Step 4: Security Knowledge

Port risk scores from domain expertise

1 ExplorePlay below

›

2 ReadUnderstand

›

3 BuildHands-on lab

›

4 CompareSolution

›

💡 ReflectThink deeper

Encode security knowledge as features

Not all ports are equal. Port 443 (HTTPS) is routine traffic. Port 3389 (RDP) is frequently exploited. A port risk score encodes your security expertise directly into the model.

Edit risk scores:

Port 21

Port 22

Port 53

Port 80

Port 443

Port 3389

Port 8080

Port distribution

Risk distribution

Why encode domain knowledge? Without port_risk_score, the model sees port 3389 as "just a number bigger than 443." The risk score tells the model that 3389 is dangerous, regardless of its numeric value.

Think Deeper

Try this:

Why is port 3389 (RDP) scored as risk 5, while port 443 (HTTPS) is risk 1?

RDP provides full remote desktop access — attackers who reach it can control the machine. HTTPS is standard encrypted web traffic. The risk score embeds domain expertise that the model doesn't need to learn from data.

Cybersecurity tie-in: This is where ML meets threat intelligence. Port risk scores, known-bad IP lists, and protocol risk profiles are all ways to encode expert knowledge that the model can't learn from small datasets alone.

← Previous ← → to navigate Next →