DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
The present application is being examined under the claims filed 06/27/2019. 
Claims 1-24 are pending.

Specification
The use of the terms WiFi in ¶38 and PowerPoint in ¶145, which are trade name or marks used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: 
Regarding Claim 1:
“a graph generator utilizing a natural language processing model to generate a graph
based on a publication” (Prong A is met with the usage of “generator”. Prong B is met with the functional language, “to.” Prong C is met as the modifier “graph” is not sufficient structure.)
“an analyzer to: analyze two or more nodes in the graph by identifying respective attributes of the two or more nodes in the graph” (Prong A is met with the usage of “analyzer”. Prong B is met with the functional language, “to.” Prong C is met as there is no modifier.)
“a variation generator to generate an attack mechanism based on the indication;” (Prong A is met with the usage of “generator”. Prong B is met with the functional language, “to.” Prong C is met as the modifier “variation” is not sufficient structure.)
“and a weight postulator to, based on (A) the two or more nodes in the graph and (B) the generated attack mechanism, indicate a weight associated with a severity of the generated attack mechanism.” (Prong A is met with the usage of “postulator”. Prong B is met with the functional language, “to.” Prong C is met as the modifier “weight” is not sufficient structure.)
Regarding Claim 2:
“further including a graph determiner to determine whether the graph is generated” (Prong A is met with the usage of “determiner”. Prong B is met with the functional language, “to.” Prong C is met as the modifier “graph” is not sufficient structure.)
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-8 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Regarding Claim 1 and dependent claims:
Claim 1 invoked 112(f) and as per MPEP 2181(II)(B), computer-implemented means-plus-function limitations must disclose in the instant specification an algorithm for performing the claimed specific computer function. However, the instant specification does not disclose an algorithm for the “graph generator,” “analyzer,” “variation generator,” or “weight postulator”.
For the “graph generator,” ¶39 of the instant specification cites, “In examples disclosed herein, the graph generator 110 is implemented by a processing system utilizing a natural language processing model. For example, the graph generator 110 may utilize natural language processing techniques to analyze the meaning and/or task order of the attack mechanism provided in the publication 106. In other examples disclosed herein, the graph generator 110 may generate the graph 111 utilizing any suitable means of graph generation. Alternatively, the graph generator 110 may obtain the graph 111 from a user input in which the graph has been derived via user knowledge.” From this citation, it is unclear which method the graph generator is using. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “graph generator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(a). For examination purposes, “graph generator” is interpreted to be anything that generates graphs.
For the “analyzer,” ¶54 of the instant specification cites, “In the example illustrated in FIG. 3, the analyzer 304 analyzes the nodes 113, 115, 117, 119, 121 in the graph 111. For example, the analyzer 304 may determine that two or more nodes 113, 115, 117, 119, 121 in the graph 111 include similar objective attributes. […] In other examples disclosed herein, the analyzer 304 may determine whether any of the nodes 113, 115, 117, 119, 121 are similar based on of any suitable attribute (e.g., the product attribute, the mitigation attribute, the requirement attribute, etc.). In examples disclosed herein, the analyzer 304 may compare any node (e.g., any of the nodes 113, 115, 117, 119, 121) that includes multiple outgoing nodes (e.g., multiple child nodes) with another node […].” From this citation, it is unclear what algorithm the analyzer is using. It is unclear if there is some sort of threshold for similarity or what attribute(s) are used to determine similarity. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “analyzer” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(a). For examination purposes, “analyzer” is interpreted to be anything that provides information about the attributes of the nodes in the graph.
For the “variation generator,” ¶55 of the instant specification cites, “In FIG. 3, the variation generator 306 communicates with the analyzer 304 to obtain and/or otherwise receive an indication of the nodes 113, 115, 117, 119, 121 of the graph 111 that are similar in a particular attribute […]. For example, the variation generator 306 may replace any of the child nodes (e.g., the child nodes 117, 119, 121) that include a similar objective attribute with each other. In such an example, the variation generator 306 generates, determines, and/or otherwise hypothesizes new attack mechanisms (e.g., the new attack mechanism 123 of FIG. 1).” Further mentions of the variation generator merely mention that the variation generator generates new attack mechanism. For example in ¶87, the specification cites, “In response the analyzer 304 determining similar nodes exist in the graph 111 (e.g., control of block 830 returns YES), then the variation generator 306 generates, determines, and/or otherwise hypothesizes new attack mechanisms (e.g., the new attack mechanism 123 of FIG. 1) (block 840).” It is unclear what algorithm the variation generator is using to generate new attack mechanisms. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “variation generator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(a). For examination purposes, “variation generator” is interpreted to be anything that generates new data.
For the “weight postulator,” ¶57 of the instant specification cites, “The weight postulator 126 includes an example objective determiner 402, an example distance determiner 404, an example product comparator 406, an example requirement determiner 408, an example mitigation determiner 410, an example weight updater 412, and an example weight log 414. In FIG. 4, any of the objective determiner 402, the distance determiner 404, the product comparator 406, the requirement determiner 408, the mitigation determiner 410, the weight updater 412, and/or the weight log 414 may communicate with the technique substitution controller 124, the objective phrase controller 128, and/or the context phrase controller 130 of FIG. 1 to analyze the generated, determined, and/or otherwise hypothesized attack mechanisms.” Subsequent ¶58-62 describe how different components could affect the weights. For example, ¶62 cites, “In the example illustrated in FIG. 4, the mitigation determiner 410 determines, for every node which shares a similar product, whether the mitigation attributes are similar. If not, then the mitigation determiner 410 increases a mitigation attribute weight because the new attack mechanism may be able to circumvent the current, different mitigation attribute.” It is unclear from ¶62 how the mitigation determiner determines similarity (i.e. is there a certain threshold for similarity). Further, it is unclear whether all of these modules are necessary for the weight postulator or if any is sufficient. If any is sufficient, it is unclear which of those would be used.  Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “weight postulator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(a). For examination purposes, “weight postulator” is interpreted to be anything that provides information on the data generated by the variation generator. 
Therefore, claim 1 is rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph.
Dependent claims 2-8 are rejected as they inherit the deficiencies of parent claim.

