DETAILED ACTION
Claims 20-37 are pending. Claims 1-19 are canceled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 02/09/2022 and 09/26/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 20-37 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Claim 26 recites acquiring a processing log, determining a behavior and determining a purpose.
The limitations of acquiring a processing log, determining a behavior and determining a purpose, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “a memory” and “processor” nothing in the claim element precludes the steps from practically being performed in the mind. For example, but for the “processor” language, “acquiring and determining” in the context of this claim encompasses the user manually obtaining and analyzing data.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – a memory and processor to perform the steps. The processor is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function), and the memory is recited as a generic database storing instructions, such that they amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, these additional elements does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Independent claims 20 and 32 includes limitations similar to the limitations of independent claim 26 and rejected under 3 USC 101 for being directed to abstract idea for similar reasons as discussed above with respect to independent claim 26.
Dependent claims 21-25, 27-31 and 33-37 do not cure the deficiency of the independent claims and are rejected under 35 USC 101 for being directed to abstract idea.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 20-37 are rejected under 35 U.S.C. 103 as being unpatentable over Chong et al. (US Pub No. 2003/0070003) in view of DAI et al. (US Pub No. 2012/0159628).
Regarding independent claim 20, Chong teaches the method for determining a purpose of a cyber attack to a target device, the method comprising: acquiring, from the target device, a processing log (Chong, pages 1-2, paragraphs 0014-0015; collection of data); determining a behavior in a plurality of behaviors that corresponds to the condition (Chong, page 2, paragraphs 0018 &0021 and page 3, paragraph 0023; activities of an attack); and determining, in the plurality of purposes, a purpose that corresponds to the determined behavior (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent), and each purpose in the plurality of purposes corresponds to a behavior in the plurality of behaviors (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent).
Chong teaches an attack model that represent any type of activity, event, condition, state and so forth that can be associated with the activity and an attackers objection and intent from the activity (Chong, page 3, paragraph 0023 and page 2, paragraph 0021) but does not explicitly teach determining, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition; and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors. 
Dai teaches determining, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior); and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 21, Chong in view of Dai teaches each and every claim limitation of claim 20, however Dai teaches the method wherein each of the plurality of conditions includes information associated with an action and a parameter for executing the action (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; execution objection and operation of process). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 22, Chong in view of Dai teaches the method further comprising: determining, in the plurality of purposes, another purpose that corresponds to the determined behavior; and selecting a purpose between the determined purpose and the determined another purpose (Chong, page 3, paragraphs 0024 & 0027).
Regarding claim 23, Chong in view of Dai teaches the method further comprising: associating a matching degree between the determined behavior and each of the determined purpose and the determined another purpose; and selecting the purpose between the determined purpose and the determined another purpose based on the associated matching degree (Chong, page 3, paragraphs 0024 & 0026-0028).
Regarding claim 24, Chong in view of Dai teaches the method outputting a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 
Regarding claim 25, Chong in view of Dai teaches the method outputting a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 
Regarding independent claim 26, Chong teaches an analysis device comprising:  at least one memory configured to store instructions; and at least one processor coupled to the at least one memory and configured to execute the instructions to: acquire,  from the target device, a processing log (Chong, pages 1-2, paragraphs 0014-0015; collection of data); determine a behavior in a plurality of behaviors that corresponds to the condition (Chong, page 2, paragraphs 0018 &0021 and page 3, paragraph 0023; activities of an attack); and determine, in the plurality of purposes, a purpose that corresponds to the determined behavior (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent), and each purpose in the plurality of purposes corresponds to a behavior in the plurality of behaviors (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent).
Chong teaches an attack model that represent any type of activity, event, condition, state and so forth that can be associated with the activity and an attackers objection and intent from the activity (Chong, page 3, paragraph 0023 and page 2, paragraph 0021) but does not explicitly teach determine, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition; and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors. 
