Microsoft Launches Project Ire to Enhance Real-Time Threat Detection

An AI-driven prototype that analyzes code behavior to spot malware more intelligently than traditional antivirus tools.

Microsoft logo

Key Takeaways:

  • Microsoft introduces Project Ire, an AI-powered malware detection system.
  • Unlike traditional antivirus, it analyzes behavior and code logic instead of just patterns.
  • Early results show high precision and low false positives, with plans to integrate into Microsoft Defender.

Microsoft has launched Project Ire, an AI-powered solution designed to detect and analyze malware. This new offering aims to enhance the detection and mitigation of software threats in real-time.

This new Project Ire is built through a collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum. It utilizes advanced language models, reverse engineering tools, and binary analysis frameworks, such as Angr and Ghidra. Project Ire leverages a tool-use API to iteratively analyze software functions and build a chain of evidence for classification.

Project Ire is different from traditional antivirus solutions in two ways. Instead of scanning for known patterns, Project Ire analyzes the actual behavior and structure of the software. It dissects the code like a human malware analyst without needing prior knowledge. Moreover, Project Ire doesn’t scan every file blindly. It chooses which parts of the code to investigate, and determines if the software is malicious based on its internal logic and behaviour.

How does Project Ire work?

Project Ire performs a deep analysis of the software to determine if it’s malicious. It performs a low-level binary analysis, reconstructs control flow graphs (CFGs), interprets function behavior, and uses an internal validator to cross-validate its findings. After the analysis, Project Ire creates a structured report that shows whether the code is malicious or benign, and why it reached that conclusion.

According to Microsoft, Project Ire achieved 0.98 precision and 0.83 recall on public datasets of Windows drivers. It correctly identified 90% of files, with only 2% false positives in early testing.
In a real-world test with 4,000 samples, Project Ire reached 89 percent precision and 26 percent recall.

Currently, Project Ire is a research prototype to autonomously analyze software and detect malware. Based on its early success, Microsoft plans to integrate Project Ire with Microsoft Defender as a Binary Analyzer to enhance threat detection and software classification capabilities, though there is no ETA yet.