Microsoft Project Ire AI detects malware autonomously

Microsoft has unveiled Project Ire, an AI-powered prototype designed for autonomous malware detection, demonstrating significant potential in early testing. The system achieved 90% accuracy in identifying malicious files while maintaining a low 2% false positive rate on benign Windows drivers.

Key Performance Metrics

• Tested on known malicious and benign Windows drivers, Project Ire correctly classified 90% of files.
• In a separate test with 4,000 unclassified files, it flagged 87.5% of malicious files with only 4% false positives.
• Detected 25% of actual malware missed by automated systems.

"While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment," Microsoft researchers noted.

How Project Ire Works

1. Automated Reverse Engineering: Analyzes file type, structure, and suspicious areas.
2. Control Flow Graph Reconstruction: Uses tools like angr and Ghidra to map program execution.
3. Iterative Analysis: Combines language models and specialized tools to examine functions.
4. Chain of Evidence: Maintains transparent records for human review and system refinement.

Future Integration

• Project Ire will be integrated into Microsoft Defender as a binary analyzer.
• Long-term goal: Autonomous detection of novel malware in memory at scale.

"We can leverage the complementary strengths of both humans and AI for protection," said Mike Walker, Research Manager at Microsoft.

For more details, read Microsoft's research blog.