DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is in reply to amendment filed on May 31st, 2022. Claims 1-16 are pending. 

Response to Arguments
Applicant's arguments filed on May 31st 2022 have been fully considered but they are not persuasive. Applicant argues that the prior art on record does not teach classifying anomalies based on the determined one or more feature-associated anomaly score and the determined feature importance.
Examiner would point out that, Stapleton et al. US 10,045,218 B1 teaches classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance (i.e., determining categorical and/or continuous feature scores and feature importance, wherein a feature importance for a given feature corresponds to a relevance of the feature to determining the feature vector as anomalous, directly outputting classification data for display to a user interface (understood by the examiner the display includes classified anomalies based on feature importance and anomaly score), column 4, lines 1-35, column 8, line 59-67 and claims 1 & 7). Examiner would further point out that he prior art on record teaches the claim limitations and therefore the rejection is respectfully maintained. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-9 and 15-16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Stapleton et al. US 10,045,218 B1 [hereinafter Stapleton].

As pe claims 1, 15 and 16, Stapleton teaches a computer-implemented method for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network, the method comprising: 
retrieving at least one network data traffic sample (i.e., sample call data, column 3, lines 9-16); 
determining one or more feature-associated anomaly scores (i.e., categorical and continuous scores, column 3, line 59-column 4, line 12]; 
determining feature importance for each feature of a feature-associated anomaly score [column 8, lines 59-67]; and 
classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance [column 8, line 59-67 and claims 1 & 7].
	
	As per claim 2, Stapleton further teaches the method wherein at least one feature is representative of inbound and/or outbound traffic between devices in the first part of the network and devices in the second part of the network [column 9, lines 20-22].

	As per claim 3, Stapleton further teaches the method wherein the classifying comprises ranking the one or more anomalies in relation to one another based on a combination of an anomaly score and feature importance [column 8, line 59-column 9, line 13].

	As per claim 4, Stapleton further teaches the method wherein the feature-associated anomalies are determined by applying a forest model comprising a collection of detection trees [column 7, lines 1-21].

	As per claim 5, Stapleton further teaches the method further comprising activating an alarm when the determined anomaly score is above a predetermined anomaly score threshold [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

	As per claim 6, Stapleton further teaches the method further comprising activating the alarm when the feature importance surpasses a predetermined feature importance value [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

	As per claim 7, Stapleton further teaches the method further comprising adjusting the anomaly score threshold based on the determined feature importance [column 16, lines 1-3].

	As per claim 8, Stapleton further teaches the method further comprising triggering automatic collection of further information to determine cause of the alarm, wherein automatic collection of further information comprises retrieval of node logs and/or packet tracing [column 3, line 59-column 4, line 4 and column 4, lines 54-57].

	As per claim 9, Stapleton further teaches the method further comprising activating at least one feature related limitation in the first part and/or second part of the network based on feature importance, wherein activating the at least one feature related limitation comprises limiting inbound and/or outbound traffic; limiting a number of inbound and/or outbound connections; and limiting use of ports [column 16, lines 4-11]. 

Allowable Subject Matter
Claims 10-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435