Appeal 2007-0477
Application 10/003,510
1 Appellants arguments appear to be based on an erroneous reading of
2 the Examiner’s rejections (e.g., Answer 4:11-20). The Examiner’s rejection
3 of claim 1 reads in part:
4 Regarding Claim 1 Porras teaches a method of detecting
5 network-intrusions [detecting suspicious activities, such as intrusion,
6 and based on that generating digital alerts] (Fig. 1 Item 22, and col. 1
7 line 26 to line 28) at a first node of a network [Fig. l, item 12],
8 comprising:
9 identifying [sensors 22 monitoring various host/network traffic
10 for suspicious activities] frame [streams] as an intrusion by an
11 intrusion detection application (co1. 3 line 30 to line 37, and co1. 3
12 line 54 to co1. 4 line 1);
13 archiving event-data [raw, unprocessed alerts] associated with
14 the frame [steams]; and
15 decoding [translation module 32] the event-data by a decode
16 engine [aggregation, that is combining alerts produced by a single
17 monitoring sensor] (col. 6 line 2 to line 5), the decode engine
18 integrated within the intrusion detection application (co1. 4 line 1 to
19 line 25).
20
21 Appellants interpret the Examiner’s citation at the end of the
22 “identifying” step as referring to only the immediately preceding “intrusion
23 detection application,” rather than the entire preceding “identifying” step.
24 Appellants are in error as is shown by the Examiner’s citation at the end of
25 the “decoding” step above. The Examiner’s discussions of both steps above
26 are similarly structured in that they conclude with a citation preceded by
27 “intrusion detection application.” Appellants’ interpretation of the first
28 citation (identifying step) as referring solely to the “intrusion detection
29 application” fails to acknowledge and give a reasonable meaning to the
30 second citation (decoding step).
8
Page: Previous 1 2 3 4 5 6 7 8 9 Next
Last modified: September 9, 2013