PTAB

IPR2023-01380

Trend Micro Inc v. Open Text Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Automatic threat detection of executable files based on static data analysis
  • Brief Description: The ’869 patent describes methods and systems for detecting threats in executable files. The technology involves extracting static data points from files and using trained probabilistic models, such as machine learning classifiers and support vector machines (SVMs), to determine whether the files are harmful or benign.

3. Grounds for Unpatentability

Ground 1: Claims 1-4, 8, 10-25, 29, 32-39, 43, 46-53, and 57 are obvious over Tahan in view of Menahem and Forman.

  • Prior Art Relied Upon: Tahan (Gil Tahan et al., Mal-ID: Automatic Malware Detection Using Common Segment Analysis and Meta-Features, 2012), Menahem (Eitan Menahem et al., Improving malware detection by applying multi-inducer ensemble, 2009), and Forman (Patent 8,885,928).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Tahan taught the foundational method of malware detection claimed in the ’869 patent. Tahan disclosed a computer-implemented method for analyzing files by extracting static features (e.g., n-grams, file segments), generating feature vectors from those features, and using a trained machine learning (ML) classifier to identify malware. Tahan also taught selectively turning features on or off based on criteria like entropy values to improve classification. Menahem was cited to add the known technique of using an "ensemble" of different classifiers to improve the accuracy of Tahan's system. Forman was cited for its teachings on improving the efficiency of ML models by eliminating or scaling features before they are provided to an SVM classifier, which solves a known problem in the art.
    • Motivation to Combine: Petitioner contended a person of ordinary skill in the art (POSITA) would combine these references because they all addressed ML techniques for identifying malware or spam. A POSITA would have been motivated to combine Tahan with Menahem's ensemble methods to improve detection accuracy, a stated goal of Menahem. Further, a POSITA would incorporate Forman's efficiency-improving techniques for feature scaling and elimination to manage the large feature sets generated by the Tahan/Menahem system, making the classification process more practical and efficient.
    • Expectation of Success: Petitioner asserted a POSITA would have had a reasonable expectation of success because the references operated in the same technical field with significant methodological overlap. The combination involved applying known solutions (ensembling, feature scaling) to solve predictable problems (improving accuracy, increasing efficiency) in malware classification systems.

Ground 2: Claims 5-7, 9, 26-28, 30-31, 40-42, 44-45, 54-56, and 58-59 are obvious over Tahan in view of Menahem, Forman, and Schultz.

  • Prior Art Relied Upon: Tahan, Menahem, Forman, and Schultz (Application # 2009/0254992).
  • Core Argument for this Ground:
    • Prior Art Mapping: This ground built upon the combination of Tahan, Menahem, and Forman from Ground 1 and added the teachings of Schultz to address limitations in various dependent claims. Petitioner argued that Schultz taught identifying an executable file for analysis in response to a "detected condition," such as the arrival of an email attachment or a user request for a file download. Schultz also disclosed using the determination of whether a file is harmful to retrain and update the classifier's rule set to improve future accuracy and reduce false positives. Finally, Schultz taught preventing the execution of a file that is classified as harmful.
    • Motivation to Combine: A POSITA would combine Schultz with the base system of Tahan, Menahem, and Forman to enhance its functionality and reliability. Schultz provided a practical mechanism for triggering the analysis (i.e., upon a detected condition) and an important feedback loop for improving the classifier over time by retraining it with new data. This would have been a well-understood method for improving the robustness and accuracy of the malware detection system.
    • Expectation of Success: Success would have been expected because the methods disclosed in Schultz were compatible with the machine learning systems of the other references. Both Tahan and Menahem cited Schultz's work, indicating that a POSITA would have been aware of and understood how to integrate these techniques.

4. Arguments Regarding Discretionary Denial

  • Petitioner argued that discretionary denial under §314(a) and §325(d) is unwarranted. Regarding the Fintiv factors for parallel litigation, Petitioner stipulated it would not pursue any IPR ground in the district court if review is instituted. It also argued the trial date is uncertain and may occur after a Final Written Decision (FWD), and discovery is in its early stages. Regarding §325(d), Petitioner asserted that the primary references (Tahan, Menahem, Forman, and Schultz) are materially different from the art considered during prosecution and were never cited by the Examiner, meaning the Office committed a material error by not considering them.

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-59 of Patent 11,409,869 as unpatentable.