Regarding Claim 2 and dependent claim:
Claim 2 invoked 112(f) and as per MPEP 2181(II)(B), computer-implemented means-plus-function limitations must disclose in the instant specification an algorithm for performing the claimed specific computer function. However, the instant specification does not disclose an algorithm for the “graph determiner.”
¶66 cites, “Illustrated in the example of FIG. 5, the graph determiner 502 determines whether the graph 111 has been generated by the graph generator 110 of FIG. 1. For example, the graph determiner 502 may communicate with the graph generator 110 to determine and/or otherwise obtain an indication stating that the graph 111 has been generated and, as such, obtain the graph 111. Alternatively, the graph determiner 502 may communicate with the graph generator 110 to determine the graph 111 has not been generated (e.g., the graph 111 is non-existent) and, as such, continue to wait. In such an example if the graph determiner 502 determines, via communication with the graph generator 110, that the graph 111 has not been generated (e.g., the graph 111 is non- existent), the graph determiner 502 may indicate to obtain an old version of the graph (e.g., a derivative and/or older version of the graph 111 stored in the server 104).” ¶95 further cites, “If the graph determiner 502 determines the graph 111 has not been generated, then control returns to block 1010 and the process waits. Alternatively, if the graph determiner 502 determines the graph 111 has been generated, then control proceeds to block 1020.” It is unclear which method the graph determiner uses (i.e. does the graph determiner indicate to wait or does it indicate to obtain an old version of the graph?). Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “graph determiner” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “graph determiner” is interpreted to be anything that indicates a graph.
Therefore, claim 2 is rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph.
Dependent claim 3 is rejected as it inherits the deficiencies of parent claim.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding Claim 1 and dependent claims:
Claim limitation “a graph generator utilizing a natural language processing model to generate a graph based on a publication;” in claim 1 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
¶39 of the instant specification cites, “In examples disclosed herein, the graph generator 110 is implemented by a processing system utilizing a natural language processing model. For example, the graph generator 110 may utilize natural language processing techniques to analyze the meaning and/or task order of the attack mechanism provided in the publication 106. In other examples disclosed herein, the graph generator 110 may generate the graph 111 utilizing any suitable means of graph generation. Alternatively, the graph generator 110 may obtain the graph 111 from a user input in which the graph has been derived via user knowledge.” From this citation, it is unclear which method the graph generator is using. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “graph generator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “graph generator” is interpreted to be anything that generates graphs.
Claim limitation “an analyzer to: analyze two or more nodes in the graph by identifying respective attributes of the two or more nodes in the graph; and provide an indication of the two or more nodes that include similar respective attributes;” in claim 1 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
¶54 of the instant specification cites, “In the example illustrated in FIG. 3, the analyzer 304 analyzes the nodes 113, 115, 117, 119, 121 in the graph 111. For example, the analyzer 304 may determine that two or more nodes 113, 115, 117, 119, 121 in the graph 111 include similar objective attributes. […] In other examples disclosed herein, the analyzer 304 may determine whether any of the nodes 113, 115, 117, 119, 121 are similar based on of any suitable attribute (e.g., the product attribute, the mitigation attribute, the requirement attribute, etc.). In examples disclosed herein, the analyzer 304 may compare any node (e.g., any of the nodes 113, 115, 117, 119, 121) that includes multiple outgoing nodes (e.g., multiple child nodes) with another node […].” From this citation, it is unclear what algorithm the analyzer is using. It is unclear if there is some sort of threshold for similarity or what attribute(s) are used to determine similarity. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “analyzer” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “analyzer” is interpreted to be anything that provides information about the attributes of the nodes in the graph.
