to implement a request processing pipeline 308 that receive inputs from various sources. The requests may be posed in the form of a natural language question, natural language request for information, natural language request for the performance of a cognitive operation, or the like. Alternatively, the “request” may simply be the input of data that is intended to be operated on by the cognitive system, e.g., images, text, audio input, or the like, which is to be classified by the hardened model of the illustrative embodiments and then operated on by cognitive processes to generate a result of a cognitive operation. For example, the cognitive system 300 receives input from the network 302, a corpus or corpora of electronic documents 306, cognitive system users, image capture devices, audio capture devices, biometric scanners, textual message interception devices, and/or other data sources and other possible sources of input”
Regarding claim 3, the combination of Edwards, Mu and Jackson discloses a data manipulation detection device according to claim 1. Edwards further teaches the device of claim 1, “wherein the alert vector comprises a confidence level associated with the alert status”.       See Edwards disclosure in ¶0068 “The statistical model is used to summarize a level of confidence that the request pipeline 308 has regarding the evidence that the potential response is inferred by the request and/or input data” which the examiner interprets as meeting the limitation of claim 3.
 Regarding claim 4, the combination of Edwards, Mu, and Jackson discloses a data manipulation detection device according to claim 1. Edward further teaches the device of claim 1, “wherein the alert feedback comprises alert status overwrite instructions indicating a modification to the alert status,                                                                                                                                     See Edwards disclosure in ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”.
Regarding claim 5, the combination of Edwards, Mu, and Jackson discloses a data manipulation detection device according to claim 1. Edward further teaches the device of claim 1, “wherein the alert engine is configured to output the alert vector to one or more network devices”. See Edwards disclosure in ¶0042 “For example, the cognitive system may provide input data to the hardened neural network that is a data sample of at least one of image data, audio data, or textual data. The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”
Regarding claim 6, the combination of Edwards, Mu, and Jackson discloses a data manipulation detection device according to claim]. Edwards further teaches “the device of claim1, wherein modifying the rule parameter value for the rule comprises overwriting an existing rule parameter value for the rule with the new rule parameter value”. See Edwards disclosure in ¶0079 “The hardened model engine 320 may be provided as an external engine to the logic implementing the trained model 360. The hardened model engine 320 operates to modify and train an existing model, e.g., neural network, or create a new protected model or neural network”.
Regarding claim 7, the combination the combination of Edwards, Mu, and Jackson discloses a data manipulation detection device according to claim1. Edwards further teaches the device of claim 1, wherein modifying the rule parameter value for the rule comprises sending the new rule parameter value to the alert engine.                                                                                See Edwards disclosure in ¶0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X' or with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”.
Regarding claim 8, Edwards teaches “a data manipulation detection method, comprising: receiving, at the alert engine, data from a data source”.                                            See Edwards disclosure in ¶0043 “As shown in FIG. 1A, under normal operation, the neural network model 130 receives a set of input data 120 from a data source 110”                 “obtaining, by the alert engine, an alert vector in response to applying the one or more identified rules to the data,                                                                                                                            See Edwards disclosure in ¶0042 “The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”.                                                                                 “wherein the alert vector comprises an alert status that indicates a data manipulation attack is detected”.                                                                                                                                   See Edwards disclosure in ¶0022 “By forcing, through training of the neural network using the mechanisms of the illustrative embodiments, small changes in the input to cause only small changes in the output of the neural network, such adversarial input-based attacks, e.g.,
evasion or other gradient based attacks, are rendered ineffectual as the small perturbations will not appreciably affect the output of the neural network. To the contrary, with a neural network hardened by the training of the illustrative embodiments, if an adversary wishes to cause a large change in the output of the neural network, the adversary would need to make relatively large and noticeable changes to the input data fed into the neural network, leading to detection and instigation of other mechanisms to prevent such input from causing unwanted operations of the cognitive system.”                                                                                      receiving, at an alert feedback engine implemented by the processor, alert feedback for the alert vector                                                                                                                                             See Edwards disclosure in ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”.                                                                                         “performing, by a natural language processing (NLP) training engine implemented by the processor, natural language processing on the alert feedback using a second machine learning model”,                                                                                                                            See Edwards disclosure in ¶0065 “A cognitive system comprises artificial intelligence logic, such as natural language processing (NLP) based logic, image analysis logic, or the like, and machine learning logic, which may be provided as specialized hardware, software executed on hardware, or any combination of specialized hardware and software executed on hardware. This logic may implement one or more models, such as a neural network model, a machine learning model, a deep learning model, that may be trained for particular purposes, for supporting the particular cognitive operations performed by the cognitive system. In accordance with the mechanisms of the illustrative embodiments, the logic further implements a hardened model engine for training the model, e.g., neural network, using the modified loss function engine 260, neural network training logic 270, and reference training data set generator 280. In this way, the hardened model engine 320 fortifies the neural network, or hardened model 360, from evasion or gradient based attacks”;                                                                                                                and “modifying, by the NLP training engine, the rule parameter value for the rule based on the new rule parameter value”.                                                                                                            See Edwards disclosure in ¶0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X’ or with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”.                                                                                                                                              However, Edwards does not teach the following limitations: “applying, by the alert engine, the one or more identified rules from the threat model to the data using a first machine learning model”;                                                                                                                                   “wherein the alert feedback comprises text comments for the alert status”,                         “wherein performing natural language processing on the alert feedback comprises: identifying the text comments for the alert status; and identifying one or more keywords within the text comments associated with a rule parameter value for a rule:                                                                                      determining, by the NLP training engine, a new rule parameter value based on the identified one or more keywords;”                                                                                                                           But Mu teaches the limitations “applying, by the alert engine, a set of rules for a threat model to the date using a first machine learning model”.                                                                            See mu disclosure in ¶0075 “The detection layer 412 may utilize one or a combination of security knowledge, high-level rule, or machine learning model to identify threats, such as attacks and data leakage”                                                                                                      “wherein the alert feedback comprises text comments for the alert status”,                         “wherein performing natural language processing on the alert feedback comprises: identifying the text comments for the alert status”.                                                                                         See Mu disclosures in ¶0051 “For example, referring to the example behavior for transmitting a file from a file management system, context may include information on whether the file includes confidential or classified information, the level of confidentiality or classification of the information, originator or users of the file or information within the file, copyright or other protective markings inside the file, where the file was stored, where the file is sent, users of the device from which the file was received, users of the device to which the file is sent, the type of information contained within the file (e.g., text document, video file, picture, source code), or other information relating to transmission of the file”.
And “identifying one or more keywords within the text comments associated with a rule parameter value for a rule;                                                                                                      determining, by the NLP training engine, a new rule parameter value based on the identified one or more keywords”.                                                                                                                       See Mu disclosure in ¶0052 “In some embodiments, context may be determined from analysis of the relevant file or data. For example, referring to the example behavior for transmitting a file from a file management system, context may be determined based on analysis of the file, such as keyword searching or file hashing.                                                                                               Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of  Edwards to include identifying the text comments for the alert status; and identifying one or more keywords within the text comments associated with a rule parameter value for a rule as disclosed by Mu and be motivated in doing so because it produces a utilization capable of detecting security threats based on the contextual behavior of the events or activities at the computing device; See the abstract of Mu.       However, Edwards in view of Mu does not disclose the following limitation taught by Jackson: receiving, at an alert engine implemented by a processor,  data extraction instructions, wherein the data extraction instructions identify one or more rules from the threat model and rule parameter values for the one or more identified rules;                                                              apply the rule one or more identified rules from the threat model to data using a first machine learning model;                                                                                                                              and block data communications that contain the data within a network in response to detecting the data manipulation attack.                                                                                                  