DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 2,9, 16 are objected to because of the following informalities: Claims 2, 9, 16 recite “…wherein the deep learning model…with a results…of one or more security tests…”.  Appropriate correction is required.


Allowable Subject Matter

Claims 2-4, 7, 9-11, 14, 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 6, 8, 12, 13, 15, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chakraborty et al (Pub. No. US 20180053088) in view of Stokes et al (Pub. No. US 2020/0120110).

As per claim 1, Chakraborty discloses a computer-implemented method for predicting software security exploits, the computer- implemented method comprising:
receiving, by one or more computer processors, one or more sets of design events from a compliance monitor, wherein the one or more sets of design events are captured by the compliance monitor during execution of a software application (…receiving a plurality of payloads from payload generator to synthesize new payloads…par. 35, 61-62);
detecting, by the one or more computer processors, a pattern of the one or more sets of design events performed by the software application, wherein the pattern is a specific sequence of the one or more sets of design events (…see fig.12; trend visualization (pattern) for the per-round number of payloads for synthesizing security exploits via self-amplifying deep learning…par. 71). Chakraborty does not explicitly disclose comparing, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model; and predicting, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns. However Stokes discloses comparing, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model (…training data and validation data may be accessed from storage…during training, a neural network analyzes the training data and compares the results of the analyses to the training data’s labels…values for the weights of the enhance neural network and the IR module are iteratively updated based on the training data…by employing the enhanced neural network architecture that employs the interrelatedness of the input data…this interrelatedness proved may be employed to generate “latent” or “hidden” patterns in the input data…neural networks “learn” patterns in the input data and employ those patterns to generate probabilistic output, such as classifications…enhanced network architecture is configured to one or more applications where deep learning is applicable…see par. 27-28, 58, 91-92); and predicting, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns (…generate predictions…the neural networks classify the data as being associated with ransomware…see par. 27, 92-93). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Stokes in Chakraborty for including the above limitations because one ordinary skill in the art would recognize it would further enhance the neural network architectures with employment of the interrelatedness of input data and generate patterns in the input data to further improve detecting malware and/ransomware in the network…see Stokes, par. 27-28.


As per claim 8, Chakraborty discloses a computer program product for predicting software security exploits, the computer- implemented method comprising: one or more computer readable storage devices and program instructions stored on the one or more computer readable storage devices (see par. 25), the stored program instructions comprising instructions to: receive one or more sets of design events from a compliance monitor, wherein the one or more sets of design events are captured by the compliance monitor during execution of a software application (…receiving a plurality of payloads from payload generator to synthesize new payloads…par. 35, 61-62); detect, by the one or more computer processors, a pattern of the one or more sets of design events performed by the software application, wherein the pattern is a specific sequence of the one or more sets of design events (…see fig.12; trend visualization (pattern) for the per-round number of payloads for synthesizing security exploits via self-amplifying deep learning…par. 71). Chakraborty does not explicitly disclose compare, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model; and predict, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns. However Stokes discloses compare, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model (…training data and validation data may be accessed from storage…during training, a neural network analyzes the training data and compares the results of the analyses to the training data’s labels…values for the weights of the enhance neural network and the IR module are iteratively updated based on the training data…by employing the enhanced neural network architecture that employs the interrelatedness of the input data…this interrelatedness proved may be employed to generate “latent” or “hidden” patterns in the input data…neural networks “learn” patterns in the input data and employ those patterns to generate probabilistic output, such as classifications…enhanced network architecture is configured to one or more applications where deep learning is applicable…see par. 27-28, 58, 91-92); and predict, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns (…generate predictions…the neural networks classify the data as being associated with ransomware…see par. 27, 92-93). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Stokes in Chakraborty for including the above limitations because one ordinary skill in the art would recognize it would further enhance the neural network architectures with employment of the interrelatedness of input data and generate patterns in the input data to further improve detecting malware and/ransomware in the network…see Stokes, par. 27-28.



As per claim 15, Chakraborty discloses a computer system for predicting software security exploits, the computer system comprising: one or more computer processors;
one or more computer readable storage media; and program instructions stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors (…see processor, memory and storage…par. 25), the stored program instructions comprising instructions to: receive one or more sets of design events from a compliance monitor, wherein the one or more sets of design events are captured by the compliance monitor during execution of a software application (…receiving a plurality of payloads from payload generator to synthesize new payloads…par. 35, 61-62); detect, by the one or more computer processors, a pattern of the one or more sets of design events performed by the software application, wherein the pattern is a specific sequence of the one or more sets of design events (…see fig.12; trend visualization (pattern) for the per-round number of payloads for synthesizing security exploits via self-amplifying deep learning…par. 71). Chakraborty does not explicitly disclose compare, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model; and predict, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns. However Stokes discloses compare, by the one or more computer processors, the pattern of the one or more sets of design events performed by the software application to a database of one or more learned patterns using a deep learning model (…training data and validation data may be accessed from storage…during training, a neural network analyzes the training data and compares the results of the analyses to the training data’s labels…values for the weights of the enhance neural network and the IR module are iteratively updated based on the training data…by employing the enhanced neural network architecture that employs the interrelatedness of the input data…this interrelatedness proved may be employed to generate “latent” or “hidden” patterns in the input data…neural networks “learn” patterns in the input data and employ those patterns to generate probabilistic output, such as classifications…enhanced network architecture is configured to one or more applications where deep learning is applicable…see par. 27-28, 58, 91-92); and predict, by the one or more computer processors, a security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns (…generate predictions…the neural networks classify the data as being associated with ransomware…see par. 27, 92-93). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Stokes in Chakraborty for including the above limitations because one ordinary skill in the art would recognize it would further enhance the neural network architectures with employment of the interrelatedness of input data and generate patterns in the input data to further improve detecting malware and/ransomware in the network…see Stokes, par. 27-28.


As per claims 5, 12, 19, the combination of Chakraborty and Stokes discloses wherein predicting the security exploit based on the comparison of the pattern of the one or more sets of design events performed by the software application to the one or more learned patterns further comprises: calculating, by the one or more computer processors, a probability that the security exploit will occur (Stokes: see par. 62-63); and performing, by the one or more computer processors, one or more remediations, wherein the one or more remediations include at least one of sending a notification to a system administrator, alerting a user, and sending a message to the software application (Stokes:  see sequential signals generated by software applications…see par. 45). The motivation for claims 5, 12, 19 is the same motivation as in claims 1, 8, 15 above.


As per claims 6, 13, 20, the combination of Chakraborty and Stokes discloses wherein the probability that the security exploit will occur is predicted using a model chosen from a group including an F1 score of a Recurrent Neural Network (RNN) (Stokes: see RNNs, par. 30), an RNN combined with a Hidden Markov Model, an RNN Long Short Term Memory combined with a Hidden Markov Monte Carlo, and an RNN combined with a Connectionist Temporal Classification. The motivation for claims 6, 13, 20 is the same motivation as in claims 1, 8, 15 above.





Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to predicting software security exploits by motoring software events.

Barnea et al (Pub. No. US 2012/0117117); “Aiding Report Construction Based on Interface of Implicit Application Level Relationships”;
-Teaches adding report construction based on interference of implicit application level relationships…that starts with the stage of analyzing a model of a software application to yield data elements associated with base objects of the software application…see par. 6-7.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499