The MITRE ATT&CK framework defines an attack lifecycle that encapsulates the stages of an attacker’s actions, serving as an essential resource for recognizing and mitigating cyber threats. Accurately detecting MITRE ATT&CK techniques and attack lifecycles requires effective models trained on high-quality datasets. This work introduces Prefix Tuning, Augmentation, and Data Synthesis utilizing Large Language Models (PADS-LLM) to automate the extraction and mapping of attack lifecycles from CTF writeups. Experimental results indicate that PADS-LLM achieves an accuracy of 50% across multiple reports and enhances the F1 score from 39.91% to 72.34%.
@article{kew2026attack,title={Attack Lifecycle Extraction and Mapping from {CTF} Writeups Using an Enhanced {LLM} Approach},author={Kew, Wei-Chian and Lin, Ying-Dar and Yudha, Fietyata and Hwang, Ren-Hung and Lai, Yuan-Cheng and Goh, Hock-Guan},journal={Journal of Network and Computer Applications},pages={104485},year={2026},issn={1084-8045},doi={10.1016/j.jnca.2026.104485}}
2025
Published
Reproducing ATT&CK Techniques and Lifecycles to Train Machine Learning Classifier
Fietyata Yudha, Ying-Dar Lin, Yuan-Cheng Lai, and 2 more authors
The MITRE adversarial tactics, techniques, and common knowledge (ATT&CK) framework categorizes threat actor behaviors into a sequence of techniques called the attack lifecycle. Based on this, Our work introduces a dual-labeled dataset that is accurately labeled with distinct techniques and lifecycles defined by ATT&CK. The dataset offered a more thorough perspective than previous datasets that employed binary or attack classification. It encompassed 17 distinct techniques throughout five lifecycles and was generated through an automated method that guarantees reproducibility and learnability. Reproducibility guarantees the dataset’s consistency, whereas learnability signifies its use in training machine learning models. Our analysis produced a positive result. The dataset achieved a Pearson correlation coefficient of 0.7 for reproducibility. Regarding distinguishing classes, it exhibits an average AUC-ROC score of 0.92 for techniques and 0.82 for lifecycles. The model training yielded an average F1 score of 0.95 for technique classification and 0.9 for lifecycle classification, but only for the traffic dataset.
@article{yudha2025reproducing,title={Reproducing {ATT\&CK} Techniques and Lifecycles to Train Machine Learning Classifier},author={Yudha, Fietyata and Lin, Ying-Dar and Lai, Yuan-Cheng and Sudyana, Didik and Hwang, Ren-Hung},journal={IEEE Network},year={2025},publisher={IEEE},doi={10.1109/MNET.2025.3551333}}
Published
A Scalable Multi-Datasource IDS Dataset with Technique and Lifecycle Labels Based on MITRE ATT&CK
Fietyata Yudha, Ying-Dar Lin, Yuan-Cheng Lai, and 2 more authors
In 2025 IEEE Conference on Dependable and Secure Computing (DSC), 2025
Machine Learning-based Intrusion Detection Systems (ML-IDS) rely on high-quality datasets with structured labels to effectively identify complex and evolving cyber threats. However, most existing IDS datasets rely on single data sources and coarse labels, which restrict their ability to accurately model multi-stage adversarial behavior. To address these issues, we proposed AR-MANO (Attack Reproduction with Management and Orchestration), a modular framework for orchestrating synchronized attack reproduction and data collection from various sources, including accounting, Syslog, and traffic. AR-MANO enables the creation of the CREMEv3 dataset, a scalable, multi-source IDS dataset labeled with MITRE ATT&CK techniques and the attack lifecycle. We evaluated CREMEv3 using eight machine learning classifiers and obtained average F1-scores of 0.6483 for technique classification and 0.5410 for lifecycle classification without feature selection. After applying feature selection, these scores improved to 0.9572 and 0.8317, respectively. CREMEv3 outperformed CIC-IDS2017, CSE-CIC-IDS2018, and UNSW-NB15, with a class imbalance ratio of about 0.1, class entropy of 0.56, and a Gini coefficient of approximately 1.0. CREMEv3 provides a robust and scalable foundation for the development and evaluation of ML-based IDS.
