DETAILED ACTION
The present application is being examined under the pre-AIA  first-to-invent provisions.
This is in reply to papers filed on 2021-12-13. Claims 1-20 are pending. Claims 1, 14, 20 is/are independent.


Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 2021-12-13 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.


Claim Rejections - 35 U.S.C. § 112
The following is a quotation of 35 U.S.C. § 112 ¶ 1 (pre-AIA ):
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claim(s) 19 is/are rejected under 35 U.S.C. § 112(a) or 35 U.S.C. § 112 ¶ 1 (pre-AIA ) as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  In particular, the specification does not describe "a network fabric specified natural behavior, a network fabric specified unexpected behavior".  There is no disclosure of how the recited behaviors would be "specified", or what type of specification would be appropriate in this system.  As such, there is no indication in the specification that the inventors had possession of an information processing device that includes a network fabric specifying function.

The following is a quotation of 35 U.S.C. § 112 ¶ 2 (pre-AIA ):
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim(s) 19 is/are rejected under 35 U.S.C. § 112(b) or 35 U.S.C. § 112 ¶ 2 (pre-AIA ) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
In claim 19, the phrase ""a network fabric specified natural behavior" and the phrase "a network fabric specified unexpected behavior" makes the claims ambiguous and therefore indefinite.  The phrases leave a person having ordinary skill in the art unable to determine what the Applicant does and does not regard as the invention.  See Ex parte Kenichi Miyazaki, 89 U.S.P.Q. 2d 1207, *11 (BPAI 2008).  In particular, a person of ordinary skill in the art would have no way of determining what natural behaviors and unexpected behaviors would qualify as "network fabric specified" and would thus be unable to determine the metes and bounds of the claim.


Summary of Claim Rejections under 35 U.S.C. § 103
The following table summarizes the rejections set forth in detail below of the claims over the prior art.

Claim No.
Strayer '299 in view of Hatonen '968 
Strayer '299 in view of Hatonen '968 in view of Hrastar '283 
Strayer '299 in view of Hatonen '968 in view of Aziz '782 
1
[Wingdings font/0xFC]


2
[Wingdings font/0xFC]


3
[Wingdings font/0xFC]


4
[Wingdings font/0xFC]


5

[Wingdings font/0xFC]

6

[Wingdings font/0xFC]

7
[Wingdings font/0xFC]


8
[Wingdings font/0xFC]


9
[Wingdings font/0xFC]


10


[Wingdings font/0xFC]
11


[Wingdings font/0xFC]
12


[Wingdings font/0xFC]
13


[Wingdings font/0xFC]
14
[Wingdings font/0xFC]


15
[Wingdings font/0xFC]


16
[Wingdings font/0xFC]


17


[Wingdings font/0xFC]
18


[Wingdings font/0xFC]
19


[Wingdings font/0xFC]
20
[Wingdings font/0xFC]