Claim limitation “a variation generator to generate an attack mechanism based on the indication;” in claim 1 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
The most detail about the variation generator appears in ¶55 of the instant specification which cites, “In FIG. 3, the variation generator 306 communicates with the analyzer 304 to obtain and/or otherwise receive an indication of the nodes 113, 115, 117, 119, 121 of the graph 111 that are similar in a particular attribute […]. For example, the variation generator 306 may replace any of the child nodes (e.g., the child nodes 117, 119, 121) that include a similar objective attribute with each other. In such an example, the variation generator 306 generates, determines, and/or otherwise hypothesizes new attack mechanisms (e.g., the new attack mechanism 123 of FIG. 1).” Further mentions of the variation generator merely mention that the variation generator generates new attack mechanism. For example in ¶87, the specification cites, “In response the analyzer 304 determining similar nodes exist in the graph 111 (e.g., control of block 830 returns YES), then the variation generator 306 generates, determines, and/or otherwise hypothesizes new attack mechanisms (e.g., the new attack mechanism 123 of FIG. 1) (block 840).” It is unclear what algorithm the variation generator is using to generate new attack mechanisms. Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “variation generator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “variation generator” is interpreted to be anything that generates new data.
Claim limitation “and a weight postulator to, based on (A) the two or more nodes in the graph and (B) the generated attack mechanism, indicate a weight associated with a severity of the generated attack mechanism” in claim 1 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
¶57 of the instant specification cites, “The weight postulator 126 includes an example objective determiner 402, an example distance determiner 404, an example product comparator 406, an example requirement determiner 408, an example mitigation determiner 410, an example weight updater 412, and an example weight log 414. In FIG. 4, any of the objective determiner 402, the distance determiner 404, the product comparator 406, the requirement determiner 408, the mitigation determiner 410, the weight updater 412, and/or the weight log 414 may communicate with the technique substitution controller 124, the objective phrase controller 128, and/or the context phrase controller 130 of FIG. 1 to analyze the generated, determined, and/or otherwise hypothesized attack mechanisms.” Subsequent ¶58-62 describe how different components could affect the weights. For example, ¶62 cites, “In the example illustrated in FIG. 4, the mitigation determiner 410 determines, for every node which shares a similar product, whether the mitigation attributes are similar. If not, then the mitigation determiner 410 increases a mitigation attribute weight because the new attack mechanism may be able to circumvent the current, different mitigation attribute.” It is unclear from ¶62 how the mitigation determiner determines similarity (i.e. is there a certain threshold for similarity). Further, it is unclear whether all of these modules are necessary for the weight postulator or if any is sufficient. If any is sufficient, it is unclear which of those would be used.  Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “weight postulator” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “weight postulator” is interpreted to be anything that provides information on the data generated by the variation generator. 
Therefore, claim 1 is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. Dependent claims 2-8 are rejected for inheriting the deficiencies of the parent claim. 

