The paper emphasizes that the model learns "generalized attack patterns" through sequential learning.
However, in the given dataset, the manually labeled attack nodes, which are the attack nodes involved in the attacks simulated in this paper when creating the dataset, are very few.
From this extremely small number of malicious source points generated by the model, it is highly unlikely that the model can acquire generalized knowledge and truly understand the attack semantics. (But if, as described in Table 2 of the paper, each dataset involves multiple attacks, the number of attack nodes should not be as limited as provided in the code, which is only 3 to 5. This point is also given in Table 3 of the paper, such as S-1. In fact, it should involve 22 attack nodes and provide them to construct sequences for model training, allowing the model to learn attack patterns)
Since all the attack labels are not known, this also makes it impossible for me to verify the correctness of the attack labels obtained by the model during the testing process.
The paper emphasizes that the model learns "generalized attack patterns" through sequential learning.
However, in the given dataset, the manually labeled attack nodes, which are the attack nodes involved in the attacks simulated in this paper when creating the dataset, are very few.
From this extremely small number of malicious source points generated by the model, it is highly unlikely that the model can acquire generalized knowledge and truly understand the attack semantics. (But if, as described in Table 2 of the paper, each dataset involves multiple attacks, the number of attack nodes should not be as limited as provided in the code, which is only 3 to 5. This point is also given in Table 3 of the paper, such as S-1. In fact, it should involve 22 attack nodes and provide them to construct sequences for model training, allowing the model to learn attack patterns)
Since all the attack labels are not known, this also makes it impossible for me to verify the correctness of the attack labels obtained by the model during the testing process.