Microsoft has introduced a remarkable new artificial intelligence system in cybersecurity. Dubbed “Project Ire,” this autonomous system analyzes software files without requiring any prior knowledge or a signature database to determine their maliciousness. The prototype is said to be an effective defense tool, particularly against previously unseen threat types.
Microsoft to Detect Viruses with Artificial Intelligence
Traditional antivirus solutions typically scan by recognizing known malware patterns. However, Project Ire takes a different approach. The system begins by identifying the file’s type and structure. Then, it uses open-source analysis tools such as ANGR and Ghidra to generate a control flow graph of the file.
Using this graph, the system attempts to understand the code’s operation and analyzes each function individually. The findings are evaluated against the system’s internal “chain of evidence,” ultimately leading to a decision on whether the file is malicious or harmless.
According to Microsoft, during testing, the system identified a sample that could be defined as an Advanced Persistent Threat (APT) and automatically generated an “accusation file.” This process was performed without human analyst intervention, and the threat was blocked by the system.
Project Ire has been notable for its high accuracy in tests. The system correctly identified 90 percent of known malicious Windows driver files, with only 2 percent of false positives.
In a more comprehensive test, analyzing 4,000 files, the system successfully detected a quarter of existing malware. In this analysis, 89 percent of the files flagged as malicious were correctly identified.
Microsoft states that Project Ire is not only a threat detection system but also can generate reasoned and systematic reports about the malware it analyzes. This feature demonstrates that the system is not only an automation tool but also a technology capable of performing deep analysis that can replace human security experts.
The company currently plans to use Project Ire as a “dual analysis tool” within the Microsoft Defender team. Work is ongoing to integrate the system into real-time operations. Microsoft’s goal is to build a system capable of analyzing even a file of unknown origin or one that has never been encountered before.
Project Ire is expected to form the basis for highly accurate artificial intelligence solutions that reduce the human element in cybersecurity operations in the coming period.
{{user}} {{datetime}}
{{text}}