DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1- 14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hartnett, patent number: US 10 089 467.

As per claims 1 and 9, Hartnett teaches a method for detecting malware in an information handling system, comprising: 
receiving, by an information handling system, a plurality of rules (models, col. 9, lines 37-55); 
receiving, by the information handling system, a file for malware testing (target file, col. 1, lines 27-42, col. 2, 17- 38); 
applying two or more of the plurality of rules to the received file to determine a plurality of outcomes (scores, col. 1, lines 27-42, col. 2, 17- 38, col. 4, lines 17-31); and 
determining, by the information handling system, whether to classify the file as malware by applying a machine learning model to the plurality of outcomes (applying model, col. 4, lines 17-34, col. 5, lines 25-50, col. 6, lines 14-27).

As per claim 2, Hartnett teaches further comprising transmitting, by the information handling system, the determination of whether to classify the file as malware or not malware for training the machine learning model (training, col. 7, lines 18-25).

As per claims 3 and 10, Hartnett teaches wherein the training is performed by a back-end information handling system, further comprising receiving, by the information handling system from the back-end information handling system, an update to the machine learning model based, at least in part, on the training (Model update, col. 7, lines 18-25).

As per claims 4 and 11, Hartnett teaches further comprising determining, by the information handling system, the two or more of the plurality of rules to be applied based, at least in part, on one or more characteristics of the file (File type, col. 4, lines 37-62).

As per claims 5 and 12, Hartnett teaches wherein the one or more characteristics of the file comprise a file type (File type, col. 4, lines 37-62).

As per claims 6 and 13, Hartnett teaches wherein the two or more of the plurality of rules are further determined based, at least in part, on a comparison of the one or more characteristics of the file to a rule type for each of the rules in the plurality of rules (Using file type, col. 4, lines 37-62).

As per claims 7 and 14, Hartnett teaches wherein the two or more rules are determined using a classification model to estimate the probability that each rule in the plurality of rules would be able to detect malware in files having the one or more characteristics of the file (Classifier, col. 6, lines 39-55).

As per claim 8, Hartnett teaches wherein determining whether to classify the file as malware or not malware comprises determining to classify the file as malware, further comprising: classifying the file as malware; and quarantining the file (Quarantining, col. 7, lines 19-35).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hartnett, patent number: US 10 089 467 in view of Schmidtler, publication number: US 2021/0194900.

As per claim 15, Hartnett teaches a information handling system comprising: 
a processor; and 
a memory (server 105, col. 7, lines 37-44); 
wherein the processor is configured to perform steps comprising: 
training the machine learning model based on the received feedback (user  feedback, col. 7, lines 30-35); 
generating an update to the machine learning model based on the training (retraining model, col. 7, lines 30-35); and 
transmitting the update to the client information handling system (updating user model store, col. 8, lines 55-61).

Hartnett does not teach receiving, from a client information handling system, information specifying a plurality of rules applied to a file by the information handling system, a plurality of outcomes of the application of the plurality of rules to the file, and a classification of the file determined by the client information handling system by applying a machine learning model to the plurality of outcomes; 

In an analogous art, Schmidtler teaches receiving, from a client information handling system, information specifying a plurality of rules applied to a file by the information handling system, a plurality of outcomes of the application of the plurality of rules to the file, and a classification of the file determined by the client information handling system by applying a machine learning model to the plurality of outcomes (Feedback received from the client indicating a disagreement between feature vector score and security determinations, altering the model, predictive scores and security determination based on feedback [0061]); 

Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify Hartnett’s malware detection system by including a more detailed feedback based model updating system as described in Schmidter’s malware detection system since Hartnett already teaches updating based on user feedback and also for advantages of having a more targeted model updating system. 


As per claim 16, the combination teaches wherein the step of receiving further comprises receiving, from the client information handling system, one or more characteristics of the file, and wherein the machine learning model is further trained based on the received one or more characteristics of the file (Schmidtler: feedback based update, [0061]).

As per claim 17, the combination teaches wherein the step of receiving further comprises receiving, from the client information handling system, classification verification information specifying whether the classification was correct, and wherein the machine learning model is further trained based on the received classification verification information (Hartnett: feedback, col. 7, lines 30-35).

As per claim 18, the combination teaches wherein training the machine learning model comprises: if the file is classified as malware and the verification information specifies that the classification was correct, increasing a probability that the model will classify a new file as malware if application of the same plurality of rules to the new file results in the same plurality of outcomes; and if the file is classified as malware and the verification information specifies that the classification was incorrect, increasing a probability that the model will classify a new file as not malware if application of the same plurality of rules to the new file results in the same plurality of outcomes (Hartnett: retraining, col. 7, lines 19-35, Schmidtler: retraining, [0061]).

As per claim 19, the combination teaches wherein the processor is further configured to perform steps comprising: storing the received information specifying the plurality of rules, the plurality of outcomes, and the classification in a database (Schmidtler: accessing data, [0061]).

As per claim 20, the combination teaches wherein the processor is further configured to perform steps comprising: transmitting the update to a network of multiple client information handling systems (Hartnett: periodic update, col. 8, lines 55-61).


Conclusion




Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUGBENGA O IDOWU whose telephone number is (571)270-1450. The examiner can normally be reached Monday-Friday 8am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/OLUGBENGA O IDOWU/Primary Examiner, Art Unit 2494