Claim Rejections - 35 U.S.C. § 103
The following is a quotation of the appropriate paragraphs of 35 U.S.C. § 102 (pre-AIA ) that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a) the invention was known or used by others in this country, or patented or described in a printed publication in this or a foreign country, before the invention thereof by the applicant for a patent.
(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.
(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an application filed in the United States only if the international application designated the United States and was published under Article 21(2) of such treaty in the English language.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of  103(a) (pre-AIA ) that forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. § 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 1-4, 7-9, 14-16, 20 is/are rejected under 35 U.S.C. § 103    pre-AIA  35 U.S.C. § 103(a) as being unpatentable over U.S. Publication 20100202299  to Strayer et al. (hereinafter "Strayer '299") in view of U.S. Publication 20040039968 to Hatonen et al. (hereinafter "Hatonen '968").  Strayer '299 is prior art to the claims under 35 U.S.C. § 102(b), 35 U.S.C. § 102(a), and 35 U.S.C. § 102(e).  Hatonen '968 is prior art to the claims under 35 U.S.C. § 102(b), 35 U.S.C. § 102(a), and 35 U.S.C. § 102(e).
Per claim 1 (independent):
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 14 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 2 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 15 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 3 (dependent on claim 2):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 16 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 4 (dependent on claim 2):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference
Strayer '299 does not disclose rerouting includes analyzing rerouted anomalous traffic in real time
However, Strayer '299 discloses rerouting includes analyzing rerouted anomalous traffic (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Further:
Hatonen '968 discloses rerouting includes analyzing anomalous traffic in real time (monitors traffic in real time [Hatonen '968 ¶ 0046, 0059, 0093-0099])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the vector analysis of Hatonen '968 to arrive at an apparatus, method, and product including:
rerouting includes analyzing rerouted anomalous traffic in real time
Per claim 7 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Strayer '299 discloses mitigating includes automatically reconfiguring a routing topology of the network fabric (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Per claim 8 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Strayer '299 does not explicitly disclose transmitting a notification in response to identifying the anomalous data, via an electronic communication to an administrator
However, Strayer '299 discloses transmitting a notification within the detection system in response to identifying the anomalous data, via an electronic communication (generates alerts [Strayer '299 ¶ 0036-0041, Claim 1])
Further:
Hatonen '968 discloses transmitting a notification in response to identifying the anomalous data, via an electronic communication to an administrator (reports to personnel [Hatonen '968 ¶ 0008, 0059, 0095])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the vector analysis of Hatonen '968 to arrive at an apparatus, method, and product including:
transmitting a notification in response to identifying the anomalous data, via an electronic communication
Per claim 9 (dependent on claim 8):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference
Strayer '299 does not disclose the electronic communication includes at least one of a short message service (SMS) communication, an email communication, a network management application communication, and a simple network management protocol (SNMP) communication
Further:
Hatonen '968 discloses the electronic communication includes at least one of a short message service (SMS) communication, an email communication, a network management application communication, and a simple network management protocol (SNMP) communication (reports to personnel [Hatonen '968 ¶ 0008, 0059, 0095])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the vector analysis of Hatonen '968 to arrive at an apparatus, method, and product including:
the electronic communication includes at least one of a short message service (SMS) communication, an email communication, a network management application communication, and a simple network management protocol (SNMP) communication
Per claim 14 (independent):
Strayer '299 discloses a network fabric system comprising a plurality of network nodes (processor(s), memory, computer readable media, storage, executable instructions [Strayer '299 ¶ 0013, 0064])
Strayer '299 discloses an anomaly agent coupled with the plurality of network nodes and configured to (agents in multi-tiered network monitoring architecture receive criteria on various temporal and spatial scales to generate events  [Strayer '299 ¶ 0033])
Strayer '299 discloses determine a nominal behavior of the network fabric by observing behavior of at least two of the plurality of network nodes (analyzes combined event data to identify normal behavior model [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059])
Strayer '299 does not disclose aggregate data associated with anomaly detection criteria distributed among the plurality of network nodes, the anomaly detection criteria each relating to at least one vector comprising at least one measured behavior metric
However, Strayer '299 discloses aggregate data associated with anomaly detection criteria distributed among the plurality of network nodes, the anomaly detection criteria each relating to at least one measured behavior metric (combines event data to analyze behavior [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059]; multiple criteria on various temporal and spatial scales generate behavior events  [Strayer '299 ¶ 0033])
Strayer '299 discloses determine that an anomaly is likely to occur for at least one of the plurality of network nodes by analyzing the aggregated data and identifying a variation from nominal behavior of at least part of the network fabric (analyzes combined event data to identify abnormal behavior [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059])
Strayer '299 discloses identify anomalous data associated with the anomaly (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Strayer '299 discloses mitigate an effect of the anomalous data on the network fabric (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Further:
Hatonen '968 discloses aggregate data associated with anomaly detection criteria distributed among the plurality of network nodes, the anomaly detection criteria each relating to at least one vector comprising at least one measured behavior metric (vector analysis of combined behavior data to identify normal behavior [Hatonen '968 ¶ 0043, 0085, 0095]; vectors showing metrics deviating from normal are classified as anomalous [Hatonen '968 ¶ 0005, 0028, 0031, 0043, 0085, 0095-0096])
It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the vector analysis of Hatonen '968 to arrive at an apparatus, method, and product including:
aggregate data associated with anomaly detection criteria distributed among the plurality of network nodes, the anomaly detection criteria each relating to at least one vector comprising at least one measured behavior metric
A person having ordinary skill in the art would have been motivated to combine them at least because vector analysis would provide a fast mathematical implementation of the anomaly detection required by Strayer '299.  A person having ordinary skill in the art would have been further motivated to combine them at least because Hatonen '968 teaches [Hatonen '968 ¶ 0043, 0085, 0095] modifying a network anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] such as that of Strayer '299 to arrive at the claimed invention; because doing so constitutes use of a known technique (vector analysis [Hatonen '968 ¶ 0005, 0028, 0031, 0043, 0085, 0095-0096]) to improve similar devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059]) in the same way; because doing so constitutes applying a known technique (vector analysis [Hatonen '968 ¶ 0005, 0028, 0031, 0043, 0085, 0095-0096])to known devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059])ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results.  Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] detects anomalies via vector analysis [Hatonen '968 ¶ 0005, 0028, 0031, 0043, 0085, 0095-0096]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion.
Per claim 15 (dependent on claim 14):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference
Strayer '299 discloses the anomaly agent is configured to mitigate the effect on the anomalous data by rerouting the anomalous data (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Per claim 16 (dependent on claim 15):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 15 above, incorporated herein by reference
Strayer '299 discloses the anomaly agent is configured to reroute packets toward at least one of a network operations center, a data sink, and a honeypot (remediates, e.g. by routing traffic to honeypot [Strayer '299 ¶ 0052-0053, Claim 1])
Per claim 20 (independent):
Strayer '299 discloses a computer-readable non-transitory storage medium including instructions which are executed by one or more processors, wherein the instructions include (processor(s), memory, computer readable media, storage, executable instructions [Strayer '299 ¶ 0013, 0064])
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 14 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.