Jackson discloses identify one or more rules from the threat model and rule parameter values for the one or more identified rules; ¶0026 “a mitigation rule selector to determine a DoS attack mitigation rule based on the value” (parameter value), ¶0041 “When DoS attack mitigation information is received at a border element 140 141, 150 and 152, the associated attack mitigator 155 validates the DoS attack mitigation information. If the DoS attack mitigation information is valid, the attack mitigator 155 updates its database 515 (FIG. 5) of DoS attack mitigation rules and/or filters). The examiner equates the attack mitigator that has the database of the attack mitigation rules to the threat model that has the rules,                                                                                                       and (¶0068 “the example mitigation rule selector 525 determines and/or selects one or more mitigation rules, parameters and/or filters to be applied by one or more border elements 140, 141, 150 and/or 152 to mitigate the detected DoS attack(s)”).The examiner equates the rule selector that determines and/or selects one or more mitigation rules, parameters and /or filters to be applied to data extraction instructions that identify one of more rules from the threat model and rule parameter values;                                                                                                         apply the one or more identified rules from the threat model to the data (¶0041 “When a call initiation request (e.g., a SIP INVITE message) is received from a calling IMS device 105, 106, the attack mitigator 155 queries its database of DoS attack mitigation rules and/or filters to determine whether the requested communication session is to be rejected”, wherein the rules from the database(threat model)are being applied to the message (data) to determine whether the requested communication session is to be rejected ); The use of machine learning model has already been described in ¶0043 of Edwards and ¶0075 of Mu.                                                                            block data communications that contain the data within a network in response to detecting the data manipulation attack (¶0035 “When a DoS attack is detected, the DoS attack detector 125 notifies one or more corresponding border elements 140, 141, 150, 152, which mitigate the DoS attack by blocking some or all of the subsequent communication session requests associated with the offending IMS endpoint(s) 105, 106 and/or border element(s) 140, 141, 150-153”).          Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of combination of Edwards and Mu to include identification of one or more rules from the threat model and rule parameter values, and blocking data communications that contain the data within a network in response to detecting the data manipulation attack as disclosed by Jackson and be motivated in doing so because it produces a utilization to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network ; See Jackson abstract. 
Regarding claim 9, the combination of Edwards, Mu and Jackson discloses a data manipulation detection method according to claim 8. Edwards further teaches;                                          “The method of claim &, further comprising: generating, by a data loading engine implemented by the processor, a script for requesting the data from the data source; executing, by the data loading engine, the script to retrieve the data from the data source; and sending, by the data loading engine, the data to the alert engine”.                                                                                See Edwards disclosure in ¶0070 “the cognitive system 300 is configured to implement a request processing pipeline 308 that receive inputs from various sources. The requests may be posed in the form of a natural language question, natural language request for information, natural language request for the performance of a cognitive operation, or the like. Alternatively, the “request” may simply be the input of data that is intended to be operated on by the cognitive system, e.g., images, text, audio input, or the like, which is to be classified by the hardened model of the illustrative embodiments and then operated on by cognitive processes to generate a result of a cognitive operation. For example, the cognitive system 300 receives input from the network 302, a corpus or corpora of electronic documents 306, cognitive system users, image capture devices, audio capture devices, biometric scanners, textual message interception devices, and/or other data sources and other possible sources of input”                                                        Regarding claim 10, the combination of Edwards, Mu and Jackson discloses a data manipulation detection method of claim 8.                                                                                                  Edwards further teaches: “the method of claim 8, wherein the alert vector comprises a confidence level associated with the alert status”.                                                                        See Edwards disclosure in ¶0068 “The statistical model is used to summarize a level of confidence that the request pipeline 308 has regarding the evidence that the potential response is inferred by the request and/or input data”, which the examiner interprets as meeting the limitation of claim 10.                                                                                                         Regarding claim 11, the combination of Edwards, Mu and Jackson discloses a data manipulation detection method of claim 8. Edward further teaches the method of claim 8, wherein the alert feedback comprises alert states overwrite instructions indicating a modification to the alert status.                                                                                                                            See Edwards disclosure in ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”.                                                                                 Regarding claim 12, the combination of Edwards, Mu and Jackson discloses a data manipulation detection method according to claim 8. Edward further teaches “the method of claim 8, further comprising outputting, by the alert engine, the alert vector to one or more network devices”, See Edward disclosure in ¶0042 “For example, the cognitive system may provide input data to the hardened neural network that is a data sample of at least one of image data, audio data, or textual data. The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”.                                                                                            Regarding claim 13, the combination of Edwards, Mu, and Jackson discloses a data manipulation detection method of claim 8. Edwards further teaches “the method of claim 8, wherein modifying the rule parameter value for the rule comprises overwriting an existing rule parameter value for the rule with the new rule parameter value”.                                          See Edwards disclosure in ¶0079 “The hardened model engine 320 may be provided as an external engine to the logic implementing the trained model 360. The hardened model engine 320 operates to modify and train an existing model, e.g., neural network, or create a new protected model or neural network”.
