STATEMENT OF REASONS FOR ALLOWANCE

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1, 13, and 17 were modified in an amendment submitted with a Request for Continued Examination (RCE) filed on July 8, 2022.
Claims 1, 3-13, 15, and 17-20 are currently pending and are allowed.

Claim Objections
Claim 1 was objected to in the previous Office action due to minor informalities.  In view of the amendment submitted with the RCE filed on July 8, 2022, the issues have been resolved and the objection is withdrawn.  

Claim Rejections under 35 USC § 101
Claims 1, 3-13, 15, and 17-20 were rejected under 35 U.S.C. § 101 in the previous Office action because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  Upon further consideration of the Applicant’s arguments and amended claims submitted with the RCE filed on July 8, 2022, and in view of the 2019 Revised Patent Subject Matter Eligibility Guidance, the Examiner agrees that the amended claims are eligible under 35 U.S.C. § 101.  Although the claims contain limitations for collecting and analyzing log file data to detect an anomaly, the amended independent claims specify an additional element of “determining a deviation in the sequence to detect the anomaly by comparing the sequence to a baseline sequence model that is generated during a baseline operation of an information handling system, wherein the anomaly includes the deviation in number of bytes transmitted or number of bytes received from the baseline sequence model.”  The determination of a deviation by comparison of bytes transmitted or received from the base sequence model involves analysis which cannot be practically performed as a mental process.  When considered in conjunction with the other limitations in the amended independent claims, this additional element provides a specific improvement resulting in improved log analysis and anomaly detection.  Accordingly, the rejection of the claims under 35 U.S.C. § 101 is withdrawn.

Prior Art
The following prior art was deemed relevant to the claimed invention and the amended claims:  
Karppanen (U.S. Patent Publication No. 2017/0102919) was cited in previous rejections and teaches logging of bytes written by threads to files, but does not teach using this information to detect anomalies.

Myers (U.S. Patent Publication No. 2020/0169575) teaches detection of anomalous activity on a network using byte counts and determining a deviation from a baseline directionality magnitude value.  However, the teachings of Myers would not be obvious to apply to analysis of log files as required by the claims.

Liu et al. (“An Integrated Method for Anomaly Detection From Massive System Logs,” IEEE Access, 2018) teaches anomaly detection in logs, but does not teach analysis of transmitted/received bytes to detect an anomaly.


Statement of Reasons for Allowance
The following is an Examiner’s statement of reasons for allowance:
Search of the prior art found prior art (listed on the attached PTO-892) which teaches some elements of the claimed invention.  However, the Examiner has determined that none of the prior art found, either alone or in combination with other prior art, explicitly teaches or would reasonably suggest to one of ordinary skill in the art the specific combinations recited in the amended independent claims when the claims are considered as a whole.
 Independent claim 1 contains allowable subject matter because it has been determined that none of the prior art found, either alone or in combination with other prior art, explicitly teaches or would reasonably suggest to one of ordinary skill in the art the specific combination of “determining a deviation in the sequence to detect the anomaly by comparing the sequence to a baseline sequence model that is generated during a baseline operation of an information handling system, wherein the anomaly includes the deviation in number of bytes transmitted or number of bytes received from the baseline sequence model” in conjunction with the other limitations in the claim when the claim is considered as a whole.  While some of the identified prior art teaches clustering of log entries/messages, analysis of sequences within log files, and the use of baselines utilized in conjunction with anomaly detection, the prior art does not explicitly teach or reasonably suggest determining a deviation of bytes from a baseline in conjunction with anomaly detection as described in the claim.  Independent claims 13 and 17, as amended, contain similar limitations as claim 1 and therefore are also allowable.
Accordingly, claims 1, 3-13, 15, and 17-20 are allowed.  
The limitations indicated as allowable are considered as such only in combination with all limitations of the independent claim and any intervening claims.  Any amendment changing the scope of the claims could jeopardize the indication of allowability.
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anthony J. Amoroso whose telephone number is 571-270-3665.  The examiner can normally be reached on M-F 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on 571-272-3655.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANTHONY J AMOROSO/Primary Examiner, Art Unit 2113