{"id":1144806,"date":"2025-08-05T06:39:20","date_gmt":"2025-08-05T13:39:20","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&p=1144806"},"modified":"2026-06-12T00:17:00","modified_gmt":"2026-06-12T07:17:00","slug":"project-ire","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/project-ire\/","title":{"rendered":"Project Ire"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t\"cyber\t\t<\/div>\n\t\t\n\t\t
\n\t\t\t\n\t\t\t
\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\n

Project Ire<\/h1>\n\n\n\n

Autonomous malware classification<\/p>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/section>\n\n\n\n\n\n

Project Ire<\/h2>\n\n\n\n
\n
\n

Malware classification is one of cybersecurity’s hardest unsolved problems. Suspicious files arrive faster than analysts can clear them, and the gold standard for a verdict is full behavioral reverse engineering: slow, expensive, expert work.<\/p>\n\n\n\n

Project Ire is an autonomous classifier that closes this gap by working like a human analyst. Given a file with no metadata, telemetry, or prior labels, it reverse-engineers the binary, builds a chain of evidence, and reaches a malicious-or-benign verdict. Every claim ties to a function, behavior, or artifact it observed, so a team can audit and act on the result. On public Windows-driver datasets, early tests reached 0.98 precision and 0.83 recall. Ire also authored conviction cases against advanced persistent threat samples with detections strong enough to justify automatic blocking by Microsoft Defender.<\/p>\n\n\n\n

Ire pairs large language models with reverse-engineering tools it can call: decompilers, binary analysis frameworks, sandboxes. It triages each file for type, structure, and areas of interest, then analyzes it function by function, calling those tools through an API to reconstruct control flow and interpret behavior. A built-in validator checks the final report against the evidence chain, enforcing calibration: prove what it can, flag what’s suspicious, and stop at the evidence boundary rather than overclaim. Inside Microsoft’s Defender organization, Ire will ship as Binary Analyzer for threat detection and software classification.<\/p>\n\n\n\n

\n
Read the blog<\/a><\/div>\n\n\n\n
Contact us<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\"Stylized<\/figure>\n<\/div>\n<\/div>\n\n\n\n\n\n
<\/div>\n","protected":false},"excerpt":{"rendered":"

Autonomous malware classification Malware classification is one of cybersecurity’s hardest unsolved problems. Suspicious files arrive faster than analysts can clear them, and the gold standard for a verdict is full behavioral reverse engineering: slow, expensive, expert work. Project Ire is an autonomous classifier that closes this gap by working like a human analyst. Given a […]<\/p>\n","protected":false},"featured_media":1144907,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13556,13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-1144806","msr-project","type-msr-project","status-publish","has-post-thumbnail","hentry","msr-research-area-artificial-intelligence","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"","related-publications":[],"related-downloads":[],"related-videos":[],"related-groups":[],"related-events":[],"related-opportunities":[],"related-posts":[1145100,1175369],"related-articles":[],"tab-content":[],"related-researchers":[{"type":"user_nicename","display_name":"Brian Caswell","user_id":39420,"people_section":"People","alias":"bcaswell"},{"type":"user_nicename","display_name":"Dustin Fraze","user_id":43946,"people_section":"People","alias":"dustinfraze"},{"type":"user_nicename","display_name":"Sarah Smith","user_id":42579,"people_section":"People","alias":"smithsarah"},{"type":"user_nicename","display_name":"Shelby Hayes","user_id":43937,"people_section":"People","alias":"shhayes"},{"type":"guest","display_name":"Stanley He","user_id":1145314,"people_section":"People","alias":""},{"type":"user_nicename","display_name":"Katy Smith","user_id":43936,"people_section":"People","alias":"katysmith"},{"type":"user_nicename","display_name":"Bhakta Pradhan","user_id":43943,"people_section":"People","alias":"bhpradha"},{"type":"user_nicename","display_name":"Mike Walker","user_id":39150,"people_section":"People","alias":"walkerm"},{"type":"user_nicename","display_name":"Cory Duplantis","user_id":43935,"people_section":"People","alias":"cduplantis"},{"type":"user_nicename","display_name":"Bob Fleck","user_id":43918,"people_section":"People","alias":"bobfleck"}],"msr_research_lab":[199565,1161007],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1144806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":12,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1144806\/revisions"}],"predecessor-version":[{"id":1175480,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/1144806\/revisions\/1175480"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media\/1144907"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=1144806"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=1144806"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=1144806"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=1144806"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=1144806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}