Regarding claim 14, the combination the combination of Edwards, Mu, and Jackson discloses a data manipulation detection method of claim 8. Edwards further teaches the method of claim 8, wherein modifying the rule parameter value for the rule comprises sending the new rule parameter value to the alert engine.                                                                                       See Edwards disclosure in 0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X' or with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”; which the examiner equates to meeting the limitation of claim 14 of this application.            Regarding claim 15, Edwards teaches “A computer program product comprising executable instructions stored in a non- transitory computer readable medium that when executed by a processor causes the processor to: receive data from a data source”. See Edwards disclosure in ¶0043 “As shown in FIG. 1A, under normal operation, the neural network model 130 receives a set of input data 120 from a data source 110”.                                                                        “obtain an alert vector in response to applying the one or more identified rules to the data;       See Edwards disclosure in 4] 42 “The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”                                                                                          “wherein the alert vector comprises an alert status that indicates a data manipulation attack is detected;                                                                                                                                     See Edwards disclosure in‘ ¶0022 “By forcing, through training of the neural network using the mechanisms of the illustrative embodiments, small changes in the input to cause only small changes in the output of the neural network, such adversarial input based attacks, e.g., evasion or other gradient based attacks, are rendered ineffectual as the small perturbations will not appreciably affect the output of the neural network. To the contrary, with a neural network hardened by the training of the illustrative embodiments, if an adversary wishes to cause a large change in the output of the neural network, the adversary would need to make relatively large and noticeable changes to the input data fed into the neural network, leading to detection and instigation of other mechanisms to prevent such input from causing unwanted operations of the cognitive system.”                                                                                        “receive alert feedback for the alert vector”, See Edwards disclosure in ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”;       “perform natural language processing on the alert feedback using a second machine learning model”,                                                                                                                            See Edwards disclosure in ¶0065 “A cognitive system comprises artificial intelligence logic, such as natural language processing (NLP) based logic, image analysis logic, or the like, and machine learning logic, which may be provided as specialized hardware, software executed on hardware, or any combination of specialized hardware and software executed on hardware. This logic may implement one or more models, such as a neural network model, a machine learning model, a deep learning model, that may be trained for particular purposes, for supporting the particular cognitive operations performed by the cognitive system. In accordance with the mechanisms of the illustrative embodiments, the logic further implements a hardened model engine for training the model, e.g., neural network, using the modified loss function engine 260, neural network training logic 270, and reference training data set generator 280. In this way, the hardened model engine 320 fortifies the neural network, or hardened model 360, from evasion or gradient based attacks”.                                                                                                               and modify the rule parameter value for the rule based on the new rule parameter value;                                                                                                                                                 See Edwards disclosure in ¶0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X’ or with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”.                                                                                                                    However, Edwards does not teach the following limitations :                                                     apply a set of rules for a threat model to the data using a first machine learning model”,  “wherein the alert feedback comprises feat comments for the alert status”,                        “wherein performing natural language processing on the alert feedback comprises: identifying the text comments for the alert status; and identifying one or more keywords within the text comments associated with a rule parameter value for a rule’, “determine a new rule parameter value based on the identified one or more keywords,”                                                                       But Mu teaches the limitations:                                                                                                  apply the one or more identified rules from the threat model to the data using a first machine learning model;                                                                                                                       See Mu disclosure in ¶0075 “The detection layer 412 may utilize one or a combination of security knowledge, high-level rule, or machine learning model to identify threats, such as attacks and data leakage”                                                                                                           “wherein the alert feedback comprises text comments for the alert