Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	
	
Response to Amendment
This communication is in response to the amendment filed on 08/16/2022. The Examiner acknowledges amended claims 1-25. No claims have been cancelled or added. Claims 1-25 are pending and claims 1-25 are rejected.  Claims 1, 15, and 23 is/are independent. 
The objection to the claims have been withdrawn.
Applicant's arguments/amendments (page 8, 3rd paragraph through page 9, 3rd paragraph) have been fully considered, but are not persuasive. 

Response to Arguments
Applicant's arguments filed 08/16/2022 have been fully considered.  Applicant argues (see Remarks, page 8, 3rd paragraph through page 9, 3rd paragraph) that there is no motivation to apply the technique taught in Solanki et al. U.S. Patent No. 8879813 (hereinafter “Solanki”) to the system of the Liu et al. Chinese patent application No. CN107103235A (hereinafter “Liu”) reference. This argument is persuasive. Therefore, the rejections are withdrawn. However, upon further consideration, a new ground of rejection is made in view of Nataraj et al. Malware Images: Visualization and Automatic Classification, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011 (hereinafter “Nataraj”) in view of Solanki et al. U.S. Patent No. 8879813 (hereinafter “Solanki”).
Nataraj teaches visualizing binaries and automatically classifying the binaries as malicious or clean based on the images, at page 1, right column, bottom paragraph. A binary is converted to an image and the binary is classified as malicious or clean, and malware can also be classified according to different families of malware based on the texture of the images, described at page 1, right column, bottom paragraph, section 3, first paragraph, section 4, first paragraph, section 4.1 and section 5.2. 
Examiner has considered Applicant's remarks to the extent that they may be applicable to the remaining claims (e.g., independent claims 15 and 23) and finds them persuasive, in particular:
Regarding independent claim 15, Applicant’s arguments are also persuasive with respect to the previously cited combination of references for independent claim 15. Therefore, new grounds of rejection are required. Claim 15 is rejected in view of Liu et al. Chinese patent application No. CN107103235A (hereinafter “Liu”) in view of Nataraj, in view of Samek et al. Evaluating the Visualization of What a Deep Neural Network Has Learned (hereinafter “Samek”), in view of Solanki. 
Regarding independent claim 23, Applicant’s arguments are also persuasive with respect to the previously cited combination of references for independent claim 23. Therefore, new grounds of rejection are required. Claim 23 is rejected in view of Liu in view of Nataraj, further in view of Samek.
Regarding applicant’s arguments with respect to dependent claims 2-14, 16-22, and 24- 25, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims from which the dependent claims depend, thereby requiring new grounds of rejection for the dependent claims also.
 Accordingly, Applicant's argument is persuasive, the rejections are withdrawn, and new ground(s) of rejection are presented herein.




Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj et al. Malware Images: Visualization and Automatic Classification, Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011 (hereinafter “Nataraj”) in view of Solanki et al. U.S. Patent No. 8879813 (hereinafter “Solanki”).
As per claim 1, Nataraj discloses 
An apparatus, comprising: [Anubis analysis system, section 5]
receive a generated image generated from an object under analysis [figure 1, visualizing malware as an image; Figure 3 images of 3 instances of malware ], wherein the object under analysis is a binary object [figure 1 malware binary]
classify the object under analysis as malicious or clean based on a computer vision analysis of the generated image; and 
[See Nataraj visualizing malware and automatically classify them using images, page 1, right column, bottom paragraph; image textures used for classification, section 2, left column, bottom paragraph]
report, in a human-readable format, a result of the classification [families are still classified accurately, section 5.1; classification accuracy for 25 malware families, section 5.2], including portions [figure 3 shows the portions of the images that contribute to classification;] of the generated image that contribute to the classification as one of malicious or clean [malware pictures exhibit texture used for automated classification section 4.1; the texture is shown in figure 4].  

However, Nataraj does not expressly disclose a hardware platform comprising a processor circuit and a memory; and 
instructions encoded within the memory to instruct the processor circuit to: 

Solanki discloses
a hardware platform comprising a processor circuit and a memory; and 
instructions encoded within the memory to instruct the processor circuit to: 
 (See Solanki 
4:34-36 (4) …… storage devices configured to store software instructions configured for execution by the one or more hardware computer processors in order to cause the computing system to: 
66:36-42 (457) Each of the processes, methods, and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computer systems or computer processors comprising computer hardware. The code modules may be stored on …….., solid state memory
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Nataraj with the processor, memory, and instructions encoded within the memory of Solanki to include 
a hardware platform comprising a processor circuit and a memory; and instructions encoded within the memory to instruct the processor circuit to: 
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform operations associated with classifying malware binaries. The Nataraj base reference describes using computers to perform visualizing malware and classifying the malware binary using images, but does not describe the details of the computers used to perform the operations. The system of the primary reference can be modified to include the processor circuit, memory, and instructions that facilitate efficiently performing operations associated with classifying malware binaries.

