Trustworthiness classifiers are often used to classify files based at least in part on the files' features. For example, a security software product may apply a trustworthiness classifier to a file encountered by an end user's computing device. In this example, the security software product may compare various features of the file (such as the file's name, path, size, storage location, source, extension, format, and/or creation date) with the trustworthiness classifier. By comparing such features with the trustworthiness classifier, the security software product may be able to fairly accurately classify the file as either clean or malicious.
Unfortunately, traditional trustworthiness classifiers may still lead to false positives and/or false negatives in certain scenarios. For example, a security software vendor may generate a traditional trustworthiness classifier from a broad set of training data that includes known clean and/or malicious files encountered by all organizations and/or individual users that implement the vendor's security software product. However, while the resulting traditional trustworthiness classifier may be broadly tailored for the general clientele of the vendor, this trustworthiness classifier may fail to account for certain nuances of specific organizations within the vendor's clientele. As a result, the traditional trustworthiness classifier may lose some of its accuracy when applied to files encountered by certain organizations within the vendor's clientele.
The instant disclosure, therefore, identifies and addresses a need for systems and methods for improving the classification accuracy of trustworthiness classifiers applied to files encountered by specific organizations.