status;                                 “wherein performing natural language processing on the alert feedback comprises:               identifying the text comments for the alert status:  See Mu disclosures in ¶0051 “For example, referring to the example behavior for transmitting a file from a file management system, context may include information on whether the file includes confidential or classified information, the level of confidentiality or classification of the information, originator or users of the file or information within the file, copyright or other protective markings inside the file, where the file was stored, where the file is sent, users of the device from which the file was received, users of the device to which the file is sent, the type of information contained within the file (e.g., text document, video file, picture, source code), or other information relating to transmission of the file”;                                                                                                                                              and identifying one or more keywords within the text comments associated with a rule parameter value for a rule;                                                                                                  determine a new rule parameter value based on the identified one or more keywords;               See Mu disclosure in ¶0052 “In some embodiments, context may be determined from analysis of the relevant file or data. For example, referring to the example behavior for transmitting a file from a file management system, context may be determined based on analysis of the file, such as keyword searching or file hashing”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of  Edwards to include identifying the text comments for the alert status; and identifying one or more keywords within the text comments associated with a rule parameter value for a rule as disclosed by Mu and be motivated in doing so because it produces a utilization capable of detecting security threats based on the contextual behavior of the events or activities at the computing device; See the abstract of Mu.        However, Edwards in view of Mu does not disclose the following limitation taught by Jackson: receive,  data extraction instructions, wherein the data extraction instructions identify one or more rules from the threat model and rule parameter values for the one or more identified rules;                                                              apply the rule one or more identified rules from the threat model to data using a first machine learning model;                                                                                                                              and block data communications that contain the data within a network in response to detecting the data manipulation attack.                                                                                                  Jackson discloses identify one or more rules from the threat model and rule parameter values for the one or more identified rules; ¶0026 “a mitigation rule selector to determine a DoS attack mitigation rule based on the value” (parameter value), ¶0041 “When DoS attack mitigation information is received at a border element 140 141, 150 and 152, the associated attack mitigator 155 validates the DoS attack mitigation information. If the DoS attack mitigation information is valid, the attack mitigator 155 updates its database 515 (FIG. 5) of DoS attack mitigation rules and/or filters). The examiner equates the attack mitigator that has the database of the attack mitigation rules to the threat model that has the rules,                                                                                                       and (¶0068 “the example mitigation rule selector 525 determines and/or selects one or more mitigation rules, parameters and/or filters to be applied by one or more border elements 140, 141, 150 and/or 152 to mitigate the detected DoS attack(s)”).The examiner equates the rule selector that determines and/or selects one or more mitigation rules, parameters and /or filters to be applied to data extraction instructions that identify one of more rules from the threat model and rule parameter values;                                                                                                         apply the one or more identified rules from the threat model to the data (¶0041 “When a call initiation request (e.g., a SIP INVITE message) is received from a calling IMS device 105, 106, the attack mitigator 155 queries its database of DoS attack mitigation rules and/or filters to determine whether the requested communication session is to be rejected”, wherein the rules from the database(threat model)are being applied to the message (data) to determine whether the requested communication session is to be rejected ); The use of machine learning model has already been described in ¶0043 of Edwards and ¶0075 of Mu.                                                                            block data communications that contain the data within a network in response to detecting the data manipulation attack (¶0035 “When a DoS attack is detected, the DoS attack detector 125 notifies one or more corresponding border elements 140, 141, 150, 152, which mitigate the DoS attack by blocking some or all of the subsequent communication session requests associated with the offending IMS endpoint(s) 105, 106 and/or border element(s) 140, 141, 150-153”).          Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of combination of Edwards and Mu to include identification of one or more rules from the threat model and rule parameter values, and blocking data communications that contain the data within a network in response to detecting the data manipulation attack as disclosed by Jackson and be motivated in doing so because it produces a utilization to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network ; See Jackson abstract.