As per claim 2, the rejection of claim 1 is incorporated herein. 
The combined teaching of Nataraj and Solanki discloses wherein the instructions are further to assign the object as belonging to a class of malware.
(See Nataraj Figure 3 images of 3 instances of malware belonging to a family
section 5.1 malware families exhibit some visual similarities
section 5 classify into different malware families
).


As per claim 3, the rejection of claim 1 is incorporated herein. 
The combined teaching of Nataraj and Solanki discloses wherein the instructions are further to classify the object by converting the object to a binary vector, converting the binary vector to a multi-dimensional array, and analyzing the multi-dimensional array as an image.
(See Nataraj
section 3, binary is read as a bit vector and organized into a 2D array. This can be visualized as a grayscale image
)


Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj in view of Solanki, further in view of Liu et al. Chinese patent application No. CN107103235A (hereinafter “Liu”) 
As per claim 4, the rejection of claim 1 is incorporated herein. 
	However, the combination of Nataraj and Solanki does not expressly disclose 
wherein the instructions are further to provides an artificial neural network (ANN) for computer vision.
Liu discloses 
provides an artificial neural network (ANN) for computer vision. 
(See Liu page 1, bottom paragraph a convolutional neural network based on Android malicious code sample classification detection method, and the analysis of the image generated by the classifier (Liu Page 3, 3rd paragraph from top) discloses for computer vision
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj and Solanki with the technique for using a convolutional neural network to analyze images of Liu to include 
wherein the instructions are further to provides an artificial neural network (ANN) for computer vision.
One of ordinary skill in the art would have made this modification to improve the ability of the system (e.g., Anubis system) to utilize and neural network to analyze images, thereby taking advantage of the benefits of neural networks, such as fault tolerance and the ability to perform parallel processing. The system (e.g., Anubis system) of the primary reference can be modified to use a convolutional neural network to analyze images.

 Claims 5 and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj in view of Solanki, in view of Liu, further in view of Cioloboc et al. Ideas on how to fine-tune a pre-trained model in PyTorch, January 4, 2019 (hereinafter “Cioloboc”).
As per claim 5, the rejection of claim 4 is incorporated herein. 
	However, the combination of Nataraj, Solanki, and Liu does not expressly disclose 
wherein the ANN is a deep transfer learning ANN configured to receive a pre-trained model, freeze one or more layers of the pre-trained model, and retrain unfrozen layers on a problem-space relevant data set.
Cioloboc discloses wherein the ANN is a deep transfer learning ANN configured to receive a pre-trained model, freeze one or more layers of the pre-trained model, and retrain unfrozen layers on a problem-space relevant data set.
(See Cioloboc 
page 11, bottom paragraph Let’s think about it, why should we retrain the whole thing? Isn’t there a way to just retrain only the layers that bring the most value? That’s right. Remember from the lessons on (CNN) that we learned how the layers stacks play a different role in how the features are captured. We also learn that the last layers see the more complex patterns of the images therefore that’s most likely where we our model is not doing well enough. 
Cioloboc Page 13, 2nd to bottom paragraph Explanation: The reason why we mentioned not to unfreeze all the layers at once is the last convolutional layers are the layers which detect more richer representations in the image, since those richer representations are responsible for the classification you need to train them longer than the initial layers so this is like prioritizing.
Cioloboc Page 13, bottom paragraph Tip/Trick: Unfreezing the last convolutional layers/blocks and training them with 10x-100x reduction of learning rate then go to the next block reduce the LR by 10x-100x compared to the previous and then slowly move on till the starting layers.   [Retraining with the relevant data set which is the recognition of the image patterns]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj, Solanki, and Liu with the technique for selectively unfreezing a layer and training the unfrozen layer of Cioloboc to include 
wherein the ANN is a deep transfer learning ANN configured to receive a pre-trained model, freeze one or more layers of the pre-trained model, and retrain unfrozen layers on a problem-space relevant data set.
One of ordinary skill in the art would have made this modification to improve the ability of the system to classify accurately and/or training classifier quickly. The system (e.g., Anubis system) of the primary reference as modified by the teachings of the Liu reference can be further modified to selectively unfreeze a layer and train the unfrozen layer as taught in the Cioloboc reference.