Regarding Claim 2 and dependent claim:
Claim limitation “further including a graph determiner to determine whether the graph is generated and, in response to determining the graph is generated, transmit the graph to the analyzer” in claim 1 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
¶66 cites, “Illustrated in the example of FIG. 5, the graph determiner 502 determines whether the graph 111 has been generated by the graph generator 110 of FIG. 1. For example, the graph determiner 502 may communicate with the graph generator 110 to determine and/or otherwise obtain an indication stating that the graph 111 has been generated and, as such, obtain the graph 111. Alternatively, the graph determiner 502 may communicate with the graph generator 110 to determine the graph 111 has not been generated (e.g., the graph 111 is non-existent) and, as such, continue to wait. In such an example if the graph determiner 502 determines, via communication with the graph generator 110, that the graph 111 has not been generated (e.g., the graph 111 is non- existent), the graph determiner 502 may indicate to obtain an old version of the graph (e.g., a derivative and/or older version of the graph 111 stored in the server 104).” ¶95 further cites, “If the graph determiner 502 determines the graph 111 has not been generated, then control returns to block 1010 and the process waits. Alternatively, if the graph determiner 502 determines the graph 111 has been generated, then control proceeds to block 1020.” It is unclear which method the graph determiner uses (i.e. does the graph determiner indicate to wait or does it indicate to obtain an old version of the graph?). Sufficient disclosure of the structure (e.g., the computer and the algorithm for computer-implemented means-plus-function limitations as per MPEP 2181(II)(B)) is not present in the mentions of the “graph determiner” in the specification, as shown through these citations, and thus, does not meet the requirements of 112(b). For examination purposes, “graph determiner” is interpreted to be anything that indicates a graph.
Therefore, claim 2 is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. Dependent claim 3 is rejected for inheriting the deficiencies of the parent claim. 

Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5, 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Fan et al. (“Using Artificial Anomalies to Detect Unknown and Known Network Intrusions”) (herein thereafter Fan) in view of Yao et al. (“Graph Convolutional Networks for Text Classification”) (herein thereafter Yao). 

Regarding Claim 1:
	Fan teaches:
An apparatus to analyze an attack mechanism, the apparatus comprising: (Fan discloses a system for analyzing attack mechanisms, referred to as intrusions or anomalies by Fan, in the abstract, “Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both known and unknown intrusions).”)
a variation generator to generate an attack mechanism based on the indication; (Fan discloses generation of attack mechanisms, referred to as anomalies by Fan, in the Abstract, “We propose an algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies.”)
and a weight postulator to, based on (A) the two or more nodes [in the graph] and (B) the generated attack mechanism, indicate a weight associated with a severity of the generated attack mechanism. (For examination purposes, “weight postulator” is interpreted to be anything that provides information on the data generated by the variation generator. Examiner notes that nodes are nothing more than features and are equivalent. Fan discloses classifying the intrusions (i.e. attack mechanism) which gives information on the severity of the intrusions in sec. 4 ¶2, “To examine the performance for specific intrusion classes and categories, the anomaly detection rate (%a) for each class and category is shown in Table 2(b). […] A total of 17 out of 22 intrusion classes (all non-null measurements) are detected as anomalies. For 13 out of 22 intrusions (all entries highlighted by d), the proposed method catches at least 50% of all occurrences. There are 3 intrusions (guess_passwd, buffer-overflow and phf) that our approach is capable of detecting perfectly (i.e., %a = 100%). These 3 intrusions belong to the more harmful U2R and R2L categories.” Fan further discloses in Fig. 1 that the generated attack mechanism is generated based on a plurality of features, thus the weight postulator is based on a plurality of nodes and generated attack mechanism. However, Fan does not teach that the nodes are in the graph and examiner notes that the combination of Fan and Yao teach this limitation.) 
Fan teaches that to generate and analyze attack mechanisms, features must be inputted (Fig. 1) but does not teach obtaining features. Fan does not teach “a graph generator utilizing a natural language processing model to generate a graph based on a publication; an analyzer to: analyze two or more nodes in the graph by identifying respective attributes of the two or more nodes in the graph; and provide an indication of the two or more nodes that include similar respective attributes.”
Yao teaches:
a graph generator utilizing a natural language processing model to generate a graph based on a publication; (Examiner notes that publications are equivalent to documents. Yao discloses in the Introduction ¶3, “In this work, we propose a new graph neural network-based method for text classification. We construct a single large graph from an entire corpus, which contains words and documents as nodes.”)
an analyzer to: analyze two or more nodes in the graph by identifying respective attributes of the two or more nodes in the graph; (Yao discloses identifying attributes in the Abstract, “We build a single text graph for a corpus based on word co-occurrence and document word relations.” Yao further discloses an analyzer (i.e. a classifier) in sec. Text Graph Convolutional Networks ¶2, “After building the text graph, we feed the graph into a simple two layer GCN as in (Kipf and Welling 2017), the second layer node (word/document) embeddings have the same size as the labels set and are fed into a softmax classifier.”) 
and provide an indication of the two or more nodes that include similar respective attributes; (Yao discloses indicating word occurrence which is the count of nodes that have the same attribute in sec. Text Graph Convolutional Networks ¶1, “We build edges among nodes based on word occurrence in documents (document-word edges) and word co-occurrence in the whole corpus (word-word edges). The weight of the edge between a document node and a word node is the term frequency-inverse document frequency (TF-IDF) of the word in the document, where term frequency is the number of times the word appears in the document, inverse document frequency is the logarithmically scaled inverse fraction of the number of documents that contain the word. […] A positive PMI value implies a high semantic correlation of words in a corpus, while a negative PMI value indicates little or no semantic correlation in the corpus. Therefore, we only add edges between word pairs with positive PMI values.”)
… (A) the two or more nodes in the graph … (For examination purposes, “weight postulator” is interpreted to be anything that provides information on the data generated by the variation generator. Examiner notes that the combination of Fan and Yu teach this limitation. Fan disclosed that the generated attack mechanism is generated based on features therefore the weight postulator is based on the features (i.e. nodes) and generated attack mechanism. Yao teaches the features are based on the plurality of nodes of the graph. Yao discloses a feature matrix in sec. Method: Graph Convolutional Networks, “Formally, consider a graph G = (V, E), where V (|V | = n) and E are sets of nodes and edges, respectively. Every node is assumed to be connected to itself, i.e., (v, v) ∈ E for any v. Let X ∈ R n×m be a matrix containing all n nodes with their features, where m is the dimension of the feature vectors, each row xv ∈ R m is the feature vector for v.”) 
Fan, Yao, and the instant application are analogous art because they are all directed to machine learning.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the attack mechanism analysis system disclosed by Fan to include the graph generator and analyzer taught by Yao. One would be motivated to do so to improve accuracy, as suggested by Yao (Yao Conclusion and Future Work: “Text GCN can capture global word cooccurrence information and utilize limited labeled documents well. A simple two-layer Text GCN demonstrates promising results by outperforming numerous state-of-the-art methods on multiple benchmark datasets.”).