Regarding claim 16, the combination of Edwards, Mu, and Jackson discloses a computer program product of claim 15. Edwards further teaches;                                                                                         “the computer program product of claim 15, wherein the alert vector comprises a confidence level associated with the alert status”. See Edwards disclosure in ¶0068 “The statistical model is used to summarize a level of confidence that the request pipeline 308 has regarding the evidence that the potential response is inferred by the request and/or input data”, which the examiner interprets as meeting the limitation of claim 16.                                                  Regarding claim 17, the combination of Edwards, Mu, and Jackson discloses a computer program product of claim 15. Edward further teaches wherein the alert feedback comprises alert status overwrite instructions indicating a modification to the alert status.                                   See Edwards disclosure in ¶0043 “The training of a neural network, machine learning, deep learning, or other artificial intelligence model involves modifying weighting values associated with various features scored by nodes of the model based on training data sets to cause the model to output a correct vector output 135 labeling the input data set 120 correctly based on supervised or semi-supervised feedback”.                                                          Regarding claim 18, the combination of Edwards, Mu, and Jackson discloses a computer program product of claim 15. Edward further teaches further comprising outputting, by the alert engine, the alert vector to one or more network devices”. See Edward disclosure in ¶0042 “For example, the cognitive system may provide input data to the hardened neural network that is a data sample of at least one of image data, audio data, or textual data. The hardened neural network may operate on the input data to generate an output vector specifying probabilities of the input data being properly classified into different predetermined classes”.
Regarding claim 19, the combination of Edwards, Mu and Jackson discloses the computer program product of claim 15. Edward further teaches “wherein modifying the rule parameter value for the rule comprises overwriting an existing rule parameter value for the rule with the new rule parameter value”.                                                                                                           See Edwards disclosure in ¶0079 “The hardened model engine 320 may be provided as an external engine to the logic implementing the trained model 360. The hardened model engine 320 operates to modify and train an existing model, e.g., neural network, or create a new protected model or neural network”.
Regarding claim 20, the combination of Edwards, Mu, and Jackson discloses the computer program product of claim 15. Edward further teaches wherein modifying the rule parameter value for the rule comprises sending the new rule parameter value to the alert engine.              See Edwards disclosure in ¶0095 “The neural network is then modified based on the determined modifications, e.g., operational parameters are set and/or weights of nodes in the neural network are adjusted based on the determined modifications (step 560). A determination is made as to whether the training has converged or not (step 570). As noted above, convergence may comprise, for example, determining whether or not a change in the operational parameters/weights is equal to or greater than a threshold amount of change. If the amount of change is not equal to or greater than the threshold, then it may be determined that the training has converged. If the training has not converged, then the operation may return to step 530 where additional training of the neural network is performed based on the modified neural network, either using the same training data X and/or reference training data input X' or
with new training data and corresponding reference training data input (in which case the operation may return to step 520 instead so that new reference training data input may be generated)”; which the examiner equates to meeting the limitation of claim 20 of this application.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure U.S. PGPub. No. 20190191311, U.S. PGPub. No.20190103095, and U.S. PAT No. 10769045. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495       

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495