Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present office action is a response to an application filed 04/26/2020, having Claims 1-3 pending for examination. 
Priority
     The application does not claim any priority benefit.
Specification
35 U.S.C. 112(a) or pre-AIA  35 U.S.C.  112, requires the specification to be written in “full, clear, concise, and exact terms.” The specification is replete with terms which are not clear, concise and exact. The specification should be revised carefully in order to comply with 35 U.S.C. 112(a) or pre-AIA  35 U.S.C.  112.  Non-exhaustive examples of some unclear, inexact or verbose terms used in the specification are: 
Spec page 4, last full paragraph beginning “Step S2….”, middle two lines, the phrase “the URI is escaped into a segment of readable text based on a rule of a URI character,” is unclear or inexact because “escaped” is not understood within the context of the phrase.  Instead of “escaped”, certain select URL characters appear to be converted into, or replaced by, differing characters per the specification provided table and examples.  Finally, adding the phrase “, as provided, for example, by the following table” after “URL character” is also suggested.
Spec page 5, last full paragraph beginning “Step S4…”, lines 3-4, the phrase “segmented word is escaped according to the above table,” is unclear or inexact because “escaped” is not understood within the context of the phrase.  Instead of “escaped”, certain select URL characters appear to be converted into, or replaced by, differing characters per the specification provided table and examples.  
Spec Table spanning pages 4-5, neither the forward slash “/” character, nor the conversion URL “%2F” code mentioned within the subsequent spec page 4, last full paragraph example, are provided within the Table.  Examiner suggests that the pages 4-5 Table be amended to further include the forward slash “/” character in association with the conversion URL “%2F” code.
Spec Table spanning pages 4-5, is unclear in that the table lists the back slash “\” character twice, which provide two conflicting conversion URL codes, i.e., “%22” and “%5C”.  
A substitute specification in proper idiomatic English and in compliance with 37 CFR 1.52(a) and (b) is required.  The substitute specification filed must be accompanied by a statement that it contains no new matter.
Claim Objections
Claims 1-3 are objected to because of the following informalities:
Claim 1, the final claim limitation recites “thus optimizing the device backend for an injected place and improving the security”.  The particular limitation, when considering the claim as a whole, appears to be improperly drafted method claim limitation because it is only expressing the intended purpose without actively reciting any detailed steps or process under U.S. practice.  In addition, Claim 1, within the final claim limitations of “thus optimizing the device backend for an injected place and improving the security”, “the device backend” and “the security” lack proper antecedent basis.  Appropriate correction is required.
Claim 2, the final claim limitation recites “and thus, a training set meeting a URL specification is constructed, and a false alarm rate and an alarm leakage rate of the algorithm for the SQL injection are reduced”.  The particular limitation, when considering the claim as a whole, appears to be improperly drafted method claim limitation because it is only expressing the intended purpose without actively reciting any detailed steps or process under U.S. practice.  Appropriate correction is required.
Claim 3, the final claim limitation recites “so that the training set is continuously expanded to improve an identification accuracy of the algorithm for the SQL injection”.  The particular limitation, when considering the claim as a whole, appears to be improperly drafted method claim limitation under U.S. practice.  In addition, claim 3, lines 2 and 4, recites “the training set”, which lacks a proper antecedent basis.   Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-3 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1, within the final claim limitation, which recites “thus optimizing the device backend for an injected place and improving the security”.  The scope of the claim is unclear as it is not understood what is meant by “for an injected place”.  
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (CN107241352A), hereinafter, “Chen”, in view of Abaimov et al., Coddle: Code-Injected Detection With Deep Learning, 20 Sept 2019, hereinafter “Abaimov”.
