185
Microsoft has recently unveiled Project Ire, an AI agent dedicated to malware analysis and classification through automated reverse engineering. This tool aims to assist the security community in effectively blocking active threats.
Automated Reverse Engineering by Microsoft with Project Ire
In a recent announcement, Microsoft provided details about their latest security initiative, Project Ire, an AI agent for automated malware classification.
Project Ire, currently in its prototype stage, is designed specifically for malware analysis and classification using automated reverse engineering. Unlike traditional security tools that rely on human input, Project Ire can detect malware without any human intervention. It accurately analyzes and classifies malicious programs, making it easier to justify blocking them.
The development of Project Ire involved a collaboration of security expertise and operational data from Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, along with global malware telemetry and AI research data. This combination of resources enables Project Ire to efficiently detect and block threats.
Describing the capabilities of Project Ire, Microsoft stated,
Project Ire has achieved a precision of 0.98 and a recall of 0.83 using public datasets of Windows drivers. It was the first reverse engineer at Microsoft, human or machine, to author a conviction case—a detection strong enough to justify automatic blocking—for a specific advanced persistent threat (APT) malware sample, which has since been identified and blocked by Microsoft Defender.
Microsoft explained that Project Ire’s architecture supports multi-level reasoning. The system autonomously evaluates software using reverse engineering tools to identify file types, structures, and key areas. It then utilizes tools like Ghidra and angr to reconstruct control flow graphs, analyze functions, and classify software. All actions are recorded in an audit trail for human review.
Significance of Project Ire
Microsoft highlighted the need for automated malware classification to alleviate the burden on security researchers. With Microsoft Defender scanning billions of devices, human review is essential for threat classification, leading to “burnout” and “alert fatigue.”
Project Ire, with its advanced tools and reasoning capabilities, aims to reduce this workload for reviewers. Microsoft shared performance scores achieved through training and real-world tests, leading to the integration of Project Ire as a “Binary Analyzer” within the Defender organization for threat detection and classification.
Share your thoughts in the comments section.
Receive real-time updates about this post category directly on your device, subscribe now.
