DETAILED ACTION
This action is in response to a correspondence filed on 04/28/2022.
Claims 21 and 22 are new.
Claims 1-22 are pending.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/2/2022 has been entered.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/28/2022 was filed after the mailing date of the Notice of Allowance on 04/20/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: 
The present invention relates to an Intrusion Detection System capable of using machine learning concepts to detect and remediate to false positives due to illegitimate intrusion alerts by adjusting parameters of the machine learning model so future alerts that are false positives are avoided. More specifically, the claims have been amended to specifically disclose that the alert was generated by an Intrusion detection system (IDS) running on the host based on a signature associated with a potential security threat. That is, the IDS may compare packets received over the network to signatures associated with threats to generate an alert, and indications of the threat are sent to a machine learning engine based on user feedback indicating whether each alert is a false positive in a manner wherein the machine learning parameters are adjusted based on determining whether the alert in fact constitutes a legitimate threat, thereby improving accuracy in security monitoring systems and remediating to false positives. None of the prior art, whether alone or in combination appear to teach, disclose or suggest the invention as claimed, and combining the identified prior arts to arrive at the claimed invention would amount to impermissible hindsight.

The relevant arts are as below:

Pillai et al. (US 9,654,510) relates to using signatures in a data loss prevention system. According to one embodiment, a DLP system identifies an occurrence of a data loss prevention (DLP) incident triggered by content and a DLP rule. The DLP system generates a first signature representing the DLP incident based on a specific pattern inherent to the content which triggered the DLP incident. The DLP system compares the first signature to one or more second signatures generated from other DLP incidents associated with the DLP rule. Upon determining the first signature matches at least one of the second signatures, the DLP system assigns an event status of the second matching signature to the first signature.

Oliphant et al. (US 20160036846) in which system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.
	
Raman et al. (US 20200242611) relates to apparatus and methods for identifying fraudulent transactions. A computing device receives return data identifying the return of at least one item. The computing device obtains modified strategy data identifying at least one rule of a modified strategy. The rule may be based on the application of at least one dimensionality reduction algorithm to an initial strategy. The computing device applies the modified strategy to the received return data identifying the return of the at least one item, and determines whether the return of the at least one item is fraudulent based on the application of the modified strategy. The computing device generates fraud data identifying whether the return of the at least one item is fraudulent based on the determination, and may transmit the fraud data to another computing device to indicate whether the return is fraudulent.

Zhou et al. (US 7,991,726) discloses a system and method for analyzing Intrusion Detection System (IDS) alert data associated with a computer network is described. The method includes applying first association rules to obtained IDS alert data associated with a computer network and processing the obtained IDS alert data with the first association rules. Analyst feedback data associated with the processed obtained IDS alert data is received, and a training data set from the analyst feedback data is received. New association rules are determined based upon the training data set, and the new association rules are outputted to a display of a computing device. Outputting the new association rules may include outputting patterns within the IDS alert data of false positive alerts. The new association rules may be applied back to the obtained IDS alert data.

Duffield et al. (US 9,680,877) teaches a system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PATRICK F NGANKAM whose telephone number is (571)270-3659. The examiner can normally be reached M-F 9:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on (571) 272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.F.N/Examiner, Art Unit 2454                                                                                                                                                                                                        
/JAMES E SPRINGER/Primary Examiner, Art Unit 2454