As per claim 6, the rejection of claim 5 is incorporated herein. 
However, the combination of Nataraj, Solanki, and Liu does not expressly disclose 
wherein the ANN includes a deep-learning neural network selected from the group consisting of VGG, Inception, or ResNet.
Cioloboc discloses wherein the ANN includes a deep-learning neural network selected from the group consisting of VGG, Inception, or ResNet.
(See Cioloboc  page 12, bottom half I’m going to take a ResNet architecture, specifically ResNet152 to check what are the names of the layer stacks in our model.
 ).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of  Nataraj, Solanki, and Liu with the technique for retraining unfrozen layers of ResNet architecture of Cioloboc to include wherein the ANN includes a deep-learning neural network selected from the group consisting of VGG, Inception, or ResNet.
One of ordinary skill in the art would have made this modification to improve the ability of the system to improve the classification accuracy/training speed. The system (e.g., Anubis system) of the primary reference as modified can be further modified to use ResNet architecture as taught in the Cioloboc reference.



Claims 7-9 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj in view of Solanki, further in view of Samek et al. Evaluating the Visualization of What a Deep Neural Network Has Learned (hereinafter “Samek”).
As per claim 7, the rejection of claim 1 is incorporated herein. 
	However, the combination of Nataraj and Solanki does not expressly disclose 
wherein the instructions are further to mark the portions of the generated image that contribute to the classification in a first color.
Samek discloses wherein the trust component is to mark the portions of the image that contribute to the classification in a first color.
(See Samek page 6  figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region)[ mark the portions of the image that contribute to the classification in a first color.] and negative evidence speaking against it (blue region)
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj and Solanki with the technique for visualizing in red color regions of an image that contribute to the classification of Samek to include 
wherein the instructions are further to mark the portions of the generated image that contribute to the classification in a first color.
One of ordinary skill in the art would have made this modification to improve the ability of the system to present to the user which portions of an image is evidence for the classification so that the learned machine can be fine-tuned to improve classification accuracy. The system (e.g., Anubis system) of the primary reference can be modified so that the system displays positive evidence for the classification with a heatmap.


As per claim 8, the rejection of claim 7 is incorporated herein. 
	However, the combination of Nataraj and Solanki does not expressly disclose 
wherein the instructions are further to identify portions of the generated image that negate the classification.
Samek discloses wherein the trust component is further configured to identify portions of the image that negate the classification.
(See Samek  page 6 figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region) and negative evidence speaking against it (blue region)[ portions of the image that negate the classification  is shown in figure 3 in the blue color]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj and Solanki with the technique for distinguishing between positive and negative evidence against the classification of Samek to include 
wherein the instructions are further to identify portions of the generated image that negate the classification.
One of ordinary skill in the art would have made this modification to improve the ability of the system to present to the user which portions of an image is evidence against the classification so that the learned machine can be fine-tuned to improve classification accuracy. The system (e.g., Anubis system) of the primary reference can be modified so that the system displays negative evidence against the classification.

As per claim 9, the rejection of claim 8 is incorporated herein. 
	However, the combination of Nataraj and Solanki does not expressly disclose 
wherein the instructions are further to mark portions of the generated image that negate the classification in a second color.
Samek discloses wherein the trust component is further configured to mark portions of the image that negate the classification in a second color.
	(See Samek page 6 figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region) and negative evidence speaking against it (blue region)[ portions of the image that negate the classification  is shown in figure 3 in the blue color]
).


For the reasons discussed with respect to claim 7, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj and Solanki with the technique for visualizing negative evidence against classification in the blue color of Samek to include 
wherein the instructions are further to mark portions of the generated image that negate the classification in a second color.


As per claim 14, the rejection of claim 7 is incorporated herein. 
	However, the combination of Nataraj and Solanki does not expressly disclose 
wherein the instructions are further to compute a model trust score.
Samek discloses wherein the instructions are further to compute a model trust score.
 (See Samek page 9, bottom left paragraph
 we consider a region highly relevant if
replacing the information in this region in arbitrary ways
reduces the prediction score of the classifier; 
page 12 top right paragraph before conclusion
 Note that this procedure is based on the perturbation of the input of the
classifier with the highest predicted score. 
)

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj and Solanki with the technique for computing a prediction score of the classifier of Samek to include wherein the instructions are further to compute a model trust score.
One of ordinary skill in the art would have made this modification to improve the ability of the system to compute a confidence level and present such a confidence level of a classification to a user. The system (e.g., Anubis system) of the primary reference can be modified to generate a prediction score as taught in the Samek reference.