NOTE: In the several art-discussion paragraphs to follow, “bolded” text portions present a reiteration of Applicant’s existing claim limitations, while (parenthesized non-bolded text) following each “bolded” text portion provides one or more descriptive pointer and/or comments (e.g., FIG. 1, para. [0001], “widget”) to help relate portions of the applied art reference(s) to Applicant’s claim limitations.  In the interest of conciseness, only a limited number of pointers are included and Applicant is advised to further review the art for additional art reference disclosure portions of interest.  That is, the descriptive pointers provided are not meant to be exhaustive or comprehensive, and are only meant to present a single lead-in point for a reader’s more detailed review of the art reference for material relevant to the subject claim limitations.  Further, any text portions having “” represent claim limitation portions not taught by the art then being discussed, while subsequent “underline-bolded” text portions indicate that the previously un-taught claim limitation portions are now being taught by a most-recent art reference being discussed.
As per claim 1, Chen discloses:
A method (Chen Summary of the Invention section) for detecting Structured Query Language (SQL) injection (Chen page 10, para. 6, “…SQL injection attack”) based on a big data algorithm (Chen Abstract, “…uses the Naïve Bayes model to classify”), wherein the method combines a term after word segmentation with a Uniform Resource Locator (URL) (Chen page 3, second last para.,  “S3 …construct the url after the word segmentation) (Chen Abstract, “…depending on the machine learning) and uses a Bayes naive algorithm to identify the SQL injection (Chen Abstract, “…uses the Naïve Bayes model to classify”), and timely discovers whether a device backend has a loophole according to an SQL injection manner (Chen page 17, third last para., “…when the Bayesian classifier to the judgement result of a certain type of attack is more than the pre-set threshold Y, it should take effective measures to block and prevention”), thus optimizing the device backend for an injected place (Chen Abstract, “…Improving the efficiency of the network attack behaviour classification”) and improving the security (Chen Abstract, “…improves the classification accuracy of detection and improves guarantee for network security”).
Chen does not explicitly disclose, but Abaimov (in the same field of endeavor, and in its effort to counter injection attacks) teaches (Abaimov page 128622, left column, first para.) “…an approach which replaces an otherwise atomic expression (such as an escape symbol …) …with a code pair”.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Chen’s method to replace expressions or characters (such as an escape symbol) with a code pair (e.g., replacement character(s)) in an effort to combat injection as taught by Abaimov, and thereby, Applicant’s claimed arrangement which “…combines a term after word segmentation with a Uniform Resource Locator (URL) escape character” would have been obvious before the effective filing date.  Motivation for modifying would have been (Abaimov page 128626, “Conclusion” section, third paragraph) to convert to “…a simple semantic label which helps the neural network to ‘understand’ the role of the specific symbol or operator itself, thus significantly reducing the training needs”.
Chen does not explicitly disclose, but Abaimov (in the same field of endeavor) teaches (Abaimov page 128620, right column, “C. Deep Learning” section, second paragraph) that “Deep learning can be supervised, semi-supervised or unsupervised”.  Abaimov further teaches (Abaimov page 128620, right column, first paragraph) that its own system “…relies on a supervised approach”.  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Chen’s method to further utilize supervised learning as taught by Abaimov, and thereby, Applicant’s claimed arrangement of “…wherein the method  …uses a supervised machine learning manner”, would have been obvious before the effective filing date.  Motivation for modifying would have been because Abaimov teaches (Abaimov page 128620, right column, last full paragraph) that supervised learning “…yields less false events (i.e., the sum of false positives and false negatives) as compared to unsupervised machine learning…”.
