DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Non-Final Office Action in response to applicant’s filing on September 01, 2020.
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on September 10, 2020. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-9, 11-16, and 18- 20 are rejected under 35 U.S.C. 103 as being unpatentable over Miserendino et al.  (US 2017/0262633 A1) in view of Schmidter et al. (US 2016/0335435 A1).

In regards to claim 1, Miserendino discloses a method comprising: receiving, by a processing resource of a sandbox appliance, a file (Miserendino, Fig. 1 and Para. 0071, method 430 receives a set of training files which are each known to be either malign or benign (block 432));
classifying, by the processing resource, the file based on the feature vector by applying a machine-learning model (Miserendino, Para. 0060, a model is learned from some collection of feature vectors representing that set of objects. The success of a machine-learning system for classification is usually dependent on the choice of attributes, the availability of feature vector instances, and the complexity of the selected model or learning algorithm); and 
when a result of said classifying indicates classification of the file is unknown, representing insufficient information is available to identify the file as malicious or benign (Miserendino, Para. 0044, the malware detector 108 may be a program, application, routine, programmed logic circuit, or other automated implementation that applies the malware classifier to unknown files 105 to provide an indication of whether the files are malign or benign), causing, by the processing resource, sandbox processing to be performed on the file (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112).
Miserendino fails to disclose generating, by the processing resource, a feature vector associated with the file by extracting a plurality of static features from the file;
However, Schmidter teaches generating, by the processing resource, a feature vector associated with the file by extracting a plurality of static features from the file (Schmidter, Para. 0058, operation 306 comprises generating at least one feature vector from the plurality of static data points extracted using the learning classifier trained by the knowledge base);
Miserendino and Schmidter are both considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino to incorporate the teachings of Schmidter to include generating, by the processing resource, a feature vector associated with the file by extracting a plurality of static features from the file (Schmidter, Para. 0058). Doing so would aid to continuously collect data, generate a more robust collection of file data to improve classification of file data and train a classifier used to detect whether an executable file is harmful, benign, or potentially unwanted (Schmidter, Para. 0017).

In regards to claim 3, the combination of Miserendino and Schmidter teaches the method of claim 1, wherein the sandbox processing involves monitoring dynamic behaviors exhibited by the file while being executed within a sandbox environment (Miserendino, Para. 0045, comparison by comparing dynamic, graphical visualizations 114 of the execution state data of the unknown file and known malware. If such comparisons show similarities or matches, this fact may be used to provide greater confidence that the unknown file is malign).  

In regards to claim 4, the combination of Miserendino and Schmidter teaches the method of claim 3, wherein the dynamic behaviors include one or more of a registry operation, a file operation, an operating system application programming interface (API) call, and a network connection (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112 or in a live running system (that is not a sandbox)).  

In regards to claim 5, the combination of Miserendino and Schmidter teaches the method of claim 1, further comprising:
 identifying, by the processing resource, one or more additional static features associated with the file as a result of the sandbox processing (Miserendino, Para. 0045, when used to detect malware, an embodiment may then execute unknown files in the same or similar sandbox environment 112);
updating, by the processing resource (Miserendino, Para. 0058, the code for generating the feature vectors has to be changed with new mechanisms for deriving the corresponding features, and the length of the feature vector has to be manually adjusted to reflect this change), the feature vector based on the one or more additional static features (Miserendino, Para. 0045, while also using a graphical, dynamic visualization of the execution state of malware); and 
re-classifying, by the processing resource (Miserendino, Para. 0069, the EFVG 404 may be re-used during testing and prediction (classifying)), the file based on the updated feature vector by re-applying the machine-learning model (Miserendino, Para. 0058, feature vectors for machine-learning are “hard coded,” meaning that a specific method is tailored to generate the corresponding feature vector corresponding to an object depending on the attributes under consideration).  