Claims 10, 12, and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj in view of Solanki, in view of Samek, further in view of Ribeiro et al. “Why Should I Trust You?” Explaining the Predictions of Any Classifier (hereinafter “Ribeiro”), 2016.
As per claim 10, the rejection of claim 7 is incorporated herein. 
	However, the combination of Nataraj, Solanki, and Samek does not expressly disclose  wherein the instructions are further to divide the generated image into a plurality of super-pixels, and to identify super- pixels that contribute to the classification.
Ribeiro discloses wherein the instructions are further to divide the generated image into a plurality of super-pixels, and to identify super- pixels that contribute to the classification.
(See Ribeiro section 3.6 When using sparse linear explanations for image classifiers,
one may wish to just highlight the super-pixels with positive weight towards a specific class, as they give intuition as to why the model would think that class may be present.
We explain the prediction of Google's pre-trained Inception
neural network [25] in this fashion on an arbitrary image
(Figure 4a). Figures 4b, 4c, 4d show the superpixels explanations for the top 3 predicted classes (with the rest of the image grayed out),[see the super pixels used in figure 4 which shows the super pixels and their contributions toward the classification of electric guitar etc.]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj, Solanki, and Samek with the technique for determining super pixels and the contribution of super pixels toward the classification of Ribeiro to include 
wherein the instructions are further to divide the generated image into a plurality of super-pixels, and to identify super- pixels that contribute to the classification.
One of ordinary skill in the art would have made this modification to improve the ability of the system to identify super pixels that contribute to the classification and display such information to a user. The system (e.g., Anubis system) of the primary reference can be modified to identify the super pixels and indicate their contribution to the classification.

As per claim 12, the rejection of claim 10 is incorporated herein. 
	However, the combination of Nataraj, Solanki, and Samek does not expressly disclose wherein the instructions are further to provide a solver to select K features of the super-pixels and to use a K-lasso to sparse linear functions on the super-pixels.
Ribeiro discloses wherein the instructions are further to provide a solver to select K features of the super-pixels and to use a K-lasso to sparse linear functions on the super-pixels.
(See Ribeiro algorithm 1, sparse linear explanations using LIME            
K-Lasso(Z, K) in algorithm 1.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     We use the same Ω for image classification, using ”super-pixels" (computed using
any standard algorithm) instead of words, such that the
interpretable representation of an image is a binary vector
where 1 indicates the original super-pixel and 0 indicates a
grayed out super-pixel. This particular choice of Ω makes
directly solving Eq. (1) intractable, but we approximate it by first selecting K features with Lasso (using the regularization path [9]) and then learning the weights via least squares (a procedure we call K-LASSO in Algorithm 1
page 4, bottom left corner, our choice of G (sparse linear models)).
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj, Solanki, and Samek with the algorithm for sparse linear analysis and selecting K features with Lasso of Ribeiro to include 
wherein the instructions are further to provide a solver to select K features of the super-pixels and to use a K-lasso to sparse linear functions on the super-pixels.
One of ordinary skill in the art would have made this modification to improve the ability of the system to approximate solutions to the fidelity-interpretability trade-off as shown in equation 1 of the Ribeiro reference. The system (e.g., Anubis system) of the primary reference can be modified to select K features of the super-pixels and to use K-lasso as taught in the Ribeiro reference.

As per claim 13, the rejection of claim 7 is incorporated herein. 
	However, the combination of Nataraj, Solanki, and Samek does not expressly disclose wherein the instructions are further to perform a fidelity-interpretability optimization.
Ribeiro discloses wherein the instructions are further to perform a fidelity-interpretability optimization.
(See Ribeiro section 3.2 Fidelity-Interpretability Trade-off
In order to ensure both interpretability and local fidelity[ perform a fidelity-interpretability optimization], we must minimize L(f, g,                         
                            
                                
                                    π
                                
                                
                                    x
                                
                            
                        
                    ) while having (g) be low enough to be interpretable by humans. The explanation produced by LIME is obtained by the following:
[see equation 1]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj, Solanki, and Samek with the technique for ensuring both interpretability and local fidelity of Ribeiro to include 
wherein the instructions are further to perform a fidelity-interpretability optimization.
One of ordinary skill in the art would have made this modification to improve the ability of the system to determining an optimal solution to the balancing of interpretability and local fidelity. The system (e.g., Anubis system) of the primary reference can be modified to ensure both interpretability and local fidelity as taught in the Ribeiro reference.


Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nataraj in view of Solanki, in view of Samek, in view of Ribeiro, further in view of Hassen, Machine Learning for Classifying Malware in Closed-set and Open-set Scenarios, PhD dissertation, published April 2018 (hereinafter “Hassen”).
As per claim 11, the rejection of claim 10 is incorporated herein. 
	However, the combination of Nataraj, Solanki, Samek and Ribeiro does not expressly disclose wherein the super-pixels correlate to one or more operation codes or instruction n-grams.
Hassen discloses that opcode n-grams can be extracted from a binary file such as a malware file and a malware file can be represented as a sequence of instruction opcodes.
(See Hassen section 3.5.2 Instruction Opcode N-Grams
The second set of features extracted from disassembled files of malicious binaries consider instruction opcode n-gram frequencies. We decided to use opcode n-grams instead of instruction mnemonic n-grams because opcodes are more specific, hence, providing more discriminating features. For example, there are several opcode values that represent an instruction mnemonic mov based the operand’s location and type.
When extracting opcode n-grams, first a malware file is represented as a sequence of
instruction opcodes. Then, n-grams of the instruction opcode sequence are created, and their
frequencies are counted and normalized by the total number of opcode n-grams in the malware
binary.
[Thus, any binary file would have corresponding opcode n-grams, and the super pixels taught in the Ribeiro reference would correlate to one or more opcode n-grams of a binary file]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Nataraj, Solanki, Samek and Ribeiro with the technique for generating opcode n-grams from a binary file and representing a malware file as a sequence of instruction opcodes of Hassen to include 
wherein the super-pixels correlate to one or more operation codes or instruction n-grams 	One of ordinary skill in the art would have made this modification to improve the ability of the system to determine which opcodes operation codes correlate to the classification super-pixels. The system (e.g., Anubis system) of the primary reference as modified by the teachings of Ribeiro can be further modified to perform the technique for generating opcode n-grams from a binary file and representing a malware file as a sequence of instruction opcodes of Hassen.



Claim 15-16 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Nataraj, in view of Samek, in view of Solanki 
As per claim 15, Liu discloses 
train a portion of a pre-trained computer vision neural network to operate on computer objects;
select an object under analysis; 
convert the object under analysis to an object image; 
operate the computer vision neural network to classify the object as malicious or not malicious based on the object image;
(See Liu Page 3, 3rd paragraph from top using SimHash and Djb2 the two hash algorithm to generate image data corresponding to each APK packet[select an object under analysis; convert the object under analysis to an object image ]. then the divided image data of the category as input values and to n * 1 vector as output, using a known class sample data to training the convolutional neural network[computer vision neural network]. the obtained one classifier [computer vision neural network = CN] can be used to classify the new malicious software identification after multiple iteration training, is CN. For each new unknown software, using the same method to generate the corresponding image data, which is recorded as X. then the image data as the trained classification input value of CN, calculating [operate the  computer vision neural network to classify the object]the corresponding output value Y = CN (X), wherein Y is 1 * vector n, [object under analysis = X] using Euclidean distance to calculate the distance between the vector and the known vector, when the vector and Euclidean distance between a certain class is less than the threshold epsilon, representing… indicates that the detected malicious software of known kind.
Liu Page 4, paragraph 8 CN represents the trained classifier, 
Liu Page 4, paragraph 9 when e is less than threshold epsilon, representing a new sample belongs to the category, indicating the detection of a malicious software of known kind
)

However, the Liu reference does not expressly disclose 
One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions to:
identify at least one portion of the object image that contributed to the classifying; and 
generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis

Nataraj discloses identify at least one portion of the object image that contributed to the classifying; and 
generate a human-readable report, including the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis.  
(See Nataraj 
malware pictures exhibit texture used for automated classification section 4.1; the texture is shown in figure 4; these images are designated for human analysis as shown in figure 3 and figure 4 and figure 2; these images are human-readable and includes reports such as  FIG. 6
Nataraj also discloses generating readable reports when classifying the malware according to families (section 5.1) and present a report of the family information along with sample images such as that shown in figure 3
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Liu with the technique for using textures in images for automated classification and generating the human readable report with images of Nataraj to include 
identify at least one portion of the object image that contributed to the classifying; and 
generate a human-readable report, including the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to classify malware according to families to present such family information to the user. The system of the primary reference can be modified to identify the features that contribute to classifications and generate a report including malware family data for the user to read.
However, the combination of Liu and Nataraj does not expressly disclose
generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis.  

  
Samek discloses
generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis.  
(See Samek page 6  figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region)[ generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis ] and negative evidence speaking against it (blue region)
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu and Nataraj with the technique for visualizing in red color regions of an image that contribute to the classification of Samek to include
generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis.  