Dai teaches determine, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior); and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 27, Chong in view of Dai teaches each and every claim limitation of claim 26, however Dai teaches the analysis device wherein each of the plurality of conditions includes information associated with an action and a parameter for executing the action (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; execution objection and operation of process). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 28, Chong in view of Dai teaches the analysis device wherein the at least one processor is further configured to execute the instructions to: determine, in the plurality of purposes, another purpose that corresponds to the determined behavior; and selecting a purpose between the determined purpose and the determined another purpose (Chong, page 3, paragraphs 0024 & 0027).
Regarding claim 29, Chong in view of Dai teaches the analysis device wherein the at least one processor is further configured to execute the instructions to: associating a matching degree between the determined behavior and each of the determined purpose and the determined another purpose; and selecting the purpose between the determined purpose and the determined another purpose based on the associated matching degree (Chong, page 3, paragraphs 0024 & 0026-0028).
Regarding claim 30, Chong in view of Dai teaches the analysis device wherein the at least one processor is further configured to execute the instructions to output a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 
Regarding claim 31, Chong in view of Dai teaches the analysis device wherein the at least one processor is further configured to execute the instructions to output a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 
Regarding independent claim 32, Chong teaches non-transitory computer-readable recording medium storing a program that, when executed by a computer, causes the computer to: acquire,  from the target device, a processing log (Chong, pages 1-2, paragraphs 0014-0015; collection of data); determine a behavior in a plurality of behaviors that corresponds to the condition (Chong, page 2, paragraphs 0018 &0021 and page 3, paragraph 0023; activities of an attack); and determine, in the plurality of purposes, a purpose that corresponds to the determined behavior (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent), and each purpose in the plurality of purposes corresponds to a behavior in the plurality of behaviors (Chong, page 3, paragraphs 0023-0024 & 0027; attack objective/attackers intent).
Chong teaches an attack model that represent any type of activity, event, condition, state and so forth that can be associated with the activity and an attackers objection and intent from the activity (Chong, page 3, paragraph 0023 and page 2, paragraph 0021) but does not explicitly teach determine, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition; and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors. 
Dai teaches determine, when the processing log meets a condition in a plurality of conditions, a behavior in a plurality of behaviors that corresponds to the condition (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior); and wherein each condition in the plurality of conditions corresponds to a behavior in the plurality of behaviors (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; one or more processes associated with malicious behavior). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 33, Chong in view of Dai teaches each and every claim limitation of claim 32, however Dai teaches the non-transitory computer-readable recording medium wherein each of the plurality of conditions includes information associated with an action and a parameter for executing the action (Dai, page 2, paragraphs 0023-0024 and page 3, paragraphs 0025-0026; execution objection and operation of process). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chong with the teachings of Dai to analyze the processes of the behavior to provide the advantage of improving the efficiency of malicious behavior comparison and accuracy of detecting an attack (Dai, page 1, paragraph 0005). 
Regarding claim 34, Chong in view of Dai teaches the non-transitory computer-readable recording medium wherein the program when executed the computer, further causes the computer to: determine, in the plurality of purposes, another purpose that corresponds to the determined behavior; and selecting a purpose between the determined purpose and the determined another purpose (Chong, page 3, paragraphs 0024 & 0027).
Regarding claim 35, Chong in view of Dai teaches the non-transitory computer-readable recording medium wherein the program when executed the computer, further causes the computer to associate a matching degree between the determined behavior and each of the determined purpose and the determined another purpose; and selecting the purpose between the determined purpose and the determined another purpose based on the associated matching degree (Chong, page 3, paragraphs 0024 & 0026-0028).
Regarding claim 36, Chong in view of Dai teaches the non-transitory computer-readable recording medium wherein the program when executed the computer, further causes the computer to: output a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 
Regarding claim 37, Chong in view of Dai teaches the non-transitory computer-readable recording medium wherein the program when executed the computer, further causes the computer to: output a signal to display the selected purpose on a display device (Chong, page 4, paragraph 0033). 

Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Schultz et al. (US Patent No. 9,680,855) and Schoenemann (US Pub No. 2016/0034688).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SHAQUEAL D WADE-WRIGHT/             Primary Examiner, Art Unit 2437