Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Mr. Jinggao Li on July 21, 2022.

The application has been amended as follows: 

1. (Currently Amended) A system for malicious HTTP traffic detection with multi- field relation, comprising a client for unloading malicious HTTP traffic and a server for receiving and detecting the malicious HTTP traffic, wherein the server comprises an active label corrector for correcting noisy labels of the malicious HTTP traffic and a multi-field feature extractor for automatically discovering underlying features of the malicious HTTP traffic[[.]];
wherein the active label corrector is configured to have the functions of: 
(1) using a URI field to construct a corpus set; 
(2) getting the dictionary size of the corpus set; 
(3) initializing an embedding matrix, and creating a word2vec model using training samples in datasets to train the matrix; 
(4) obtaining the average value of each sample by averaging the position of each sample in the embedding matrix; 
(5) creating an empty Support vector (SUP) set; 
(6) creating an empty non-support vector (NSUP) set; 
(7) creating a first Support Vector Machine (SVM) model using all samples in the datasets; 
(8) separating the support vectors of the first SVM model from the dataset and add them to SUP set and add the rest to NSUP set; 
(9) creating a second SVM model using the samples in NSUP set; 
(10) testing the samples in SUP set using the second SVM model and re-ranking the mislabeled samples based on their probability; 
(11) checking the previously unseen samples in SUP set based on the ranking obtained in Step (9), and correcting the corrupted labels in the dataset; and 
(12) repeating the Steps (6) to (12) until all the noise samples are adjusted.

2. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 1, further comprising a field segmentor for dividing the different fields of the malicious HTTP traffic into structure fields and restrained fields and segmenting the different fields into uniform formats.

3. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 2, wherein the structure fields comprise host, URI, referrer and user- agent, and the restrained fields comprises method, version, request and response content-type, and response status code.

4. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 1, wherein the active label corrector is configured to use an SVM- based label correction algorithm to correct the noisy labels.

5. (Cancelled) 

6. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 1, wherein the multi-field feature extractor comprises a hybrid network for discovering the underlying relation among fields and reducing the trivial information and improving interpretability.

7. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 6, wherein the multi-field feature extractor comprises a field embedding module for transforming plain texts into numeric output through a trainable matrix.

8. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 7, wherein the multi-field feature extractor comprises an inception block, which is composed of convolutional filters and a max pooling operation for extracting different size of context patterns.

9. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 8, wherein the hybrid network comprises a multi-layer cross network for automatically searching effective features and an attention network for relieving the trivial information and trying to automatically discover the important parts of different fields and gather them together.

10. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 8, wherein the hybrid network is configured to be trained by supervised multi-field feature extraction samples.

11. (Previously Presented) The system for malicious HTTP traffic detection with multi-field relation of claim 1, further comprising an explainable predictor for presenting an interpretable report.


REASONS FOR ALLOWANCE

Claims 1-4 and 6-11 are allowed. No reason for allowance is necessary as the record is clear in light of further search conducted and persuasive arguments filed on 01/13/2020. See MPEP 1302.14(I).

	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form 892.




 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIN ESKANDARNIA whose telephone number is (571)270-3205. The examiner can normally be reached 7:30am-5pm M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ARVIN ESKANDARNIA/             Primary Patent Examiner, Art Unit 2446