- Microsoft reveals that it is developing an AI threat -tractoring tool
- Project IRE has so far scored well in accuracy test
- The tool has the potential to fulfill the ‘gold standard’ for malware -classification
Microsoft has introduced a new AI tool it says has the ability to fulfill the “gold standard” of malware detection, identification and classification.
Although Project IRE still has only one functioning prototype, Project Ire has shown a great promise in its ability to detect and vice versa engineer malware without any context of file origin or purpose.
Microsoft plans for Project IRE to be incorporated into Microsoft Defender as a ‘binary analyzer’ used to identify malware in the memory of any source at first meeting.
Autonomous AI Malware Detection
The tool is still very much in the early stages of development, but in Microsoft’s own real scenario test, the project managed to register almost 9 out of 10 malicious files correctly in precision tests, but managed to detect just over a quarter of malware in recall test. In these initial tests, however, there was a false positive rate of 4%.
“While the overall performance was moderate, this combination of accuracy and a low error rate suggests a real potential for future implementation,” Microsoft said in a blog post. In this test, the AI tool also had no knowledge of none of the 4,000 files it was scanned.
The tool generates a report on each potentially malicious file it identifies and summarizes why certain parts of the file could indicate it as malware.
In a separate test against a public dataset with a mixture of legitimate and malicious Windows drivers, the tool again discovered 9 out of 10 malicious files with a false positive rate of 2%. The return rate was also significantly higher and scored 0.83 in this test.
Looking ahead, Microsoft will continue to work to improve Project Ires’ ability to detect malware in scale quickly and accurately and hopefully include AI in Microsoft Defender as a threat design and software classification tool.
Threateners are increasingly utilizing AI tools to generate malicious files on scale, but cyber security organizations are also utilizing AI technology to beat back.
