Microsoft's new AI security tool can spot malware early - and even reverse engineer it to crack the code

News
By published

Project Ire is the 'gold standard' in malware classification

Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
(Image credit: Shutterstock)
  • Microsoft reveals it is developing an AI threat detection tool
  • Project Ire has so far scored well in accuracy testing
  • The tool has the potential to meet the 'gold standard' for malware classification

Microsoft has introduced a new AI tool it says has the ability to meet the “gold standard” of malware detection, identification, and classification.

While still only a working prototype, Project Ire has shown great promise in its ability to detect and reverse engineer malware without any context of the file’s origin or purpose.

Microsoft plans for Project Ire to be incorporated into Microsoft Defender as a ‘Binary Analyzer’ used to identify malware in memory from any source at first encounter.

Autonomous AI malware detection

The tool is still very much in the early stages of development, but in Microsoft’s own real-world scenario testing, Project Ire managed to detect almost 9 out of 10 malicious files correctly in precision tests, but only managed to detect just over one quarter of malware in recall tests. However, in these initial tests, there was a false positive rate of 4%.

“While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment,” Microsoft said in a blog post. Additionally, in this testing, the AI tool had no knowledge of nor had it faced any of the 4,000 files it scanned.

The tool generates a report on each potentially malicious file it identifies, summarizing why certain parts of the file could indicate it as malware.

In a separate test against a public dataset of a mix of legitimate and malicious Windows drivers the tool again detected 9 out of 10 malicious files correctly with a false positive rate of 2%. The recall rate was also significantly higher, scoring 0.83 in this test.

Looking ahead, Microsoft will continue to work on improving Project Ire’s ability to detect malware at scale rapidly and precisely, and hopefully include the AI within Microsoft Defender as a threat detection and software classification tool.

Threat actors are increasingly leveraging AI tools to generate malicious files at scale, but cybersecurity organizations are also leveraging AI technology to fight back.

You might also like

TOPICS
Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.