Claim(s) 5-6 is/are rejected under 35 U.S.C. § 103    pre-AIA  35 U.S.C. § 103(a) as being unpatentable over Strayer '299 in view of Hatonen '968 in view of U.S. Publication 20030217283 to Hrastar et al. (hereinafter "Hrastar '283").  Hrastar '283 is prior art to the claims under 35 U.S.C. § 102(b), 35 U.S.C. § 102(a), and 35 U.S.C. § 102(e).
Per claim 5 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Strayer '299 does not disclose mitigating includes at least one of storing historical data within a black box memory, migrating black box data to a black box of another one of the plurality of nodes, locking one or more data channels, and locking one or more connected devices
Further:
Hrastar '283 discloses mitigating includes at least one of storing historical data within a black box memory, migrating black box data to a black box of another one of the plurality of nodes, locking one or more data channels, and locking one or more connected devices (identifies anomalous traffic and locks/reassigns channels [Hrastar '283 ¶ 0156-0159])
It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the remediation techniques of Hrastar '283 to arrive at an apparatus, method, and product including:
mitigating includes at least one of storing historical data within a black box memory, migrating black box data to a black box of another one of the plurality of nodes, locking one or more data channels, and locking one or more connected devices
A person having ordinary skill in the art would have been motivated to combine them at least because the remediation techniques would assist in mitigating the risk caused by the anomalies detected by Strayer '299.  A person having ordinary skill in the art would have been further motivated to combine them at least because Hrastar '283 teaches [Hrastar '283 ¶ 0156-0159] modifying a network anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] such as that of Strayer '299 to arrive at the claimed invention; because doing so constitutes use of a known technique (remediation techniques [Hrastar '283 ¶ 0156-0159]) to improve similar devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059]) in the same way; because doing so constitutes applying a known technique (remediation techniques [Hrastar '283 ¶ 0156-0159])to known devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059])ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results.  Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] detects anomalies and corrects the resulting problems using remediation techniques [Hrastar '283 ¶ 0156-0159]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion.
Per claim 6 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Strayer '299 does not disclose migrating includes migrating anomalous traffic to a monitored data channel
Further:
Hrastar '283 discloses migrating includes migrating anomalous traffic to a monitored data channel (identifies anomalous traffic and locks/reassigns channels [Hrastar '283 ¶ 0156-0159])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the remediation techniques of Hrastar '283 to arrive at an apparatus, method, and product including:
migrating includes migrating anomalous traffic to a monitored data channel

