According to the paper's approach, the attack investigation (i.e., the testing phase) should start from a few known attack nodes and discover all the attack nodes to reconstruct the complete attack path. However, the testing code directly takes all the attack nodes as input, which is different from the paper's approach.
According to the paper's approach, the attack investigation (i.e., the testing phase) should start from a few known attack nodes and discover all the attack nodes to reconstruct the complete attack path. However, the testing code directly takes all the attack nodes as input, which is different from the paper's approach.