In regards to claim 6, the combination of Miserendino and Schmidter teaches the method of claim 1, wherein the static features comprises any or combination of a size of the file, entropy of the file, a certificate associated with the file, API functions imported by the file, an icon present within the file, a NET header of the file, version information associated with the file, registry keys, import tables packing methods used by samples, programming languages used, version and type of linker used, presence of byte streams used by common libraries for encryption of files, compilation time of the sample, suspicious printable characters in byte stream, a number of imported API calls, number of data directories used, number of imported libraries, largest length of consecutive American Standard Code for Information Interchange (ASCII) characters, largest length of Hexadecimal (HEX) bytes, and length of copyright field (Miserendino, Para. 0072, the .ARFF file is a ASCII text file that describes a list of instances sharing a set of attributes, developed by the Machine-Learning Project).  

In regards to claim 7, the combination of Miserendino and Schmidter teaches the method of claim 1, further comprising training, by the processing resource, the machine-learning model based on static features associated with a plurality of known samples including both benign and malicious samples (Miserendino, Para. 0013, The models are derived from analysis of the features of known malicious and benign sets (the “training set”)).  

In regards to claim 8, the combination of Miserendino and Schmidter teaches the method of claim 1, further comprising updating, by the processing resource, the machine-learning model based on feedback received from an oracle regarding said classifying (Miserendino, Para. 0143, to make a final decision as to whether to deem a sample as benign or malicious embodiments of the system and method allows users to adjust a decision threshold where samples receiving scores above the threshold are marked malicious; note an oracle which can interpret as a user).  

In regards to claim 9, Miserendino discloses a sandbox appliance comprising: 
a processing resource (Miserendino, Para. 0147); and 
a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource to (Miserendino, Para. 0147):
receive a sample under test (Miserendino, Fig. 1 and Para. 0071, method 430 receives a set of training files which are each known to be either malign or benign (block 432)); 
classify the sample under test based on the feature vector by applying a machine- learning model (Miserendino, Para. 0060, a model is learned from some collection of feature vectors representing that set of objects. The success of a machine-learning system for classification is usually dependent on the choice of attributes, the availability of feature vector instances, and the complexity of the selected model or learning algorithm); and 
when a result of classification of the sample under test is unknown, representing insufficient information is available to identify the sample under test as malicious or benign (Miserendino, Para. 0044, the malware detector 108 may be a program, application, routine, programmed logic circuit, or other automated implementation that applies the malware classifier to unknown files 105 to provide an indication of whether the files are malign or benign), cause sandbox processing to be performed on the sample under test (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112).  
Miserendino fails to disclose generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test; 
However, Schmidter teaches generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test (Schmidter, Para. 0058, operation 306 comprises generating at least one feature vector from the plurality of static data points extracted using the learning classifier trained by the knowledge base);
Miserendino and Schmidter are both considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino to incorporate the teachings of Schmidter to include generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test (Schmidter, Para. 0058). Doing so would aid to continuously collect data, generate a more robust collection of file data to improve classification of file data and train a classifier used to detect whether an executable file is harmful, benign, or potentially unwanted (Schmidter, Para. 0017).

In regards to claim 11, the combination of Miserendino and Schmidter teaches the sandbox appliance of claim 9, wherein the sandbox processing involves monitoring dynamic behaviors exhibited by the sample under test while being executed within a sandbox environment (Miserendino, Para. 0045, comparison by comparing dynamic, graphical visualizations 114 of the execution state data of the unknown file and known malware. If such comparisons show similarities or matches, this fact may be used to provide greater confidence that the unknown file is malign).  

In regards to claim 12, the combination of Miserendino and Schmidter teaches the sandbox appliance of claim 11, wherein the dynamic behaviors include one or more of a registry operation, a file operation, an operating system application programming interface (API) call, and a network connection (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112 or in a live running system (that is not a sandbox)).  

In regards to claim 13, the combination of Miserendino and Schmidter teaches the sandbox appliance of claim 9, wherein the instructions further cause the processing resource to:
 identify one or more additional static features associated with the sample under test as a result of the sandbox processing (Miserendino, Para. 0045, when used to detect malware, an embodiment may then execute unknown files in the same or similar sandbox environment 112); 
update the feature vector based on the one or more additional static features (Miserendino, Paras. 0045, and 0058, the code for generating the feature vectors has to be changed with new mechanisms for deriving the corresponding features, and the length of the feature vector has to be manually adjusted to reflect this change); and
 re-classifying the sample under test based on the updated feature vector by re- applying the machine-learning model (Miserendino, Paras. 0058 and 0069, feature vectors for machine-learning are “hard coded,” meaning that a specific method is tailored to generate the corresponding feature vector corresponding to an object depending on the attributes under consideration).  

