Answer: Unsupervised Learning

## Explanation **Correct Answer: A) Unsupervised Learning** **Why Unsupervised Learning is the correct choice:** 1. **No predefined labels**: The problem explicitly states that the cybersecurity team doesn't have predefined attack labels. This is the key characteristic that makes unsupervised learning appropriate. 2. **Detecting anomalies/outliers**: Unsupervised learning algorithms like clustering (K-means, DBSCAN) or anomaly detection algorithms are designed to identify patterns, groupings, or outliers in data without prior labeling. 3. **Network traffic analysis**: In cybersecurity, unsupervised learning is commonly used for: - Anomaly detection in network traffic - Identifying unusual patterns that deviate from normal behavior - Clustering similar traffic patterns - Discovering previously unknown attack patterns **Why other options are incorrect:** - **B) Supervised Learning**: Requires labeled data (known attack patterns with corresponding labels) to train a model. Since the team lacks predefined attack labels, supervised learning is not suitable. - **C) Reinforcement Learning**: Involves an agent learning through trial and error by interacting with an environment to maximize rewards. This is more suitable for sequential decision-making problems (like game playing or robotics) rather than pattern detection in network traffic. - **D) Regression**: A type of supervised learning used for predicting continuous values, not for detecting anomalies or patterns in unlabeled data. **Real-world application**: Unsupervised learning techniques like autoencoders, isolation forests, or clustering algorithms can analyze network traffic data to identify deviations from normal patterns, which could indicate potential security threats or attacks.

Author: Jin H