However, the combination of  Liu, Nataraj, and Samek does not expressly disclose 
One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions to:
Solanki discloses One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions to:
(See Solanki 
66:36-42 (457) Each of the processes, methods, and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computer systems or computer processors comprising computer hardware. The code modules may be stored on …….., solid state memory
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu, Nataraj, and Samek with the computer with processor and memory to perform of Solanki to include One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions to:
One of ordinary skill in the art would have made this modification to improve the ability of the system to perform the operations for classification. The system (Anubis system) of the primary reference can be modified to use solid-state memory and the multiple computer systems or computer processors as taught in the Solanki reference.

As per claim 16, the rejection of claim 15 is incorporated herein.
The combined teaching of Liu, Nataraj, Samek and Solanki discloses
wherein the instructions are further to assign the object to a class of malware if the object is classified as malware. 
(See Nataraj Figure 3 images of 3 instances of malware belonging to a family
section 5.1 malware families exhibit some visual similarities
section 5 classify into different malware families
).


As per claim 18, the rejection of claim 15 is incorporated herein. 
However, the combination of Liu and Nataraj does not expressly disclose
wherein the instructions are further to mark the portion of the object image that contribute to the classification of a most likely predicted class in a first color. 
Samek discloses mark the portion of the object image that contribute to the classification of a most likely predicted class in a first color.
(See Samek page 6  figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region)[ mark the portions of the image that contribute to the classification in a first color.] and negative evidence speaking against it (blue region)
page 8, left column, 5th paragraph down 
A heatmap, on the other hand, provides a gradation of pixel
scores that correspond to the degree of importance of each
pixel for determining the predicted class[a most likely predicted class] membership.
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu and Nataraj with the technique for visualizing in red color regions of an image that contribute to the classification of Samek to include 
wherein the instructions are further to mark the portion of the object image that contribute to the classification of a most likely predicted class in a first color. 

As per claim 19, the rejection of claim 18 is incorporated herein. 
	However, the combination of Liu and Nataraj does not expressly disclose 
 wherein the instructions are further to identify portions of the object image that contradict the classification of a most likely predicted class.
Samek discloses to identify portions of the object image that contradict the classification of a most likely predicted class
(See Samek page 6  figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region) and negative evidence speaking against it (blue region)[ identify portions of the image that contradict the classification of a most likely predicted class.]
page 8, left column, 5th paragraph down 
A heatmap, on the other hand, provides a gradation of pixel
scores that correspond to the degree of importance of each
pixel for determining the predicted class[a most likely predicted class] membership.
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu and Nataraj  with the technique for visualizing in red color regions of an image that contribute to the classification of Samek to include 
wherein the instructions are further to identify portions of the object image that contradict the classification of a most likely predicted class 



Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Nataraj, in view of Samek, in view of Solanki, further in view of Cioloboc.
As per claim 17, the rejection of claim 15 is incorporated herein. 
	However, the combination of Liu, Nataraj, Samek and Solanki does not expressly disclose 
wherein training the portion of the pre-trained computer vision neural network comprises freezing a plurality of lower4ATTORNEY DOCKET NUMBERPatent ApplicationConfirmation No. 4720 5levels of the pre-trained computer vision neural network and retraining upper levels of the computer vision neural network.  
Cioloboc discloses 
wherein training the portion of the pre-trained computer vision neural network comprises freezing a plurality of lower4ATTORNEY DOCKET NUMBERPatent ApplicationConfirmation No. 4720 5levels of the pre-trained computer vision neural network and retraining upper levels of the computer vision neural network.  
(See Cioloboc 
Explanation
page 13, 2nd to bottom paragraph The reason why we mentioned not to unfreeze all the layers at once is the last convolutional layers are the layers[retraining upper levels] looks pretty good here which detect more richer representations in the image, since those richer representations are responsible for the classification you need to train them longer than the initial layers [lower levels of the pre-trained computer vision neural network]so this is like prioritizing.
page 11, bottom paragraph Let’s think about it, why should we retrain the whole thing? Isn’t there a way to just retrain only the layers that bring the most value? That’s right. Remember from the lessons on (CNN) that we learned how the layers stacks play a different role in how the features are captured. We also learn that the last layers see the more complex patterns of the images therefore that’s most likely where we our model is not doing well enough. 
Cioloboc Page 13, 2nd to bottom paragraph Explanation: The reason why we mentioned not to unfreeze all the layers at once is the last convolutional layers [upper levels ]are the layers which detect more richer representations in the image, since those richer representations are responsible for the classification you need to train them longer than the initial layers so this is like prioritizing.
Cioloboc Page 13, bottom paragraph Tip/Trick: Unfreezing the last convolutional layers/blocks and training them with 10x-100x reduction of learning rate then go to the next block reduce the LR by 10x-100x compared to the previous and then slowly move on till the starting layers.   [Retraining with the relevant data set which is the recognition of the image patterns]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu, Nataraj, Samek and Solanki i with the technique for selectively unfreezing a layer and training the unfrozen layer of Cioloboc to include 
wherein training the portion of the pre-trained computer vision neural network comprises freezing a plurality of lower4ATTORNEY DOCKET NUMBERPatent ApplicationConfirmation No. 4720 5levels of the pre-trained computer vision neural network and retraining upper levels of the computer vision neural network.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to classify accurately and/or training classifier quickly. The system (e.g., android platform) of the primary reference can be modified to selectively unfreeze a layer and train the unfrozen layer as taught in the Cioloboc reference.

