34
Microsoft recently announced the launch of Project Ire – a dedicated AI agent for malware analysis and classification by automated reverse engineering. With this tool, the tech giant aims to facilitate the security community in active threat blocking.
Microsoft Achieves Automated Reverse Engineering With Project Ire
In a recent post, Microsoft shared insights about its latest security launch, Project AI – an automated malware classification AI agent.
As elaborated, Project Ire, currently in prototype, is a dedicated tool for malware analysis and classification via automated reverse engineering. While most security tools eventually require human input, Project Ire needs no human intervention for malware detection. Moreover, it analyzes and classifies a malicious program with high precision that suffices to justify blocking.
Project Ire is the result of combined security expertise and operational data from Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, together with global malware telemetry and AI research data. This blend of precise information, advanced LLMs, reverse engineering, and binary analysis tools empowers Project Ire to detect and block threats with greater efficiency.
Describing its competence in detail, the post reads,
Project Ire has achieved a precision of 0.98 and a recall of 0.83 using public datasets of Windows drivers. It was the first reverse engineer at Microsoft, human or machine, to author a conviction case—a detection strong enough to justify automatic blocking—for a specific advanced persistent threat (APT) malware sample, which has since been identified and blocked by Microsoft Defender.
Regarding its functioning, Microsoft described that Project Ire’s architecture supports multi-level reasoning. The system begins autonomous evaluation of a software using reverse engineering tools, identifying the file type, structure, and areas of interest. The system then utilizes tools like Ghidra and angr to reconstruct the software’s control flow graph, further analyzing it thoroughly via specialized APIs to detect the key functions, ultimately concluding the software classification. Every activity gets noted into an auditable trail, which a human expert may later evaluate for any corrections.
What Makes Project Ire Important
Regarding the need to introduce automation for malware classification, the Redmond giant elaborated on the extensive load of malware classification for the security researchers.
As stated, Microsoft Defender scans roughly one billion active devices, which eventually require human review for classifying threats, since simply reverse engineering does not suffice to classify software as benign or malicious. This extensive review activity ultimately leads to “burnout” and “alert fatigue”.
Hence, with the specialized reverse engineering tools and multi-level reasoning, Microsoft expects Project Ire to reduce this load for the reviewers. The tech giant has shared the technical details about Project Ire’s performance scores achieved from training and real-world tests. Based on the results, Microsoft will be utilizing this system inside Defender organization as a “Binary Analyzer” for threat detection and classification.
Let us know your thoughts in the comments.
Get real time update about this post category directly on your device, subscribe now.
