DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 09/01/2022.
Status of claims in the instant application:
Claims 1-3, 5-14 and 16-22 are pending.
Claims 4 and 15 have been canceled.
Claims 1, 5, 12 and 22 have been amended.
No new claim has been newly added.
Response to Arguments
Applicant’s arguments, see page [10-11] of the remarks filed on 09/01/2022, with respect to rejections of claims under 35 USC 103 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1-3, 5-14 and 16-22 are allowed, but they are renumbered as claim 1-20.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 09/01/2022 in response to office action mailed on 06/08/2022. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
“US 20210034994 A1; Stocker et al.: Stocker discloses systems and methods of the present disclosure include at least one processor that receives a data set of a data stream from a data source, where the data set includes a time-varying data points. The processor determines event observations associated with data points of the time-varying data points based on a detection model to identify types of the event observations, including: i) anomalies, ii) change-points, iii) patterns, or iv) outliers. The processor generates anomaly records in an event data store based on the event observations and automatically generates event records for at least one of the anomaly records based on variables of at least one dimension of the time-varying data points, where the event record links one or more event observations. The processor automatically applies changes in the event record to each event observation of the one or more event observations based on the linking by the event record.
Stocker’s disclosure generally relates to computer-based systems configured for one or more novel technological applications of detecting, classifying, and visualizing events in large-scale, multivariate and multidimensional datasets and methods thereof.
US 20170339022 A1; Hegde et al.: Hegde discloses techniques for performing anomaly detection and prediction in a packet broker of a visibility network are provided. According to one embodiment, the packet broker can apply one or more machine learning models to network traffic that is replicated from a core network. The packet broker can further detect or predict, based on the application of the one or more machine learning models, the occurrence of a network traffic anomaly in the core network. The packet broker can then take one or more predefined actions in response to the detection/prediction of the anomaly.
US 20170116059 A1; Wolf et al.: Wolf discloses a data analyzer engine in a network environment aggregates real-time feedback from multiple resources that collectively provide delivery of content to multiple subscribers in a network environment. According to one arrangement, the multiple resources are disposed along a network communication path between a content delivery source and the subscriber. Based on analyzing the aggregated real-time feedback from the multiple resources disposed along the network communication path, assume that the data analyzer engine detects occurrence of multiple anomaly conditions at a location in the network communication path. Each of the anomaly condition may or may not be representative of an actual network resource failure. In response to detecting first occurrence of the anomaly conditions, the data analyzer engine initiates generation of a notification to appropriate network management personnel indicating the occurrence of the detected anomaly condition. The network management personnel determine a root cause of the first occurrence of the detected anomaly conditions and provide feedback indicating the root cause and how to correct it. Subsequent to learning and recording a pattern of first detected anomaly conditions and the corresponding root cause, a data analyzer engine compares the learned pattern to future received real-time feedback. Upon detecting a match of the learned pattern to a future occurrence of a same set of anomaly conditions, the analyzer engine provides notification to network management personnel to address the network failure. The notification can include information indicating the likely root cause of the newly detected anomaly condition (which matches a pattern of the originally detected anomaly) as well as how to fix it.
US 20160234167 A1; Engel et al.: Engel discloses a method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity. The present invention relates generally to the field of cyber security and more particularly to detection of anomaly action within a computer network.
US 20190245876 A1; FAIGON et al.: FAIGON discloses technology that relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs. The technology disclosed generally relates to using machine learning for detecting in real-time anomalous events in network delivered services.”
However, none of the prior arts of record, alone or in combination, discloses the combination of limitations of the amended independent claims 1, 12 and 22; specifically they do not disclose the combination of claim limitations as recited in amended independent amended claims, “extracting, by the processor, a plurality of feature values associated with predetermined features from a first collection of one or more datasets associated with a plurality of anomaly classes, wherein the predetermined features are individual measurable characteristics of network behavior and user behavior in the presence or absence of an anomaly, and wherein extracting the plurality of feature values from the first collection of one or more datasets comprises refining the first collection of one or more datasets using a first set of rules and using at least one of: a probability distribution technique and traffic pattern recognition techniques on the refined first collection of one or more datasets to extract the plurality of feature values; determining, by the processor, a generic pattern of behavior associated with the plurality of anomaly classes based on the extracted feature values, wherein the generic pattern is representative of behavior which substantially simulates feature values on attack by any of the plurality of anomaly classes”.
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434

/DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434