The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification, heuristic analysis, and external threat intelligence via the VirusTotal API for comprehensive triage of URLs, file hashes, and binaries. The proposed architecture prioritizes efficiency by filtering known threats through heuristics, classifying uncertain samples using machine learning, and validating borderline cases with third-party intelligence. On benchmark datasets, SecureScan achieves 93.1 percent accuracy with balanced precision (0.87) and recall (0.92), demonstrating strong generalization and reduced overfitting through threshold-based decision calibration. A calibrated threshold and gray-zone logic (0.45-0.55) were introduced to minimize false positives and enhance real-world stability. Experimental results indicate that a lightweight statistical model, when augmented with calibrated verification and external intelligence, can achieve reliability and performance comparable to more complex deep learning systems.

翻译：现代恶意软件与钓鱼攻击的日益复杂化削弱了传统基于签名的入侵检测系统的有效性。本文提出SecureScan，一种AI驱动的三层检测框架，通过集成基于逻辑回归的分类、启发式分析以及借助VirusTotal API的外部威胁情报，实现对URL、文件哈希及二进制文件的全面筛查。该架构通过启发式规则过滤已知威胁、利用机器学习对不确定样本进行分类、并借助第三方情报验证边界案例，从而优先保证检测效率。在基准数据集上，SecureScan实现了93.1%的准确率，同时保持均衡的精确率（0.87）与召回率（0.92），通过基于阈值的决策校准机制展现出强泛化能力与较低过拟合。研究引入了校准阈值与灰区逻辑（0.45-0.55）以最小化误报并提升实际部署稳定性。实验结果表明，经校准验证与外部情报增强的轻量级统计模型，可获得与复杂深度学习系统相当的可靠性与性能表现。