Claim(s) 10-13, 17-19 is/are rejected under 35 U.S.C. § 103    pre-AIA  35 U.S.C. § 103(a) as being unpatentable over Strayer '299 in view of Hatonen '968 in view of U.S. Publication 20080005782 to Aziz (hereinafter "Aziz '782").  Aziz '782 is prior art to the claims under 35 U.S.C. § 102(b), 35 U.S.C. § 102(a), and 35 U.S.C. § 102(e).
Per claim 10 (dependent on claim 1):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 17 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 11 (dependent on claim 10):
Strayer '299 in view of Hatonen '968 in view of Aziz '782 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 18 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 12 (dependent on claim 10):
Strayer '299 in view of Hatonen '968 in view of Aziz '782 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 19 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 13 (dependent on claim 10):
Strayer '299 in view of Hatonen '968 in view of Aziz '782 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference
Strayer '299 does not disclose classifying the detected anomalous behavior as internal to the network fabric or external to the network fabric
Further:
Aziz '782 discloses classifying the detected anomalous behavior as internal to the network fabric or external to the network fabric (combination of detection criteria for anomaly becomes signature for identifying anomaly type [Aziz '782 ¶ 0040-0043] e.g. worm, DOS, trojan, virus, illegitimate user behavior [Aziz '782 ¶ 0032-0034, 0040])
It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the anomaly categorization of Aziz '782 to arrive at an apparatus, method, and product including:
classifying the detected anomalous behavior as internal to the network fabric or external to the network fabric
A person having ordinary skill in the art would have been motivated to combine them at least because the anomaly categorization techniques of Aziz '782 would help to select an appropriate remediation for the anomalies detected by Strayer '299.  A person having ordinary skill in the art would have been further motivated to combine them at least because Aziz '782 teaches [Aziz '782 ¶ 0032-0034, 0040-0043] modifying a network anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] such as that of Strayer '299 to arrive at the claimed invention; because doing so constitutes use of a known technique (anomaly categorization [Aziz '782 ¶ 0032-0034, 0040-0043]) to improve similar devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059]) in the same way; because doing so constitutes applying a known technique (anomaly categorization [Aziz '782 ¶ 0032-0034, 0040-0043])to known devices and/or methods (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059])ready for improvement to yield predictable results; and because the modification amounts to combining prior art elements according to known methods to yield predictable results.  Here, (1) the prior art included each element (as detailed above); (2) one of ordinary skill in the art could have combined the elements as claimed by known methods, and in this combination, each element merely performs the same function as it does separately (anomaly detection scheme [Strayer '299 ¶ 0004, 0026, 0031, 0050, 0059] detects anomalies and identifies remediation technique according to anomaly categorization [Aziz '782 ¶ 0032-0034, 0040-0043]); (3) one of ordinary skill in the art would have recognized that the results of the combination were predictable; and (4) other considerations do not overcome this conclusion.
Per claim 17 (dependent on claim 14):
Strayer '299 in view of Hatonen '968 discloses the elements detailed in the rejection of claim 14 above, incorporated herein by reference
Strayer '299 does not disclose the anomaly agent is configured to identify the anomalous data by identifying an anomaly type of a detected anomalous behavior based on aggregated anomaly criterion statuses
Further:
Aziz '782 discloses the anomaly agent is configured to identify the anomalous data by identifying an anomaly type of a detected anomalous behavior based on aggregated anomaly criterion statuses (combination of detection criteria for anomaly becomes signature for identifying anomaly type [Aziz '782 ¶ 0040-0043] e.g. worm, DOS, trojan, virus, illegitimate user behavior [Aziz '782 ¶ 0032-0034, 0040])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the anomaly categorization of Aziz '782 to arrive at an apparatus, method, and product including:
the anomaly agent is configured to identify the anomalous data by identifying an anomaly type of a detected anomalous behavior based on aggregated anomaly criterion statuses
Per claim 18 (dependent on claim 17):
Strayer '299 in view of Hatonen '968 in view of Aziz '782 discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference
Strayer '299 does not disclose the anomaly agent is configured to use the aggregated anomaly criterion statuses as an index into an anomaly database to identify an anomalous behavior signature
Further:
Aziz '782 discloses the anomaly agent is configured to use the aggregated anomaly criterion statuses as an index into an anomaly database to identify an anomalous behavior signature (combination of detection criteria for anomaly becomes signature for identifying anomaly type [Aziz '782 ¶ 0040-0043] e.g. worm, DOS, trojan, virus, illegitimate user behavior [Aziz '782 ¶ 0032-0034, 0040])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the anomaly categorization of Aziz '782 to arrive at an apparatus, method, and product including:
the anomaly agent is configured to use the aggregated anomaly criterion statuses as an index into an anomaly database to identify an anomalous behavior signature
Per claim 19 (dependent on claim 17):
Strayer '299 in view of Hatonen '968 in view of Aziz '782 discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference
Strayer '299 does not disclose the anomaly type includes at least one of a network fabric attack, a network fabric intrusion, a network fabric infiltration, a network fabric specified natural behavior, a network fabric specified unexpected behavior, and a network fabric random event
Further:
Aziz '782 discloses the anomaly type includes at least one of a network fabric attack, a network fabric intrusion, a network fabric infiltration, a network fabric specified natural behavior, a network fabric specified unexpected behavior, and a network fabric random event (combination of detection criteria for anomaly becomes signature for identifying anomaly type [Aziz '782 ¶ 0040-0043] e.g. worm, DOS, trojan, virus, illegitimate user behavior [Aziz '782 ¶ 0032-0034, 0040])
For the reasons detailed with respect to claim 14, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Strayer '299 with the anomaly categorization of Aziz '782 to arrive at an apparatus, method, and product including:
the anomaly type includes at least one of a network fabric attack, a network fabric intrusion, a network fabric infiltration, a network fabric specified natural behavior, a network fabric specified unexpected behavior, and a network fabric random event


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THEODORE C PARSONS whose telephone number is (571)270-1475.  The examiner can normally be reached on MTWRF 7:30-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/THEODORE C PARSONS/Primary Examiner, Art Unit 2494