Breadth vs Depth: Attacker behaviour detection