In regards to claim 14, the combination of Miserendino and Schmidter teaches the sandbox appliance of claim 9, wherein the sample under test comprises a file and wherein the static features comprises any or combination of a size of the file, entropy of the file, a certificate associated with the file, API functions imported by the file, an icon present within the file, a NET header of the file, version information associated with the file, registry keys, import tables packing methods used by samples, programming languages used, version and type of linker used, presence of byte streams used by common libraries for encryption of files, compilation time of the sample, suspicious printable characters in byte stream, a number of imported API calls, number of data directories used, number of imported libraries, largest length of consecutive American Standard Code for Information Interchange (ASCII) characters, largest length of Hexadecimal (HEX) bytes, and length of copyright field (Miserendino, Para. 0072, the .ARFF file is a ASCII text file that describes a list of instances sharing a set of attributes, developed by the Machine-Learning Project).  

In regards to claim 15, the combination of Miserendino and Schmidter teaches the sandbox appliance of claim 9, wherein the instructions further cause the processing resource to update the machine-learning model based on feedback received from an oracle regarding classification of the sample under test (Miserendino, Para. 0143, to make a final decision as to whether to deem a sample as benign or malicious embodiments of the system and method allows users to adjust a decision threshold where samples receiving scores above the threshold are marked malicious; note an oracle which can interpret as a user).    

In regards to claim 16, Miserendino discloses a non-transitory machine readable medium storing instructions that when executed by a processing resource of a sandbox appliance cause the processing resource to:
receive a sample under test (Miserendino, Fig. 1 and Para. 0071, method 430 receives a set of training files which are each known to be either malign or benign (block 432)); 
classify the sample under test based on the feature vector by applying a machine- learning model (Miserendino, Para. 0060, a model is learned from some collection of feature vectors representing that set of objects. The success of a machine-learning system for classification is usually dependent on the choice of attributes, the availability of feature vector instances, and the complexity of the selected model or learning algorithm); and 
when a result of classification of the sample under test is unknown, representing insufficient information is available to identify the sample under test as malicious or benign (Miserendino, Para. 0044, the malware detector 108 may be a program, application, routine, programmed logic circuit, or other automated implementation that applies the malware classifier to unknown files 105 to provide an indication of whether the files are malign or benign), cause sandbox processing to be performed on the sample under test (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112).  
Miserendino fails to disclose generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test; 
However, Schmidter teaches generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test (Schmidter, Para. 0058, operation 306 comprises generating at least one feature vector from the plurality of static data points extracted using the learning classifier trained by the knowledge base);
Miserendino and Schmidter are both considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino to incorporate the teachings of Schmidter to include generate a feature vector associated with the sample under test by extracting a plurality of static features from the sample under test (Schmidter, Para. 0058). Doing so would aid to continuously collect data, generate a more robust collection of file data to improve classification of file data and train a classifier used to detect whether an executable file is harmful, benign, or potentially unwanted (Schmidter, Para. 0017).

In regards to claim 18, the combination of Miserendino and Schmidter teaches the non-transitory machine readable medium of claim 16, wherein the sandbox processing involves monitoring dynamic behaviors exhibited by the sample under test while being executed within a sandbox environment (Miserendino, Para. 0045, comparison by comparing dynamic, graphical visualizations 114 of the execution state data of the unknown file and known malware. If such comparisons show similarities or matches, this fact may be used to provide greater confidence that the unknown file is malign).    

In regards to claim 19, the combination of Miserendino and Schmidter teaches the non-transitory machine readable medium of claim 18, wherein the dynamic behaviors include one or more of a registry operation, a file operation, an operating system application programming interface (API) call, and a network connection (Miserendino, Para. 0045, an embodiment may then execute unknown files in the same or similar sandbox environment 112 or in a live running system (that is not a sandbox)).    

