DETAILED ACTION

1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA ..  

2.	Claims 1, 8 and 15 are independent.

3.	The IDS’es submitted on 12/3/2018 and 12/12/2018 have been considered.


Examiner’s Amendment
4.         An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephonic interview with Applicants' representative, Samir Bhavsar (Reg. No. 41,617) on 6/13/2022.






5.         The following listing of claims replaces all previous versions and listings of claims:
1. (Currently Amended) A device, comprising: 
a memory [[operable]] to store a machine learning model configured to map a set of feature vector inputs to a plurality of clusters; and  
5a model training engine implemented by a processor [[operably]] coupled to the memory, configured to: 
obtain a set of data values associated with a feature vector; 
sort the set of data values in an ascending order; 
determine a range value for the set of data values, wherein the range 10value is equal to a difference between a maximum data value and a minimum data value; 
determine an average separation distance by dividing the range value by the number of data values in the set of data values; 
determine separation distances between adjacent data values in the set 15of data values; 
generate a set of gradients by dividing the separation distances by the average separation distance; 
compare each gradient from the set of gradients to a gradient threshold value;  
20identify a boundary in response to determining a gradient exceeds the gradient threshold value; 
determine a number of identified boundaries; 
determine a number of clusters based on the number of identified boundaries; [[and]] 
25train the machine learning model to associate the determined number of clusters with the feature vector; and
assign the data values from the set of data values to the clusters.  
  

2. (Original) The device of claim 1, wherein the set of feature vector inputs comprises non-numerical values.  

3. (Original) The device of claim I, wherein the set of feature vector inputs comprises text inputs.  

4. (Original) The device of claim 1, wherein the model training engine is configured 5to normalize the set of data values.  

5. (Original) The device of claim I, wherein each cluster in the plurality of clusters corresponds with a different network attack.  

106. (Cancelled)  

7. (Currently Amended) The device of claim [[6]]1, wherein the model training engine is further configured to compute centroids for the clusters.  

8. (Currently Amended) A machine learning model training method, comprising: 
obtaining, by a model training engine implemented by a processor, a set of data values associated with a feature vector; 
sorting, by the model training engine, the set of data values in an ascending 5order; 
determining, by the model training engine, a range value for the set of data values, wherein the range value is equal to a difference between a maximum data value and a minimum data value; 
determining, by the model training engine, an average separation distance by 10dividing the range value by the number of data values in the set of data values; 
determining, by the model training engine, separation distances between adjacent data values in the set of data values; 
generating, by the model training engine, a set of gradients by dividing the separation distances by the average separation distance;  
15comparing, by the model training engine, each gradient from the set of gradients to a gradient threshold value; 
identifying, by the model training engine, a boundary in response to determining a gradient exceeds the gradient threshold value; 
determining, by the model training engine, a number of identified boundaries;  
20determining, by the model training engine, a number of clusters based on the number of identified boundaries; [[and]] 
training, by the model training engine, a machine learning model to associate the determined number of clusters with the feature vector, wherein the machine learning model is configured to map a set of feature vector inputs to a plurality of 25clusters; and
assigning, by the model training engine, the data values from the set of data values to the clusters.  

9. (Original) The method of claim 8, wherein the set of feature vector inputs comprises non-numerical values.  

3010. (Original) The method of claim 8, wherein the set of feature vector inputs comprises text inputs.  

11. (Original) The method of claim 8, further comprising normalizing, by the model training engine, the set of data values.  
12. (Original) The method of claim 8, wherein each cluster in the plurality of clusters 5corresponds with a different network attack.  

13. (Cancelled)  
1014. (Currently Amended) The method of claim [[13]]8, further comprising computing, by the model training engine, centroids for the clusters.  

15. (Currently Amended) A computer program comprising executable instructions stored in a non-transitory computer readable medium that when executed by a processor causes the processor to: 
obtain a set of data values associated with a feature vector;  
5sort the set of data values in an ascending order; 
determine a range value for the set of data values, wherein the range value is equal to a difference between a maximum data value and a minimum data value; 
determine an average separation distance by dividing the range value by the number of data values in the set of data values;  
10determine separation distances between adjacent data values in the set of data values; 
generate a set of gradients by dividing the separation distances by the average separation distance; 
compare each gradient from the set of gradients to a gradient threshold value;  
15identify a boundary in response to determining a gradient exceeds the gradient threshold value; 
determine a number of identified boundaries; 
determine a number of clusters based on the number of identified boundaries; [[and]] 
20train the machine learning model to associate the determined number of clusters with the feature vector; and
assign the data values from the set of data values to the clusters.  

16. (Original) The computer program product of claim 15, wherein the set of feature vector inputs comprises non-numerical values.  

17. (Original) The computer program product of claim 15, further comprising instructions that configure the processor to normalize the set of data values.  

18. (Original) The computer program product of claim 15, wherein each cluster in the 30plurality of clusters corresponds with a different network attack.  

19. (Cancelled)  

520. (Currently Amended) The computer program product of claim [[19]]15, further comprising instructions that configure the processor to compute centroids for the clusters.


















Allowable Subject Matter

6.	Claims 1-5, 7-12, 14-18 and 20 are allowed.  The closest prior art Ben-Hur (US PG Pub. 2005/0071140) discloses a system for choosing the number of clusters, or more generally the parameters of a clustering algorithm wherein the algorithm is based on comparing the similarity between pairs of clustering runs on sub-samples or other perturbations of the data.  The prior art made of record, either in singular or in combination, does not teach or fairly suggest the combination of elements as recited in independent claim 1:
determine a range value for the set of data values, wherein the range 10value is equal to a difference between a maximum data value and a minimum data value; 
determine an average separation distance by dividing the range value by the number of data values in the set of data values; 
determine separation distances between adjacent data values in the set 15of data values; 
generate a set of gradients by dividing the separation distances by the average separation distance; 
compare each gradient from the set of gradients to a gradient threshold value;  
20identify a boundary in response to determining a gradient exceeds the gradient threshold value; 	

the combination of elements as recited in independent claim 8:
determine a range value for the set of data values, wherein the range value is equal to a difference between a maximum data value and a minimum data value; 
determine an average separation distance by dividing the range value by the number of data values in the set of data values;  
10determine separation distances between adjacent data values in the set of data values; 
generate a set of gradients by dividing the separation distances by the average separation distance; 
compare each gradient from the set of gradients to a gradient threshold value;  
15identify a boundary in response to determining a gradient exceeds the gradient threshold value; 

and the combination of elements as recited in independent claim 15:
determine a range value for the set of data values, wherein the range value is equal to a difference between a maximum data value and a minimum data value; 
determine an average separation distance by dividing the range value by the number of data values in the set of data values;  
10determine separation distances between adjacent data values in the set of data values; 
generate a set of gradients by dividing the separation distances by the average separation distance; 
compare each gradient from the set of gradients to a gradient threshold value;  
15identify a boundary in response to determining a gradient exceeds the gradient threshold value; 

7.	As allowable subject matter has been indicated, applicant’s reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433