Claims 20-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Nataraj, in view of Samek, in view of Solanki, further in view of Ribeiro et al. “Why Should I Trust You?”  Explaining the Predictions of Any Classifier, 2016 (hereinafter “Ribeiro”).
As per claim 20, the rejection of claim 19 is incorporated herein. 
	However, the combination of Liu, Nataraj, Samek and Solanki does not expressly disclose 
wherein the instructions are further to mark portions of the object image that negate the classification of a second most likely predicted class in a second color.
Ribeiro discloses 
mark portions of the object image that negate the classification of a second most likely predicted class in a second color. 
(See Ribeiro page 5, figure 4, the acoustic guitar has a probability of 0.24, and is the second most likely predicted class, and the grayed out portions of the image disclose mark portions of the image that negate the classification. also See the picture of the face of the Labrador in (d) explaining Labrador, the color of the Labrador’s face is white color which is a second color different from the color of the portions of the image depicted in (c) explaining acoustic guitar).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu, Nataraj, Samek and Solanki with the technique for displaying indications of portions of the image supporting the range of possibilities of class predictions of Ribeiro to include 
wherein the instructions are further to mark portions of the object image that negate the classification of a second most likely predicted class in a second color.
One of ordinary skill in the art would have made this modification to improve the ability of the system to depict the possible classifications and the pixels contributing to or negating such various potential classifications so the user can fine-tune the neural network. The system (e.g., Anubis system) of the primary reference can be modified to present the various classifications and depict the indicators marking the pixels contributing to or negating the different possible classifications.

As per claim 21, the rejection of claim 15 is incorporated herein. 
	However, the combination of Liu, Nataraj, Samek and Solanki does not expressly disclose 
wherein the instructions are further to divide the object image into a plurality of super-pixels, and to identify super-pixels that contribute to the classification.
Ribeiro discloses divide the object image into a plurality of super-pixels, and to identify super-pixels that contribute to the classification.
(See Ribeiro section 3.6 When using sparse linear explanations for image classifiers,
one may wish to just highlight the super-pixels with positive weight towards a specific class, as they give intuition as to why the model would think that class may be present.
We explain the prediction of Google's pre-trained Inception
neural network [25] in this fashion on an arbitrary image
(Figure 4a). Figures 4b, 4c, 4d show the superpixels explanations for the top 3 predicted classes (with the rest of the image grayed out),[see the super pixels used in figure 4 which shows the super pixels and their contributions toward the classification of electric guitar etc.]
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu, Nataraj, Samek and Solanki with the technique for determining super pixels and the contribution of super pixels toward the classification of Ribeiro to include 
wherein the instructions are further to divide the object image into a plurality of super-pixels, and to identify super-pixels that contribute to the classification.
One of ordinary skill in the art would have made this modification to improve the ability of the system to identify super pixels that contribute to the classification and display such information to a user. The system (e.g., android platform) of the primary reference can be modified to identify the super pixels and indicate their contribution to the classification.

Claim 22 is identical to claim 21 and is rejected for the same reason as claim 21.


