DETAILED ACTION
This Office Action is in response to an application filed on March 11, 2020, in which claims 1 through 20 are pending, and ready for examination.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on March 11, 2020 and December 15, 2020 were filed before the mailing date of a first Office Action on the merits.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.  

Priority
Acknowledgement is made of applicant’s claim for foreign priority based on an application filed in the Russian Federation on or about September 30, 2019.  

Receipt is acknowledged of certified copies of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.  



EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  

Authorization for this Examiner’s Amendment was given by Alexander Vinderman, Reg. No. 65,782, on May 18, 2022.  

1. (Currently Amended) A method for detection of malicious files, the method comprising:
training a mapping model for mapping files in a probability space characterizing one or more families of malicious files ;
determining a plurality of characteristics of an analyzed file based on a set of rules;
generating, using the mapping model, a mapping of the analyzed file in the probability space based on the determined plurality of characteristics;
searching a first database using the generated mapping of the analyzed file, wherein the first database stores mappings associated with one or more families of malicious files;
determining whether the analyzed file is associated with a family of malicious files, 
in response to determining that the analyzed file is associated with the family of malicious files, selecting one or more methods of malware detection from a second database, wherein the second database stores a plurality of malware detection methods; and 
detecting the associated family of malicious files using the selected one or more methods.  

8. (Currently Amended) A system for detection of malicious files, the system comprising:
a hardware processor and a memory storing instructions for execution by the hardware processor, wherein the hardware processor and the memory are configured to:
train a mapping model for mapping files in a probability space characterizing one or more families of malicious files;
determine a plurality of characteristics of an analyzed file based on a set of rules;
generate a mapping of the analyzed file in the probability space based on the determined plurality of characteristics;
search a first database using the generated mapping of the analyzed file, wherein the first database stores mappings associated with one or more families of malicious files; 

in response to determining that the analyzed file is associated with the family of malicious files, select one or more methods of malware detection from a second database, wherein the second database stores a plurality of detection methods; and 
detect the associated family of malicious files using the selected one or more methods.  

11. (Currently Amended) The system of claim 9, wherein the probability space comprises a multidimensional space in which a pair of one of the plurality of characteristics of the file and one of a plurality of attributes associated with the behavior of the file are matched up with a probability that the behavior described by the one the of plurality of attributes is typical to the file having the one of the plurality of characteristics.  

15. (Currently Amended) A non-transitory computer readable medium storing thereon computer executable instructions for detection of malicious files, including instructions for:
training a mapping model for mapping files in a probability space characterizing one or more families of malicious files;
determining a plurality of characteristics of an analyzed file based on a set of rules;
generating a mapping of the analyzed file in the probability space based on the determined plurality of characteristics;
searching a first database using the generated mapping of the analyzed file, wherein the first database stores mappings associated with one or more families of malicious files;
determining whether the analyzed file is associated with a family of malicious files, 
in response to determining that the analyzed file is associated with the family of malicious files, selecting one or more methods of malware detection from a second database, wherein the second database stores a plurality of malware detection methods; and 
detecting the associated family of malicious files using the selected one or more methods.  

Allowable Subject Matter
Claims 1-20 are allowed.  

The following is an Examiner’s statement of reasons for allowance:

With regard to independent claims 1, 8, and 15, the prior art of record does not appear to disclose, or fairly teach in reasonable combination to one of ordinary skill in the art, “training a mapping model for mapping files in a probability space characterizing one or more families of malicious files; determining a plurality of characteristics of an analyzed file based on a set of rules; generating, using the mapping model, a mapping of the analyzed file in the probability space based on the determined plurality of characteristics”, within the scope and context of the claimed invention.  This is considered to define patentably over the prior art because the prior art teaches determining that an analyzed file is associated with the family of malicious files, and selecting one or more methods of malware detection of a plurality of malware detection methods.  

Claims 2-7, 9-14, and 16-20 are each dependent from one of claims 1, 8, or 15, and are therefore allowed under the same rationale.  

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”  

Additionally, the closest prior art has been supplied in the record.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Malyshev, et al., U.S. Pub. No. 2010/0180344
Zhang, Jie, U.S. Pub. No. 2018/0114018

Any inquiry concerning this communication or earlier communications from the examiner should be directed to J. Brant Murphy whose telephone number is (571)272-6433. The examiner can normally be reached Monday - Friday, 8am - 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/J. BRANT MURPHY/Primary Examiner, Art Unit 2435                                                                                                                                                                                                        
May 20, 2022