Microsoft’s new AI security tool can spot malware early – and even reverse engineer it to crack the code
- Microsoft reveals it is developing an AI threat detection tool
- Project Ire has so far scored well in accuracy testing
- The tool has the potential to meet the ‘gold standard’ for malware classification
Microsoft has introduced a new AI tool it says has the ability to meet the “gold standard” of malware detection, identification, and classification.
While still only a working prototype, Project Ire has shown great promise in its ability to detect and reverse engineer malware without any context of the file’s origin or purpose.
Microsoft plans for Project Ire to be incorporated into Microsoft Defender as a ‘Binary Analyzer’ used to identify malware in memory from any source at first encounter.
Autonomous AI malware detection
The tool is still very much in the early stages of development, but in Microsoft’s own real-world scenario testing, Project Ire managed to detect almost 9 out of 10 malicious files correctly in precision tests, but only managed to detect just over one quarter of malware in recall tests. However, in these initial tests, there was a false positive rate of 4%.
“While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment,” Microsoft said in a blog post. Additionally, in this testing, the AI tool had no knowledge of nor had it faced any of the 4,000 files it scanned.
The tool generates a report on each potentially malicious file it identifies, summarizing why certain parts of the file could indicate it as malware.
In a separate test against a public dataset of a mix of legitimate and malicious Windows drivers the tool again detected 9 out of 10 malicious files correctly with a false positive rate of 2%. The recall rate was also significantly higher, scoring 0.83 in this test.
Looking ahead, Microsoft will continue to work on improving Project Ire’s ability to detect malware at scale rapidly and precisely, and hopefully include the AI within Microsoft Defender as a threat detection and software classification tool.
Threat actors are increasingly leveraging AI tools to generate malicious files at scale, but cybersecurity organizations are also leveraging AI technology to fight back.
You might also like
Microsoft reveals it is developing an AI threat detection tool Project Ire has so far scored well in accuracy testing The tool has the potential to meet the ‘gold standard’ for malware classification Microsoft has introduced a new AI tool it says has the ability to meet the “gold standard”…