Claims 23-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Liu in view of Nataraj, further in view of Samek. 
As per claim 23, Liu discloses 
A computer-implemented method of performing a binary classification on an object under analysis, comprising: 
training a portion of a pre-trained computer vision neural network to operate on images that represent computer objects; 5ATTORNEY DOCKET NUMBERPatent Application AB7385-US16/367,611 Confirmation No. 4720 6 
converting the object under analysis to an object image; 
operating the computer vision neural network to perform a binary classification on the object based on the object image, wherein the binary classification is to classify the object as benign or malicious; 
 (See Liu Page 3, 3rd paragraph from top using SimHash and Djb2 the two hash algorithm to generate image data corresponding to each APK packet[convert the object under analysis to an object image ]. then the divided image data of the category as input values and to n * 1 vector as output, using a known class sample data to training the convolutional neural network[computer vision neural network]. the obtained one classifier [computer vision neural network = CN] can be used to classify the new malicious software identification after multiple iteration training, is CN. For each new unknown software, using the same method to generate the corresponding image data, which is recorded as X. then the image data as the trained classification input value of CN, calculating [operating the computer vision neural network to perform a binary classification on the object based on the object image, wherein the binary classification is to classify the object as benign or malicious; ]the corresponding output value Y = CN (X), wherein Y is 1 * vector n, [object under analysis = X] using Euclidean distance to calculate the distance between the vector and the known vector, when the vector and Euclidean distance between a certain class is less than the threshold epsilon, representing… indicates that the detected malicious software of known kind.
Liu Page 4, paragraph 8 CN represents the trained classifier, 
Liu Page 4, paragraph 9 when e is less than threshold epsilon, representing a new sample belongs to the category, indicating the detection of a malicious software of known kind
)

[ Liu teaches that the android platform performs the binary classification, the binary classification being to determine whether the android APK file is malware or not malware, which is choosing between one classification or the other and is therefore a binary classification;]
]
However, Liu does not expressly disclose 
identifying at least one portion of the object image that contributed to the binary classification; and 
generating a human-readable report including a modification of the object image with the at least one portion designated in a human-perceptible form.  

Nataraj discloses 
identifying at least one portion of the object image that contributed to the binary classification; and 
generating a human-readable report including the object image with the at least one portion designated in a human-perceptible form.  
 (See Nataraj 
malware pictures exhibit texture used for automated classification section 4.1; the texture is shown in figure 4; these images are designated for human analysis as shown in figure 3 and figure 4 and figure 2; these images are human-readable and includes reports such as  FIG. 6
Nataraj also discloses generating readable reports when classifying the malware according to families (section 5.1) and present a report of the family information along with sample images such as that shown in figure 3
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Liu with the technique for using textures in images for automated classification and generating the human readable report with images of Nataraj to include 
identifying at least one portion of the object image that contributed to the binary classification; and 
generating a human-readable report including the object image with the at least one portion designated in a human-perceptible form.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to classify malware according to families to present such family information to the user. The system of the primary reference can be modified to identify the features that contribute to classifications and generate a report including malware family data for the user to read.
However, the combination of Liu and Nataraj does not expressly disclose
generating a human-readable report including a modification of the object image with the at least one portion designated in a human-perceptible form.  

Samek discloses
generating a human-readable report including a modification of the object image with the at least one portion designated in a human-perceptible form.  
(See Samek page 6  figure 3 (d) LRP distinguishes [identify ]between positive evidence supporting a prediction (red region)[ generate a human-readable report, including a modification of the object image with the at least one portion of the object image that contributed to the classifying designated for human analysis ] and negative evidence speaking against it (blue region)
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Liu and Nataraj with the technique for visualizing in red color regions of an image that contribute to the classification of Samek to include
generating a human-readable report including a modification of the object image with the at least one portion designated in a human-perceptible form.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to present to the user which portions of an image is evidence for the classification so that the learned machine can be fine-tuned to improve classification accuracy. The system (e.g., android platform) of the primary reference can be modified so that the system displays positive evidence for the classification with a heatmap.

As per claim 24, the rejection of claim 23 is incorporated herein. 
The combined teaching of Liu, Nataraj, and Samek discloses
 wherein the binary classification is a malware classification.
(See Liu [Page 3, 3rd paragraph from top]
For each new unknown software, using the same method to generate the corresponding image data, which is recorded as X. then the image data as the trained classification input value of CN, calculating the corresponding output value Y = CN (X), wherein Y is 1 * vector n, [object under analysis = X] using Euclidean distance to calculate the distance between the vector and the known vector, when the vector and Euclidean distance between a certain class is less than the threshold epsilon, representing… indicates that the detected malicious software [wherein the binary classification is a malware classification ]of known kind.
)

As per claim 25, the rejection of claim 24 is incorporated herein. 
The combined teaching of Liu, Nataraj, and Samek discloses
further comprising classifying as belonging to a malware class.
(See Liu [Page 3, 3rd paragraph from top]
For each new unknown software, using the same method to generate the corresponding image data, which is recorded as X. then the image data as the trained classification input value of CN, calculating the corresponding output value Y = CN (X), wherein Y is 1 * vector n, [object under analysis = X] using Euclidean distance to calculate the distance between the vector and the known vector, when the vector and Euclidean distance between a certain class [known kind ]is less than the threshold epsilon, representing… indicates that the detected malicious software of known kind[malware class= known kind].
)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494