@inproceedings{yudha2025scalable,title={A Scalable Multi-Datasource {IDS} Dataset with Technique and Lifecycle Labels Based on {MITRE ATT\&CK}},author={Yudha, Fietyata and Lin, Ying-Dar and Lai, Yuan-Cheng and Hwang, Ren-Hung and Mankaev, Rasul},booktitle={2025 IEEE Conference on Dependable and Secure Computing (DSC)},year={2025},publisher={IEEE},doi={10.1109/DSC65356.2025.11260881}}
Published
From Flow to Packet: A Unified Machine Learning Approach for Advanced Intrusion Detection
Didik Sudyana, Fietyata Yudha, Ying-Dar Lin, and 3 more authors
In the era of advanced networking with 5G integration, the need for efficient and scalable intrusion detection systems has become critical to securing large-scale digital infrastructures. Traditional intrusion detection approaches either analyze individual packets yielding high computational costs or rely solely on flow-based data, which can miss important sequence-level information critical to identifying interservice communications and attack behaviors. To address this, we propose a unified machine learning approach that integrates flow-based and packet-based detection using convolutional neural networks (CNNs) for advanced intrusion detection. Our method prioritizes flow-based detection for short flows as the first defense layer and selectively invokes packet-based detection for longer flows or cases deemed uncertain. Uncertain predictions from the flow-based stage are identified using a confidence threshold and re-evaluated by the packet-based system. We validate our method using a systematically generated dataset from a microservices environment alongside benchmark datasets, including CIC-IDS-2017, CIC-IDS-2018, and CREMEv2. This hybrid detection strategy yields strong performance in both accuracy and efficiency. Specifically, our approach reduces the computational cost by up to 24 × (approximately 1.38 orders of magnitude) compared to relying solely on packet-based analysis. Additionally, the model demonstrates strong generalization with detection rates of 95% and 100% for flow- and packet-based detection, respectively, even against previously unseen attacks generated through behavioral variations and command-level perturbations.
@article{sudyana2025flow,title={From Flow to Packet: A Unified Machine Learning Approach for Advanced Intrusion Detection},author={Sudyana, Didik and Yudha, Fietyata and Lin, Ying-Dar and Lai, Chia-Hung and Lin, Po-Ching and Hwang, Ren-Hung},journal={Security and Communication Networks},volume={2025},number={1},pages={5729035},year={2025},publisher={Wiley},doi={10.1155/sec/5729035}}
Published
Hybrid Flow and Packet Anomaly Detection System and Method
Ying-Dar Lin, Didik Sudyana, Fietyata Yudha, and 1 more author
@misc{lin2025hybrid,title={Hybrid Flow and Packet Anomaly Detection System and Method},author={Lin, Ying-Dar and Sudyana, Didik and Yudha, Fietyata and Lai, Chia-Hung},year={2025},note={TW Patent TW202,508,258 A}}
2024
Published
Quality Analysis in IDS Dataset: Impact on Model Generalization
Didik Sudyana, Miel Verkerken, Laurens D’Hooge, and 7 more authors
In 2024 IEEE Conference on Communications and Network Security (CNS), 2024
@inproceedings{sudyana2024quality,title={Quality Analysis in {IDS} Dataset: Impact on Model Generalization},author={Sudyana, Didik and Verkerken, Miel and D'Hooge, Laurens and Lin, Ying-Dar and Hwang, Ren-Hung and Lai, Yuan-Cheng and Yudha, Fietyata and Wauters, Tim and Volckaert, Bruno and De Turck, Filip},booktitle={2024 IEEE Conference on Communications and Network Security (CNS)},pages={1--6},year={2024},organization={IEEE}}
Published
Two-Stage Multi-Datasource Machine Learning for Attack Technique and Lifecycle Detection
Ying-Dar Lin, Shin-Yi Yang, Didik Sudyana, and 3 more authors
@article{lin2024two,title={Two-Stage Multi-Datasource Machine Learning for Attack Technique and Lifecycle Detection},author={Lin, Ying-Dar and Yang, Shin-Yi and Sudyana, Didik and Yudha, Fietyata and Lai, Yuan-Cheng and Hwang, Ren-Hung},journal={Computers \& Security},volume={142},pages={103859},year={2024},publisher={Elsevier}}
2023
Published
Analisis Investigasi Forensik Digital pada Layanan Private Cloud Computing Menggunakan SNI 27037: 2014
@article{sudyana2023analisis,title={Analisis Investigasi Forensik Digital pada Layanan Private Cloud Computing Menggunakan {SNI} 27037: 2014},author={Sudyana, Didik and Hadi, Irwan and Yudha, Fietyata},journal={Buletin Profesi Insinyur},volume={6},number={1},pages={14--19},year={2023}}
Published
A Custom Recovery Approach for Physical Forensic Imaging of Android Device
