SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration

TL;DR

SecureScan is a multi-layer AI framework combining logistic regression, heuristics, and threat intelligence to detect malware and phishing with high accuracy and reduced false positives.

Contribution

This work introduces a novel triple-layer detection architecture that integrates machine learning, heuristic filtering, and external threat data for improved cybersecurity detection.

Findings

Achieves 93.1% accuracy on benchmark datasets.

Balances precision (0.87) and recall (0.92) effectively.

Reduces false positives with threshold calibration and gray-zone logic.

Abstract

The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification, heuristic analysis, and external threat intelligence via the VirusTotal API for comprehensive triage of URLs, file hashes, and binaries. The proposed architecture prioritizes efficiency by filtering known threats through heuristics, classifying uncertain samples using machine learning, and validating borderline cases with third-party intelligence. On benchmark datasets, SecureScan achieves 93.1 percent accuracy with balanced precision (0.87) and recall (0.92), demonstrating strong generalization and reduced overfitting through threshold-based decision calibration. A calibrated threshold and gray-zone logic (0.45-0.55) were introduced to minimize false positives and enhance real-world stability. Experimental results indicate that a lightweight statistical model, when augmented with calibrated verification and external intelligence, can achieve reliability and performance comparable to more complex deep learning systems.