As per claim 2, Chen and Abaimov rendered the method of base claim 1 obvious as detailed above.  Chen further teaches, and Abaimov further discloses: The method for detecting SQL injection based on the big data algorithm as claimed in claim 1, wherein a method for processing a characteristic based on an URL character semantic transformation uses the URL character semantic transformation to process the characteristic, so that a word and a sentence in an URL are segmented and the URL escape character is further carried (Abaimov page 128622, right column, second full paragraph, “…a better encoding mechanism consists in mapping each command/symbol not as a single value, but as a pair of values, where one of the values (the type of command/symbol/expression), serving as a simple semantic label.  More specifically, the encoding algorithm converts words and symbols into numeric tokens and pairs them with an identifier (0 for operators, 1 for expressions and 2 for escape symbols) and processes them as a pattern”); and thus, a training set (Chen page 12, second last para., “…training the model”) meeting a URL specification is constructed (Chen page 3, second last para.,  “S3 …construct the url after the word segmentation), and a false alarm rate and an alarm leakage rate of the algorithm for the SQL injection are reduced (Abaimov Abstract, Abaimov’s “… type/value encoding improves the detection rate from a baseline of about 75% up to 95% accuracy, 99% precision, and a 92% recall value).  As a result of the Chen/Abaimov combination having further disclosed/taught claim 2’s features/limitations, claim 2 would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention.  Motivation to combine would have been (Abaimov page 128622, left column, first para.) that a “…transform (encode) [of] the original query into a different pattern, by adding domain-specific knowledged in the form of “type” labels, …will ….be more readily ‘learned’ by the CNN.  
As per claim 3, Chen and Abaimov rendered the method of base claim 1 obvious as detailed above.  Abaimov further acknowledged the possibility of manual or “expert” selection to attempt to optimize outcomes (Abaimov page 128623, right column, first full sentence, “Manual selection of optimal neural network shape and training settings in a stochastic method that requires significant time of trial and error by re-evaluating the program with numerous parameters, and does not always result in the most optimal outcomes”), but further teaches that “optimization algorithms” are preferred (Abaimov page 128623, right column, second full sentence, “Optimisation algorithms allow to automate this process and select the highest performing configuration of parameters, without manual re-configuration.”  It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify Chen’s method to include manual or “expert” selection as taught by Abaimov.  As a result of the Chen/Abaimov combination having rendered claim 1 obvious, and having further disclosed/taught claim 3’s features/limitations, claim 3’s limitations of,  The method for detecting SQL injection based on the big data algorithm as claimed in claim 1, wherein concerning a method for enhancing the training set based on an expert determination, a result identified by the algorithm is further processed and artificially confirmed by an expert, and then can be struck into the training set again, so that the training set is continuously expanded to improve an identification accuracy of the algorithm for the SQL injection”,  would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention .  Motivation would have been a simple design choice or selection to include a known manual or “expert” arrangement in addition to the alternatively known automated arrangement for improved versatility.  
Conclusion
The prior art made of record and listed on the attached Form PTO-892 not relied upon is considered pertinent to applicant's disclosure.  For example, some Form PTO-892-listed references include:
Zhang et al., SQL Injection Attack Principles and Preventive Techniques for PHP Site, Association for Computing Machinery, Oct 2018, teaches that the use of PHP escape function (such as mysql_real_escape_string) can be used to block SQL injection vulnerabilities, and that the use of escape characters converts some risky characters in a string to special symbols, so as to prevent the purpose of injection.
Meteer et al. (US20190180175A1) teaches that a classification engine may utilize supervised learning to build the machine learning classifier for analyzing the segments and their features, and further that an expert administrator can review and manually tag for improvement, or other predetermined criteria.
Gan (CN109672666A) relates to a network attack detecting method and device having a machine learning model component such as a Naive Bayes algorithm training classifier.
Shen (CN109150886A) relates to a structured query language injection attack detecting method and related device, to reduce the detection of SQL injection attack of false missing, and improve accuracy of detecting SQL injection attack.
Zhang (CN109547423A) relates to a malicious request for WEB depth detection system and method based on machine learning, where in the URL of each flow process of performing word segmentation processing, a URL is divided into a plurality of sub-strings, each sub-character string may be regarded as "characteristic" of the URL.
Shao (CN110321711A) relates to a method and system for detecting SQL injection point of application server.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAUL J SKWIERAWSKI whose telephone number is (571)272-2642. The examiner can normally be reached M-F 8:00am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Supervisory Primary Examiner (SPE) YIN-CHEN SHAW can be reached on (571)272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Paul Skwierawski/
Examiner, Group Art Unit 2498


/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498