On Tuesday, Microsoft announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in moving forward with malware detection efforts.
Currently, an autonomous malware classification system with a prototype, Large-scale Language Model (LLM), is known as the project codename by Tech Giant.
The system “automates what is considered gold standard in malware classification. It fully engineers software files that have no clue about their origin or purpose,” Microsoft said. “Use decompilers and other tools to check the output and determine if the software is malicious or benign.”
According to Windows Maker, Project IRE is an effort to enable large-scale malware classification, accelerate threat responses, and reduce the manual effort analysts have to take on to look at samples to determine whether they are malicious or benign.
Specifically, specialized tools are used to repeat analysis at various levels, ranging from low-level binary analysis to high-level interpretations of code behavior.
“Its tool usage API allows you to update file understanding using a wide range of reverse engineering tools, including Project FRETA (opens in new tab), custom and open source tools, document search, and Microsoft memory analysis sandboxes based on multiple disassemblers,” Microsoft said.
Project Freta is a Microsoft Research Initiative, a memory snapshot of a live Linux system that is currently undergoing memory audits for “undetected malware discovery sweep” such as Rootkits and Advanced Malware.
Evaluation is a multi-step process –
Automated reverse engineering tools identify file types, their structure, and potential areas of interest. The system reconstructs the software’s control flow graph using frameworks such as ANGR and Ghidra LLM invokes special tools via APIs to identify and summarize key features.
The summary leaves a detailed “chain of evidence” log that details how the system has reached its conclusion, allowing security teams to review and refine the process in the event of misclassification.
Tests conducted by the Project IRE team on published Windows driver datasets reveal that the classifier correctly flags 90% of all files and incorrectly identifies only 2% of benign files as threats. In the second evaluation of approximately 4,000 “hard target” files, nine out of the 10 malicious files were correctly classified as malicious, with a false positive rate of just 4%.
“Based on these early successes, the IRE prototype for the project will be used as a binary analyser for threat detection and software classification within Microsoft’s defender organization,” Microsoft said.
“Our goal is to scale the speed and accuracy of the system so that files can be correctly categorized from any source, even at the first encounter. Ultimately, our vision is to detect new malware directly in memory.”
The development comes as Microsoft said it had awarded a record $17 million prize award to 344 security researchers from 59 countries through its 2024 vulnerability reporting program.
A total of 1,469 eligible vulnerability reports were submitted between July 2024 and June 2025, reaching the highest individual prize of $200,000. Last year, the company paid 343 security researchers from 55 countries with a $16.6 million prize award.
Source link
