AWS Certified AI Practitioner

Explanation

Correct Answer: A) Unsupervised Learning

Why Unsupervised Learning is the correct choice:

1. No predefined labels: The problem explicitly states that the cybersecurity team doesn't have predefined attack labels. This is the key characteristic that makes unsupervised learning appropriate.

2. Detecting anomalies/outliers: Unsupervised learning algorithms like clustering (K-means, DBSCAN) or anomaly detection algorithms are designed to identify patterns, groupings, or outliers in data without prior labeling.

3. Network traffic analysis: In cybersecurity, unsupervised learning is commonly used for:

   • Anomaly detection in network traffic
   • Identifying unusual patterns that deviate from normal behavior
   • Clustering similar traffic patterns
   • Discovering previously unknown attack patterns

Why other options are incorrect:

• B) Supervised Learning: Requires labeled data (known attack patterns with corresponding labels) to train a model. Since the team lacks predefined attack labels, supervised learning is not suitable.

• C) Reinforcement Learning: Involves an agent learning through trial and error by interacting with an environment to maximize rewards. This is more suitable for sequential decision-making problems (like game playing or robotics) rather than pattern detection in network traffic.

• D) Regression: A type of supervised learning used for predicting continuous values, not for detecting anomalies or patterns in unlabeled data.

Real-world application: Unsupervised learning techniques like autoencoders, isolation forests, or clustering algorithms can analyze network traffic data to identify deviations from normal patterns, which could indicate potential security threats or attacks.