Fietyata Yudha, Erika Ramadhani, Didik Sudyana, and 1 more author
@inproceedings{yudha2023custom,title={A Custom Recovery Approach for Physical Forensic Imaging of Android Device},author={Yudha, Fietyata and Ramadhani, Erika and Sudyana, Didik and Hamzah, Waldi Nur},booktitle={AIP Conference Proceedings},volume={2508},number={1},pages={020011},year={2023},organization={AIP Publishing}}
2021
Published
Teknik Audio Forensik dengan Metode Minkowski untuk Pengenalan Rekaman Suara Pelaku Kejahatan
@article{azwar2021teknik,title={Teknik Audio Forensik dengan Metode Minkowski untuk Pengenalan Rekaman Suara Pelaku Kejahatan},author={Azwar, Muhamad and Hidayat, Syarif and Yudha, Fietyata},journal={Cyber Security dan Forensik Digital},volume={4},number={1},pages={1--12},year={2021}}
Published
Penerapan CFTT untuk Pengujian Aplikasi Web-Based Android Analysis Tools (WAAT) Dengan Federated Testing
@article{muin2021penerapan,title={Penerapan {CFTT} untuk Pengujian Aplikasi Web-Based Android Analysis Tools ({WAAT}) Dengan Federated Testing},author={Muin, Yasir and Prayudi, Yudi and Yudha, Fietyata},journal={JATISI},volume={8},number={2},pages={870--879},year={2021}}
Published
Optimalisasi Performa Akses Halaman Web Dengan Memanfaatkan Teknik Load Balancing Pada Google Cloud
@article{ivan2021optimalisasi,title={Optimalisasi Performa Akses Halaman Web Dengan Memanfaatkan Teknik Load Balancing Pada Google Cloud},author={Firmansyah, Ivan and Yudha, Fietyata},journal={Journal of Education},volume={3},number={1},pages={49--58},year={2021}}
Published
A Prototype of Portable Digital Forensics Imaging Tools using Raspberry Device
Fietyata Yudha, Erika Ramadhani, and RM Komaryan
In IOP Conference Series: Materials Science and Engineering, 2021
@inproceedings{yudha2021prototype,title={A Prototype of Portable Digital Forensics Imaging Tools using Raspberry Device},author={Yudha, Fietyata and Ramadhani, Erika and Komaryan, RM},booktitle={IOP Conference Series: Materials Science and Engineering},volume={1077},number={1},pages={012064},year={2021},organization={IOP Publishing}}
2020
Published
Pendekatan dd sebagai Salah Satu Teknik Akuisisi Perangkat Android
Fietyata Yudha, Erika Ramadhani, Fayruz Rahma, and 1 more author
@article{yudha2020pendekatan,title={Pendekatan dd sebagai Salah Satu Teknik Akuisisi Perangkat Android},author={Yudha, Fietyata and Ramadhani, Erika and Rahma, Fayruz and Hamzah, Waldi Nur},journal={Cyber Security dan Forensik Digital},volume={3},number={1},pages={33--38},year={2020}}
Published
Pemanfaatan Google Cloud dan Teknik Load Balancing untuk Optimalisasi Performa Akses Halaman Web
@article{yudha2020pemanfaatan,title={Pemanfaatan Google Cloud dan Teknik Load Balancing untuk Optimalisasi Performa Akses Halaman Web},author={Yudha, Fietyata},year={2020},publisher={Universitas Islam Indonesia}}
2019
Published
Web Crawling Technique for Vulnerability Assessment on Web
Fietyata Yudha, Andi Muhamad Panji, Laksono Adiputro, and 1 more author
In Lecture Notes in Electrical, Electronic and Computer Engineering, 2019
@incollection{yudha2019web,title={Web Crawling Technique for Vulnerability Assessment on Web},author={Yudha, Fietyata and Panji, Andi Muhamad and Adiputro, Laksono and Ramadhani, Erika},booktitle={Lecture Notes in Electrical, Electronic and Computer Engineering},pages={48--54},year={2019},publisher={Malaysia Technical Scientist Association}}
Published
Study on Implementing Tor Communication in Connection to Storage Service Provider
Erika Ramadhani and Fietyata Yudha
In IOP Conference Series: Materials Science and Engineering, 2019
@inproceedings{ramadhani2019study,title={Study on Implementing Tor Communication in Connection to Storage Service Provider},author={Ramadhani, Erika and Yudha, Fietyata},booktitle={IOP Conference Series: Materials Science and Engineering},volume={508},number={1},pages={012141},year={2019},organization={IOP Publishing}}
2018
Published
Perancangan Aplikasi Pengujian Celah Keamanan pada Aplikasi Berbasis Web
@article{yudha2018perancangan,title={Perancangan Aplikasi Pengujian Celah Keamanan pada Aplikasi Berbasis Web},author={Yudha, Fietyata and Panji, Andi Muhammad},journal={Cyber Security dan Forensik Digital},volume={1},number={1},year={2018},publisher={Fakultas Sains dan Teknologi UIN Sunan Kalijaga}}
Published
Perancangan Nenggala Disk Duplicator (NDD) untuk Mendukung Proses Investigasi Forensik Digital
@article{yudha2018nenggala,title={Perancangan Nenggala Disk Duplicator ({NDD}) untuk Mendukung Proses Investigasi Forensik Digital},author={Yudha, Fietyata},journal={Teknoin},volume={24},number={1},pages={29--40},year={2018}}