Regarding Claim 2:
Fan in view of Yao teach “The apparatus of claim 1,” as seen above. 
	Yao further teaches: 
further including a graph determiner to determine whether the graph is generated (For examination purposes, “graph determiner” is interpreted to be anything that indicates a graph. Yao discloses an identity matrix that identifies the graph and its size in sec. Text Graph Convolutional Networks ¶1-2 “We simply set feature matrix X = I as an identity matrix which means every word or document is represented as a one-hot vector as the input to Text GCN. […] Therefore, we only add edges between word pairs with positive PMI values.”)
and, in response to determining the graph is generated, transmit the graph to the analyzer. (Yao discloses transmitting the graph in sec. Text Graph Convolutional Networks ¶2, “After building the text graph, we feed the graph into a simple two layer GCN as in (Kipf and Welling 2017), the second layer node (word/document) embeddings have the same size as the labels set and are fed into a softmax classifier.”) 
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Fan with the teachings of Yao for at least the same reasons as discussed above in claim 1.

Regarding Claim 3:
Fan in view of Yao teach “The apparatus of claim 2,” as seen above. 
	Yao further teaches: 
wherein the graph determiner is to determine the graph is generated by communicating with the graph generator. (Yao discloses that the feature matrix is only built through communication with the graph generator (as values in the matrix are added through using measures such as TF-IDF and PMI) in sec. Text Graph Convolutional Networks ¶1, “The weight of the edge between a document node and a word node is the term frequency-inverse document frequency (TF-IDF) of the word in the document, […] We employ point-wise mutual information (PMI), a popular measure for word associations, to calculate weights between two word nodes.”)
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Fan with the teachings of Yao for at least the same reasons as discussed above in claim 1.

Regarding Claim 5:
Fan in view of Yao teach “The apparatus of claim 1,” as seen above. 
Yao further teaches:
wherein the respective attributes are respective objective attributes of the two or more nodes in the graph. (Examiner notes that “objective attributes” are interpreted as attributes that can be measured or are observable. Yao discloses measurable attributes such as word co-occurrence that are related to a plural number of nodes in the sec. Text Graph Convolutional Networks ¶1, “We build a large and heterogeneous text graph which contains word nodes and document nodes so that global word co-occurrence can be explicitly modeled and graph convolution can be easily adapted, as shown in Figure 1.”)
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Fan with the teachings of Yao for at least the same reasons as discussed above in claim 1.

Regarding Claim 7:
Fan in view of Yao teach “The apparatus of claim 1,” as seen above. 
Fan further teaches:
wherein the generated attack mechanism is not included in the graph generated based on the publication. (Fan discloses that the generated attack mechanism (i.e. anomaly) is not in the training data in sec. 2 ¶3, “Our approach to generating artificial anomalies focuses on “near misses,” instances that are close to the known data, but are not in the training data.”) 
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Fan with the teachings of Yao for at least the same reasons as discussed above in claim 1.

Regarding Claim 8:
Fan in view of Yao teach “The apparatus of claim 7,” as seen above. 
Fan further teaches:
wherein the publication is at least one of a security conference publication, a PowerPoint presentation, a word document, a portable document format (PDF) file, or transcript of a video presentation. (Examiner notes that “document” is interpreted as a computer file containing information input by a computer user as per Merriam Webster dictionary and that a “word document” is a document containing words. Yao discloses that the data used for graph generation were word documents in sec. Experiments: Datasets, “We ran our experiments on five widely used benchmark corpora including 20-Newsgroups (20NG), Ohsumed, R52 and R8 of Reuters 21578 and Movie Review (MR).”)
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Fan with the teachings of Yao for at least the same reasons as discussed above in claim 1.

