The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification, heuristic analysis, and external threat intelligence via the VirusTotal API for comprehensive triage of URLs, file hashes, and binaries. The proposed architecture prioritizes efficiency by filtering known threats through heuristics, classifying uncertain samples using machine learning, and validating borderline cases with third-party intelligence. On benchmark datasets, SecureScan achieves 93.1 percent accuracy with balanced precision (0.87) and recall (0.92), demonstrating strong generalization and reduced overfitting through threshold-based decision calibration. A calibrated threshold and gray-zone logic (0.45-0.55) were introduced to minimize false positives and enhance real-world stability. Experimental results indicate that a lightweight statistical model, when augmented with calibrated verification and external intelligence, can achieve reliability and performance comparable to more complex deep learning systems.

翻译：[translated abstract in Chinese] 现代恶意软件与钓鱼攻击的日益复杂化削弱了传统基于签名的入侵检测系统的有效性。本文提出SecureScan这一人工智能驱动的三层检测框架，该框架集成基于逻辑回归的分类、启发式分析以及通过VirusTotal API获取的外部威胁情报，实现对URL、文件哈希及二进制文件的全面分类。所提架构优先通过启发式方法过滤已知威胁，利用机器学习对不确定样本进行分类，并借助第三方情报验证边界案例，从而提升检测效率。在基准数据集上，SecureScan实现了93.1%的准确率，精确率（0.87）与召回率（0.92）均衡，通过基于阈值的决策校准展现出较强的泛化能力并且减少了过拟合。为降低误报率并增强实际部署稳定性，该框架引入了校准阈值与灰色地带逻辑（0.45-0.55）。实验结果表明，轻量级统计模型在结合校准验证与外部情报后，其可靠性与性能可媲美更复杂的深度学习系统。