Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 7/6/2020.
 	Claims 1-14 are examined. 
Claims 1, 5, 7, 11 are rejected. 
Claims 2, 3, 4, 6, 8, 9, 10, 12, 13 and 14 are objected. 

Allowable Subject Matter
Claims 3, 4, 6, 9, 10, 13 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/6/2020. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 5, 7, 8, 11, 12 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2021/0248443 to Shu et al. (hereinafter known as “Shu”) and in view of U.S. Publication 2019/0325309 to Flamant et al. (hereinafter known as “Flamant”).

As per claim 1 Shu teaches, a non-transitory computer-readable storage medium storing a program that causes a computer to execute a process, the process comprising: 
acquiring training data in which information that indicates whether or not an attack is performed from a first device to a second device is associated with each of a specific operation log from the first device to the second device and a plurality of operation logs that includes operation logs from the first device to the second device before and after the specific operation log (Shu 80-82 teaches attack detection / labelling of data,80 teaches analysis of training data / machine learning); 
generating order matrix data that includes a graph structure that corresponds to each of the plurality of operation logs and an order relationship of the specific operation log and the operation logs before and after the specific operation log (Shu 83-84 teaches operation data analysis and relationships meaning – report, reach function etc); and 
generating a machine learning model based on the training data by inputting the data of the order matrix (Shu 45, 130 teaches training sample data input to GNN (graph neural network)).
Shu does not teach however Flammant teaches, data to a neural network (Flammant para 9 teaches input to Neural Network).  
Shu teaches analysis of log / events for machine learning model for intrusive behavior (abstract). Shu does not teach however Flamant teaches, input to Neural Network (abstract and para 9, 29-30, Fig 1). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Shu - Flamant before him or her, to combine, Shu’s analysis of log / events for machine learning model for intrusive behavior with Flamant’s teaching of input to Neural Network. The suggestion/motivation for doing so would have been to detect and prevent software analysis for infection detection, complex simulations for applying machine learning and deep learning with data analysis (Flamant para 6). 
As per claim 5, combination of Shu – Flamant teaches the non-transitory computer-readable storage medium according to claim 1, further comprising: 
acquiring a plurality of determination target logs that includes an operation log to be determined and operation logs before (Shu Fig 3 para 58 teaches data activity and correlation of logs/events) and after the operation log to be determined generated in sessions before and after the operation log to be determined, generating the data of the order matrix by using data that indicates a plurality of graph structures that respectively corresponds to the plurality of determination target logs (Shu Fig 3 para 58-59 teaches generating details of suspected incidents similar to graph structures and logs / events based on detected session or correlated event), and 
determining whether the plurality of determination target logs is an attack based on an output result obtained by inputting the order matrix data to a learned machine learning model (Shu Fig 3 para 58-59 and 84 where training classifier machine learning model to detect threat analysis or malicious graph patterns).
Claim 7,
Claim 7 is rejected in accordance with claim 1.
Claim 11,
Claim 11 is rejected in accordance with claim 1.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Flamant et al US Publication 2019/0325309 
Shu et al US Publication 2021/0248443
Jain et al US Publication 2018/0330275
Johns et al US Publication 2019/0132334
Shibahara et al US Publication 2019/0180032
Herwono et al US Publication 2022/0092178
Pan et al US Publication 2021/0176260
Johns et al US Patent 11,108,809
Dunagan et al US Patent 8,683,546

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431