Claims 4, 6, 9-24 are rejected under 35 U.S.C. 103 as being unpatentable over Fan in view of Yao and further in view of Peppe et al. (WO2019028341A1) (herein thereafter Peppe). 

Regarding Claim 4:
Fan in view of Yao teach “The apparatus of claim 1,” as seen above. 
Neither Fan nor Yao teach “wherein the two or more nodes in the graph are included in two or more attack mechanisms, respectively.”
	Peppe further teaches: 
wherein the two or more nodes in the graph are included in two or more attack mechanisms, respectively. (Peppe discloses that a plurality of nodes are associated with a plurality of attack vectors (i.e. attack mechanisms) in ¶25, “The nodes may be further connected other nodes that represent the attack vectors (vulnerabilities) of the assets and/or the threat actors.”)
The combined system of Fan and Yao, the teachings of Peppe, and the instant application are analogous art because they are all directed to analysis of attack mechanisms.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the attack mechanism analysis system disclosed by Fan to include the graph generator and analyzer taught by Yao. One would be motivated to do so increase recognition of attack mechanisms, as suggested by Peppe (Peppe ¶21: “In this way, the attack vector that is currently experiencing the attack and the one or more additional vectors that are determined by the similarity search as potentially under attack may be identified as being targeted by the same multiple vector attack. In contrast, a conventional security application may fail to detect such a multiple vector attack, thereby leaving some attack vectors of the assets vulnerable even if other attack vectors are successful protected by remedial protection measures.”).

Regarding Claim 6:
Fan in view of Yao teach “The apparatus of claim 1,” as seen above. 
Neither Fan nor Yao teach “wherein the two or more nodes in the graph are child nodes of two or more parent nodes, respectively.”
	Peppe further teaches: 
wherein the two or more nodes in the graph are child nodes of two or more parent nodes, respectively. (Peppe discloses a plurality of parent and child nodes in ¶34, “The threat model 126 may model multiple attack surfaces, in which the attack surfaces are often represented with attack trees. Attack trees are computer security constructs that store the preconditions and antecedents for vulnerabilities in a computer network. Typically, the tree may be comprised of a parent node each with a set of child nodes. Child nodes interior to the tree will have their own respective child nodes (grandchild nodes to the parent node). Child nodes that do not have their own child nodes are leaf nodes. Each parent node stores a potential vulnerability to a network. The child nodes for that parent node are potential vectors to exploit the vulnerability stored in the parent node”)
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of Fan in view of Yao with the teachings of Peppe for at least the same reasons as discussed above in claim 4.

Regarding Claim 9:
Claim 9 is a product claim, corresponding to product claim 1. The only difference is that claim 11 recites a non-transitory computer readable storage medium and a processor. The rest of the limitations of claim 11 are rejected for the same reasons as claim 1. 
Peppe teaches:
A non-transitory computer readable storage medium comprising instructions which, when executed, cause at least one processor to at least: (Peppe discloses in ¶50, “FIG. 6 is a block diagram showing various components of the example environment for applying the similarity search to discover multiple vector attacks, and implementing the recombinant threat models and threat matrices. The configuration comprises a computer host system 602 with a processor 604, a computer-readable memory 606, and a computer-readable medium 608. The memory 606 may be RAM and the computer-readable medium 606 may be persistent such as a disk storage.”)
The combined system of Fan and Yao, the teachings of Peppe, and the instant application are analogous art because they are all directed to analysis of attack mechanisms.
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the attack mechanism analysis system disclosed by Fan to include the graph generator and analyzer taught by Yao. One would be motivated to do so increase recognition of attack mechanisms, as suggested by Peppe (Peppe ¶21: “In this way, the attack vector that is currently experiencing the attack and the one or more additional vectors that are determined by the similarity search as potentially under attack may be identified as being targeted by the same multiple vector attack. In contrast, a conventional security application may fail to detect such a multiple vector attack, thereby leaving some attack vectors of the assets vulnerable even if other attack vectors are successful protected by remedial protection measures.”).

