Artefact classification using xenospace centroids

What is claimed is: 1. A computer-implemented method comprising: receiving an artefact; parsing the artefact into a plurality of observations; inputting a first subset of the observations into a machine learning model trained using historical data to classify the artefact; inputting a second subset of the observations into a xenospace centroid configured to indicate whether cloud processing is needed to classify the artefact, the second subset of the observations being at least partially different than the first subset of the observations; providing the second subset of observations to a remote computing system for analysis when an output of the xenospace centroid generated in response to inputting the second subset of observations indicates that the artefact requires cloud processing and receiving a classification from the remote computing system; classifying the artefact as malicious or benign based on a combination of (i) an output of the machine learning model generated in response to inputting the first subset of observations and (ii) the received classification from the remote computing system when the output of the xenospace centroid indicates that the artefact requires cloud processing; classifying the artefact as malicious or benign based solely on the output of the machine learning model when the xenospace centroid indicates that the artefact does not need cloud processing; and preventing the artefact from being executed, from continuing to execute, and from being accessed when the artefact is classified as malicious. 2. The method of claim 1 , wherein the artefact comprises at least one of: a file, a portion of a file, metadata characterizing a file, or source code. 3. The method of claim 1 , wherein all of the observations in the first subset of the observations differ from all of the observations in the second subset of the observations. 4. The method of claim 1 , wherein a portion of the observations in the first subset of the observations are common to a portion of the observations in the second subset of the observations. 5. The method of claim 1 , wherein the machine learning model comprises at least one of: a logistic regression model, a neural network, a concurrent neural network, a recurrent neural network, a generative adversarial network, a support vector machine, or a random forest. 6. The method of claim 1 further comprising: logging the output of the xenospace centroid for informational purposes along with an identification of the artefact. 7. The method of claim 1 , wherein at least a portion of the plurality of observations are hierarchical. 8. The method of claim 1 , wherein the observations comprise one or more of: Boolean flags, continuous values, existence values, categorical values, map values, or array values. 9. A system comprising: at least one data processor; and memory storing instructions which, when executed by the at least one data processor, result in operations comprising: receiving an artefact; parsing the artefact into a plurality of observations; inputting a first subset of the observations into a machine learning model trained using historical data to classify the artefact; inputting a second subset of the observations into a xenospace centroid configured to indicate whether cloud processing is needed to classify the artefact, the second subset of the observations being at least partially different than the first subset of the observations; providing the second subset of observations to a remote computing system for analysis when an output of the xenospace centroid generated in response to inputting the second subset of observations indicates that the artefact requires cloud processing and receiving a classification from the remote computing system; classifying the artefact as malicious or benign based on a combination of (i) an output of the machine learning model generated in response to inputting the first subset of observations and (ii) the received classification from the remote computing system when the output of the xenospace centroid indicates that the artefact requires cloud processing; classifying the artefact as malicious or benign based solely on the output of the machine learning model when the xenospace centroid indicates that the artefact does not need cloud processing; and preventing the artefact from being executed, from continuing to execute, and from being accessed when the artefact is classified as malicious. 10. The system of claim 9 , wherein the artefact comprises at least one of: a file, a portion of a file, metadata characterizing a file, or source code. 11. The system of claim 9 , wherein the machine learning model comprises at least one of: a logistic regression model, a neural network, a concurrent neural network, a recurrent neural network, a generative adversarial network, a support vector machine, or a random forest. 12. The system of claim 9 , wherein all of the observations in the first subset of the observations differ from all of the observations in the second subset of the observations. 13. The system of claim 9 , wherein a portion of the observations in the first subset of the observations are common to a portion of the observations in the second subset of the observations. 14. The system of claim 9 , wherein the operations further comprise: logging the output of the xenospace centroid for informational purposes along with an identification of the artefact. 15. A computer-implemented method comprising: receiving an artefact; parsing the artefact into a plurality of observations; inputting a first subset of the observations into a machine learning model trained using historical data to classify the artefact as being malicious or benign; inputting a second subset of the observations into a xenospace centroid configured to indicate whether the artefact requires cloud processing; providing the second subset of observations to a remote computing system for analysis when an output of the xenospace centroid generated in response to inputting the second subset of observations indicates that the artefact requires cloud processing and receiving a classification from the remote computing system; classifying the artefact as malicious or benign based on a combination of (i) an output of the machine learning model generated in response to inputting the first subset of observations and (ii) the received classification from the remote computing system when the output of the xenospace centroid indicates that the artefact requires cloud processing; classifying the artefact as malicious or benign based solely on the output of the machine learning model when the xenospace centroid indicates that the artefact does not need cloud processing; and preventing the artefact from being executed, from continuing to execute, and from being accessed when the artefact is classified as malicious. 16. The method of claim 15 , wherein the machine learning model comprises at least one of: a logistic regression model, a neural network, a concurrent neural network, a recurrent neural network, a generative adversarial network, a support vector machine, or a random forest. 17. The method of claim 15 , wherein the artefact comprises at least one of: a file, a portion of a file, metadata characterizing a file, or source code. 18. The method of claim 15 , wherein all of the observations in the first subset of the observations differ from all of the observations in the second subset of the observations. 19. The method of claim 15 , wherein a portion of the observations in the