DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a final office action in response to communications received 07/20/2022. Claims 1, 10, 16 have been amended. Therefore, claims 1-20 are pending and addressed below.


Response to Arguments
Applicant’s arguments filed 07/20/2022 have been fully considered but they are moot in view of new grounds of rejections.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Savir et al (Pub. No. US 2020/0125728) in view of Jordan et al (Pub. No. US 2015/0052609) and in further view of Scherman et al (Pub. No. US 2020/0213325).

As per claims 1, 16, Savir discloses a method comprising: in a cloud-based security system, receiving a content item between a user device and a location on the Internet or an enterprise network; utilizing a trained machine learning ensemble model to determine whether the content item is malicious (…the cloud infrastructure comprises a combination of physical and virtual processing resources that may be utilized to implement a portion of the data-driven ensemble-based malware detector…data-driven ensemble-based malware detector processes an input file and determines a probability that the input file is a malicious file…see par. 25, 53, 56). Savir does not explicitly disclose determining one or more blind spots in the trained machine learning ensemble model, wherein determined blind spots are marked or otherwise noted; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item. However Jordan discloses determining one or more blind spots in the trained machine learning ensemble model, wherein determined blind spots are marked or otherwise noted; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item (…training process involves using a signature-based sensor…to determine the blind spot of the signature sensor…see par. 21, 23…the machine learning based sensor has been trained to detect attacks on blind spots of the signature-based sensor by modifying patterns of attack on the signature-based sensor to compile blind spot malicious samples that avoid intrusion detection by the signature-based sensor…the blind spot malicious samples are then tagged as tagged malicious samples…samples of a normal portion of normal network traffic patterns are acquired and sanitized…the portions of the normal network traffic that are not in the normal portion are tagged as untagged samples…see par. 29, 35). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Jordan in Savir for including the above limitations because one ordinary skill in the art would recognize it would further improve network intrusion defense by providing ability to detect the full spectrum of network attacks…see par. 9-11. Jordan discloses responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model (…the training process includes tagging the blind spot malicious samples as tagged malicious samples, acquiring samples of normal network traffic patterns, sanitizing a normal portion of the samples of normal network traffic patterns to obtain normal samples, tagging the normal samples as tagged normal samples, and tagging a portion of the samples of normal network traffic that are not the normal portion as untagged samples. A machine-learning training dataset…is then presented to the machine-learning based sensor to create models of normal network traffic and to detect samples that fail to conform to the models of normal network traffic as malicious data…the accuracy of the machine-learning based sensor is then iteratively tested using the models of normal network traffic to reduce false positives of the machine-learning based sensor and to achieve iteratively tested models of normal network traffic…see par. 35), allowing the content item, but does not explicitly disclose whether to allow the content item. However Scherman discloses responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item (…to classify a particular network address, the features of the network address (new data) determined by network data traffic analyzer is provided to classification model…classification model may output an indication/a predication as to whether the inputted features (i.e. new data) are indicative of malicious or non-malicious network data traffic…allowing access to a corresponding compute resource to at least one specified, trusted network address…see par. 40-44, 50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Scherman in the combination of Savir and Jordan for including the above limitations because one ordinary skill in the art would recognize it would further protect a particular compute resource by determining a tag representative of a plurality of non-malicious network addresses…the tag may be determined by analyzing network data traffic received by a plurality of compute resources…to classify each network address that communicates with a particular compute resource as being malicious or non-malicious…see par. 21-23.


As per claim 10, Savir discloses a system comprising: a network interface communicatively coupled to a user device; a processor communicatively coupled to the network interface; and memory storing computer-executable instructions (the processing device in the processing platform comprises a processor coupled to memory, the processor may comprise a microprocessor, microcontroller and application specific integrated circuit…see par. 62-63) that, when executed, cause the processor to: receive a content item between a user device and a location on the Internet or an enterprise network; utilize a trained machine learning ensemble model to determine whether the content item is malicious (…the cloud infrastructure comprises a combination of physical and virtual processing resources that may be utilized to implement a portion of the data-driven ensemble-based malware detector…data-driven ensemble-based malware detector processes an input file and determines a probability that the input file is a malicious file…see par. 25, 53, 56). Savir does not explicitly disclose determine one or more blind spots in the trained machine learning ensemble model, wherein determined blind spots are marked or otherwise noted; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item. However Jordan discloses determine one or more blind spots in the trained machine learning ensemble model, wherein determined blind spots are marked or otherwise noted; responsive to the trained machine learning ensemble model determining the content item is malicious or determining the content item is benign but such determining is in a blind spot of the trained ensemble model, performing further processing on the content item (…training process involves using a signature-based sensor…to determine the blind spot of the signature sensor…see par. 21, 23…the machine learning based sensor has been trained to detect attacks on blind spots of the signature-based sensor by modifying patterns of attack on the signature-based sensor to compile blind spot malicious samples that avoid intrusion detection by the signature-based sensor…the blind spot malicious samples are then tagged as tagged malicious samples…samples of a normal portion of normal network traffic patterns are acquired and sanitized…the portions of the normal network traffic that are not in the normal portion are tagged as untagged samples…see par. 29, 35). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Jordan in Savir for including the above limitations because one ordinary skill in the art would recognize it would further improve network intrusion defense by providing ability to detect the full spectrum of network attacks…see par. 9-11. Jordan discloses responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model (…the training process includes tagging the blind spot malicious samples as tagged malicious samples, acquiring samples of normal network traffic patterns, sanitizing a normal portion of the samples of normal network traffic patterns to obtain normal samples, tagging the normal samples as tagged normal samples, and tagging a portion of the samples of normal network traffic that are not the normal portion as untagged samples. A machine-learning training dataset…is then presented to the machine-learning based sensor to create models of normal network traffic and to detect samples that fail to conform to the models of normal network traffic as malicious data…the accuracy of the machine-learning based sensor is then iteratively tested using the models of normal network traffic to reduce false positives of the machine-learning based sensor and to achieve iteratively tested models of normal network traffic…see par. 35), allowing the content item, but does not explicitly disclose whether to allow the content item. However Scherman discloses responsive to the trained machine learning ensemble model determining the content item is benign with such determination not in a blind spot of the trained machine learning ensemble model, allowing the content item (…to classify a particular network address, the features of the network address (new data) determined by network data traffic analyzer is provided to classification model…classification model may output an indication/a predication as to whether the inputted features (i.e. new data) are indicative of malicious or non-malicious network data traffic…allowing access to a corresponding compute resource to at least one specified, trusted network address…see par. 40-44, 50). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Scherman in the combination of Savir and Jordan for including the above limitations because one ordinary skill in the art would recognize it would further protect a particular compute resource by determining a tag representative of a plurality of non-malicious network addresses…the tag may be determined by analyzing network data traffic received by a plurality of compute resources…to classify each network address that communicates with a particular compute resource as being malicious or non-malicious…see par. 21-23.


