Research & Publications

Research Roadmap

My research roadmap aims to develop a practical ecosystem for MITRE ATT&CK-aligned, dual-labeled ML-based intrusion detection datasets, in which each record is labeled with both an ATT&CK technique and an attack lifecycle. It starts with manually creating high-fidelity ground truth by defining lifecycles and mapping observable behaviors to ATT&CK techniques. The roadmap then scales through PADS-LLM to extract lifecycles from CTF writeups and through AR-MANO to orchestrate attack replay and generate reproducible multi-datasource datasets (network traffic, syslog, and host accounting). It also includes dual-labeling of public IDS datasets using trained classifiers to support benchmarking and more equitable comparisons. Finally, it improves the learnability of host-based sources, especially syslog and accounting logs, through aggregation and preprocessing. Future directions include expanding coverage to cloud and container environments, strengthening dataset quality and reproducibility metrics, improving cross-dataset generalization, integrating explainable detection linked to ATT&CK evidence, and exploring graph-based representations and adversarial scenarios to better reflect real-world attacks.

Patent

  • L. Ying-Dar, D. Sudyana, F. Yudha, and L. Chia-Hung, “Hybrid Flow and Packet Anomaly Detection System and Method,” TW202508258A, Nov. 08, 2025

Journal Papers

  • F. Yudha, Y.-D. Lin, Y.-C. Lai, D. Sudyana, and R.-H. Hwang, “Reproducing ATT&CK Techniques and Lifecycles to Train Machine Learning Classifier,” IEEE Network, pp. 1–1, 2025, doi: 10.1109/MNET.2025.3551333.
  • D. Sudyana, F. Yudha, Y.-D. Lin, C.-H. Lai, P.-C. Lin, and R.-H. Hwang, “From Flow to Packet: A Unified Machine Learning Approach for Advanced Intrusion Detection,” Security and Communication Networks, vol. 2025, no. 1, p. 5729035, Jan. 2025, doi: 10.1155/sec/5729035.
  • Y.-D. Lin, S.-Y. Yang, D. Sudyana, F. Yudha, Y.-C. Lai, and R.-H. Hwang, “Two-stage multi-datasource machine learning for attack technique and lifecycle detection,” Computers & Security, vol. 142, p. 103859, 2024.
  • M. Azwar, S. Hidayat, and F. Yudha, “TEKNIK AUDIO FORENSIK DENGAN METODE MINKOWSKI UNTUK PENGENALAN REKAMAN SUARA PELAKU KEJAHATAN,” csecurity, vol. 4, no. 1, pp. 1–12, Jun. 2021, doi: 10.14421/csecurity.2021.4.1.2372.
  • F. Yudha, A. Luthfi, and Y. Prayudi, “A proposed model for investigating on web whatsapp application,” Advanced Science Letters, vol. 23, no. 5, 2017, doi: 10.1166/asl.2017.8308.

Proceeding

  • F. Yudha, Y.-D. Lin, Y.-C. Lai, R.-H. Hwang, and R. Mankaev, “A Scalable Multi-Datasource IDS Dataset with Technique and Lifecycle Labels Based on MITRE ATT&CK,” in IEEE DSC 2025, Taipei, Taiwan: IEEE, Oct. 2025.
  • D. Sudyana et al., “Quality Analysis in IDS Dataset: Impact on Model Generalization,” in 2024 IEEE Conference on Communications and Network Security (CNS), Taipei, Taiwan: IEEE, Sep. 2024, pp. 1–6. doi: 10.1109/cns62487.2024.10735570.
  • F. Yudha, E. Ramadhani, and R. M. Komaryan, “A Prototype of Portable Digital Forensics Imaging Tools using Raspberry Device,” IOP Conf. Ser.: Mater. Sci. Eng., vol. 1077, no. 1, p. 012064, Feb. 2021, doi: 10.1088/1757-899x/1077/1/012064.
  • E. Ramadhani and F. Yudha, “Study on implementing tor communication in connection to storage service provider,” IOP Conference Series: Materials Science and Engineering, vol. 508, no. 1, 2019, doi: 10.1088/1757-899X/508/1/012141.

Books

  • Not yet available