Regarding Claim 10:
Claim 10 is a product claim, corresponding to product claim 2. The only difference is that claim 10 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 10 is rejected for the same reasons as claim 2.

Regarding Claim 11:
Claim 11 is a product claim, corresponding to product claim 3. The only difference is that claim 11 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 11 is rejected for the same reasons as claim 3.

Regarding Claim 12:
Claim 12 is a product claim, corresponding to product claim 4. The only difference is that claim 12 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 12 is rejected for the same reasons as claim 4.

Regarding Claim 13:
Claim 13 is a product claim, corresponding to product claim 5. The only difference is that claim 13 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 13 is rejected for the same reasons as claim 5.

Regarding Claim 14:
Claim 14 is a product claim, corresponding to product claim 6. The only difference is that claim 14 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 14 is rejected for the same reasons as claim 6.

Regarding Claim 15:
Claim 15 is a product claim, corresponding to product claim 7. The only difference is that claim 15 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 15 is rejected for the same reasons as claim 7.

Regarding Claim 16:
Claim 16 is a product claim, corresponding to product claim 8. The only difference is that claim 16 recites a non-transitory computer readable storage medium and a processor, taught above. Claim 16 is rejected for the same reasons as claim 8.

Regarding Claim 17:
Claim 17 is a method claim, corresponding to product claim 1. Claim 17 is rejected for the same reasons as claim 1.

Regarding Claim 18:
Claim 18 is a method claim, corresponding to product claim 2. Claim 18 is rejected for the same reasons as claim 2.

Regarding Claim 19:
Claim 19 is a method claim, corresponding to product claim 3. Claim 19 is rejected for the same reasons as claim 3.

Regarding Claim 20:
Claim 20 is a method claim, corresponding to product claim 4. Claim 20 is rejected for the same reasons as claim 4.

Regarding Claim 21:
Claim 21 is a method claim, corresponding to product claim 5. Claim 21 is rejected for the same reasons as claim 5.

Regarding Claim 22:
Claim 22 is a method claim, corresponding to product claim 6. Claim 22 is rejected for the same reasons as claim 6.

Regarding Claim 23:
Claim 23 is a method claim, corresponding to product claim 7. Claim 23 is rejected for the same reasons as claim 7.

Regarding Claim 24:
Claim 24 is a method claim, corresponding to product claim 8. Claim 24 is rejected for the same reasons as claim 8.

Prior Art of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Sheyner et al. (“Automated Generation and Analysis of Attack Graphs”) discloses a graph generator and weight postulator in the Abstract, “We base our technique on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently. We also describe two analyses to help decide which attacks would be most cost-effective to guard against.”
Nguyen et al. (“Predicting Vulnerable Software Components with Dependency Graphs”) discloses a graph generator based on documentation in sec. 4.1 ¶2, “Figure 5 summarizes steps for generating CDG from code base of JSE. Firstly, the code base is fed into Doxygen1, a source code documentation generation, and RSM2, a tool calculating standard source code metrics, to generate reports. Doxygen is configured to extract all private and static members of a component, and to generate dependency information for these members. […] These information is used to construct the MDG. On the other hand, the functional metrics are extracted from the outcome of RSM, and then embedded into the MDG. Finally, the nodes and edges of MDG are then synthesized to produce the CDG.”)
	Xu et al. (“Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection”) discloses a graph generator and analyzer in the Abstract, “To address these issues,
in this work, we propose a novel neural network-based approach to compute the embedding, i.e., a numeric vector, based on the control flow graph of each binary function, then the similarity detection
can be done efficiently by measuring the distance between the embeddings for two functions.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Somie Park whose telephone number is (571)272-1056. The examiner can normally be reached 9:00am - 5:00pm, Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ann Lo can be reached on (571)272-9767. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SOMIE PARK/Examiner, Art Unit 2126  
/ANN J LO/Supervisory Patent Examiner, Art Unit 2126