As per claims 2, 11, 17, the combination of Savir, Jordan and Scherman discloses wherein a blind spot is a location where the trained machine learning ensemble model has not seen any examples with a combination of features at the location or has examples with conflicting labels (Savir: see par. 35-36).



As per claims 3, 12, 18, the combination of Savir, Jordan and Scherman discloses training the trained machine learning ensemble model to identify malicious content items; and identifying and marking blind spots in the trained machine learning ensemble model (Savir: see par. 35-39).


As per claims 4, 13, 19, the combination of Savir, Jordan and Scherman discloses subsequent to the further processing, one of allowing the content item and blocking the content item based on the further processing (Scherman: see par. 29). The motivation for claims 4, 13, 19 is the same motivation as in claims 1, 10, 16 above.


As per claims 5, 14, 20, the combination of Savir, Jordan and Scherman discloses wherein the further processing includes performing a dynamic analysis on the content item in a sandbox (Savir: see par. 21).


As per claim 6, the combination of Savir and Scherman discloses wherein the further processing includes blocking the content item in the cloud-based security system based on a classification by the trained machine learning ensemble model (Scherman: see par. 40-41). The motivation for claim 6 is the same motivation as in claim 1 above.



As per claim 8, the combination of Savir, Jordan and Scherman discloses wherein the content item is one of an executable file, a Portable Document File (PDF) file, a Microsoft Office file, and a JavaScript file (Savir: see par. 36).


As per claim 9, the combination of Savir, Jordan and Scherman discloses wherein the cloud-based security system is located inline between the user device and the location (Scherman: see par. 26-27). The motivation for claim 9 is the same motivation as in claim 1.


As per claim 15, the combination of Savir, Jordan and Scherman discloses wherein the content item is one of an executable file and a Portable Document File (PDF) file (Savir: see par. 36).




Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Savir et al (Pub. No. US 2020/0125728) in views of Jordan et al (Pub. No. US 2015/0052609) and Scherman et al (Pub. No. US 2020/0213325) as applied to claim 1 above, and further in view of Alsulami et al (Pub. No. US 2019/0065746).

As per claim 7, the combination of Savir, Jordan and Scherman does not explicitly disclose wherein the content item is malicious and configured to fool the trained machine learning ensemble model via an adversarial attack where the content item is configured to mimic benign features, and wherein the content item lands on a blind spot in the trained machine learning ensemble model thereby preventing the adversarial attack. However Alsulami discloses wherein the content item is malicious and configured to fool the trained machine learning ensemble model via an adversarial attack where the content item is configured to mimic benign features, and wherein the content item lands on a blind spot in the trained machine learning ensemble model thereby preventing the adversarial attack (…a malware may load some benign dependency files in the first few seconds to mimic the behavior of a benign programs…the malware detector uses a simple randomization technique to increase its resilience without affecting its detection accuracy and run-time performance…see par. 65-67). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Alsulami in the combination of Savir, Jordan and Scherman for including the above limitations because one ordinary skill in the art would recognize it would further improve the malware detection techniques by extracting features from prefetch files and detecting benign applications from malicious applications using the features of the prefetch files…see Alsulami, par. 2-3.


	


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to prudent ensemble models in machine learning with high precision for use in network security.

Frayman et al (Pub. No. US 2018/0124085); “Extracting Encryption Metadata and Terminating Malicious Connections Using Machine Learning”;
-Teaches monitoring traffic that travels through the local network…the behavior analysis engine uses that data to determine whether any of the smart appliances in the local network are exhibiting malicious behavior…see par. 24-27.



Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499