In regards to claim 20, the combination of Miserendino and Schmidter teaches the non-transitory machine readable of claim 16, wherein the instructions further cause the processing resource to:
 identify one or more additional static features associated with the sample under test as a result of the sandbox processing (Miserendino, Para. 0045, when used to detect malware, an embodiment may then execute unknown files in the same or similar sandbox environment 112); 
update the feature vector based on the one or more additional static features (Miserendino, Para. 0058, the code for generating the feature vectors has to be changed with new mechanisms for deriving the corresponding features, and the length of the feature vector has to be manually adjusted to reflect this change); and 
re-classifying the sample under test based on the updated feature vector by re- applying the machine-learning model (Miserendino, Para. 0069, the EFVG 404 may be re-used during testing and prediction (classifying)) and Para. 0058, feature vectors for machine-learning are “hard coded,” meaning that a specific method is tailored to generate the corresponding feature vector corresponding to an object depending on the attributes under consideration).  

Claims 2, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Miserendino et al.  (US 2017/0262633 A1) in view of Schmidter et al. (US 2016/0335435 A1), and further in view of Zhang (US 2018/0114018 A1).

In regards to claim 2, Miserendino in view of Schmidter fails to teach the method of claim 1, further comprising prior to said classifying, pre-filtering, by the processing resource, the file by performing signature-based scanning on the file.
However, Zhang teaches the method of claim 1, further comprising prior to said classifying, pre-filtering, by the processing resource, the file by performing signature-based scanning on the file (Zhang, Fig.1, Para. 0029, the sample files may be scanned by a file signature-based malware detection engine).  
Miserendino, Schmidter, and Zhang are all considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino and Schmidter to incorporate the teachings of Zhang to include further comprising prior to said classifying, pre-filtering, by the processing resource, the file by performing signature-based scanning on the file (Zhang, Fig.1, Para. 0029). Doing so would aid to determine If no malware is detected by the behavior-based malware detection, a memory dump based malware detection process may then be executed to determine whether the sample file represents malware. After the sample file is classified by malware detection and classification system 100, the classification is returned to the subscriber and the subscriber may allow or block the sample file based on the returned classification (Zhang, Para. 0029).

In regards to claim 10, Miserendino in view of Schmidter fails to teach the sandbox appliance of claim 9, wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test.  
However, Zhang teaches the sandbox appliance of claim 9, wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test (Zhang, Fig.1, Para. 0029, the sample files may be scanned by a file signature-based malware detection engine).  
Miserendino, Schmidter, and Zhang are all considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino and Schmidter to incorporate the teachings of Zhang to include the sandbox appliance of claim 9, wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test (Zhang, Fig.1, Para. 0029). Doing so would aid to determine If no malware is detected by the behavior-based malware detection, a memory dump based malware detection process may then be executed to determine whether the sample file represents malware. After the sample file is classified by malware detection and classification system 100, the classification is returned to the subscriber and the subscriber may allow or block the sample file based on the returned classification (Zhang, Para. 0029).

In regards to claim 17, Miserendino in view of Schmidter fails to teach the non-transitory machine readable medium of claim 16, wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test.  
However, Zhang teaches wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test (Zhang, Fig.1, Para. 0029, the sample files may be scanned by a file signature-based malware detection engine).  
Miserendino, Schmidter, and Zhang are all considered to be analogous to the claim invention because they are in the same field of generating a feature vector associated with the file by extracting static features from the file, and classifying the file based on the feature vector by applying a machine-learning model. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Miserendino and Schmidter to incorporate the teachings of Zhang to include wherein the instructions further cause the processing resource to prior to classification of the sample under test, prefilter the sample under test by performing signature-based scanning on the sample under test (Zhang, Fig.1, Para. 0029). Doing so would aid to determine If no malware is detected by the behavior-based malware detection, a memory dump based malware detection process may then be executed to determine whether the sample file represents malware. After the sample file is classified by malware detection and classification system 100, the classification is returned to the subscriber and the subscriber may allow or block the sample file based on the returned classification (Zhang, Para. 0029).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Mankin et al. (US 2015/0106931 A1) teaches systems and methods for classifying executable files as likely malware or likely benign. The techniques utilize temporally-ordered network behavioral artifacts together with machine learning techniques to perform the classification.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496

/HARESH N PATEL/Primary Examiner, Art Unit 2496