Office Hours

For reliable meetings, please arrange an appointment via mail.

Leonard Bradatsch

Leonard Bradatsch holds a Bachelor degree in Media Informatics and a Master degree in Computer Science from Ulm University. He is currently employed as a research assistant at the Institute of Distributed Systems.


As part of my thesis, I am currently working on anomaly detection based on network traffic records.

Research Interests 

  • Low-level Programming in C and C++
  • All kinds of network infrastructures and protocols
  • Network Device and Protocol Testing
  • Network Behavior Analysis


  • bwNetFlow (started 2017/12 – 2020/06; not completed): Development of a toolchain for live data analysis and anomaly detection based on NetFlow records provided by the BelWü core routers.

Dataset Overview

Here you can find an overview of datasets that can be used for anomaly detection in computer networks.



Bradatsch, L., Hermann, A. and Kargl, F. 2024. Attribute Threat Analysis and Risk Assessment for ABAC and TBAC Systems. In Proceedings of the 21st International Conference on Security and Cryptography (Jul. 2024), 26–39.


Bradatsch, L., Miroshkin, O. and Kargl, F. 2023. ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture. IEEE Access. 11, (2023), 125307–125327.
Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC.
Bradatsch, L., Miroshkin, O., Trkulja, N. and Kargl, F. 2023. Zero Trust Score-based Network-level Access Control in Enterprise Networks. 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2023), 1–7.
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for mak- ing an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.


Bradatsch, L., Haeberle, M., Steinert, B., Kargl, F. and Menth, M. 2022. Secure Service Function Chaining in the Context of Zero Trust Security. 2022 IEEE 47th Conference on Local Computer Networks (LCN) (2022), 123–131. (acceptance rate: 24%)
Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators fine-grained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of network architectures. This includes client authentication, confidentiality, and integrity throughout the whole network, while also being able to perform operations on the unencrypted payload of packets. However, these requirements are only partially addressed in existing SFC literature. Therefore, we first present a comprehensive analysis of the security requirements for SFC architectures. Based on this analysis, we propose a concept towards the fulfillment of the requirements while maintaining the flexibility of SFC. In addition, we provide and evaluate a proof of concept implementation, and discuss the implications of the design choices.


Bradatsch, L., Kargl, F. and Miroshkin, O. 2021. Zero Trust Service Function Chaining. Conference on Networked Systems 2021 (NetSys 2021) (2021).


Nägele, D., Hauser, C.B., Bradatsch, L. and Wesner, S. 2019. bwNetFlow: A Customizable Multi-Tenant Flow Processing Platform for Transit Providers. 2019 IEEE/ACM Innovating the Network for Data-Intensive Science (INDIS) (2019), 9–16.
Bradatsch, L. 2019. Anomaly detection based on traffic records. International Conference on Networked Systems (2019).


Bradatsch, L., Lukaseder, T. and Kargl, F. 2017. A Testing Framework for High-Speed Network and Security Devices. 2017 IEEE 42nd Conference on Local Computer Networks (LCN) (2017), 506–509.


Lukaseder, T., Bradatsch, L., Erb, B. and Kargl, F. 2016. Setting Up a High-Speed TCP Benchmarking Environment - Lessons Learned. 41st Conference on Local Computer Networks (Nov. 2016), 160–163. (acceptance rate: 33%)
There are many high-speed TCP variants with different congestion control algorithms, which are designed for specific settings or use cases. Distinct features of these algorithms are meant to optimize different aspects of network performance, and the choice of TCP variant strongly influences application performance. However, setting up tests to help with the decision of which variant to use can be problematic, as many systems are not designed to deal with high bandwidths, such as 10 Gbps or more. This paper provides an overview of pitfalls and challenges of realistic network analysis to help in the decision making process.
Lukaseder, T., Bradatsch, L., Erb, B., Van Der Heijden, R.W. and Kargl, F. 2016. A comparison of TCP congestion control algorithms in 10G networks. 41st Conference on Local Computer Networks (2016), 706–714. (acceptance rate: 28%)
The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.


Frommel, J., Rogers, K., Brich, J., Besserer, D., Bradatsch, L., Ortinau, I., Schabenberger, R., Riemer, V., Schrader, C. and Weber, M. 2015. Integrated Questionnaires: Maintaining Presence in Game Environments for Self-Reported Data Acquisition. Proceedings of the 2015 Annual Symposium on Computer-Human Interaction in Play (London, United Kingdom, 2015), 359–368.
Research in human-computer interaction often requires the acquisition of self-reported data. Particularly concerning serious games, the interaction between the game and the user still holds many unknown aspects, partly due to the user's double role as player and learner. An easy way of collecting data consists of questionnaires, mostly employed in pen-and-paper or electronic form. In order to gather data points during game play, the player is interrupted, potentially causing unintentional side effects. We suggest an integration of questionnaires into games as game elements, in order to mitigate the effects of interruption. A serious game prototype with an integrated survey was implemented, and evaluated regarding its effects on the players' experience of presence.


Bradatsch, Leonard; Lukaseder, Thomas; Kargl, Frank
A Testing Framework for High-Speed Network and Security Devices
Proceedings of the 42nd IEEE Conference on Local Computer Networks (LCN)
Oktober 2017


Lukaseder, Thomas; Bradatsch, Leonard; Erb, Benjamin; van der Heijden, Rens W.; Kargl, Frank
A Comparison of TCP Congestion Control Algorithms in 10G Networks
Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN), Seite 706-714
IEEE Conference on Local Computer Networks (LCN)
Dubai, UAE
7.-10. November
November 2016
Lukaseder, Thomas; Bradatsch, Leonard; Erb, Benjamin; Kargl, Frank
Setting Up a High-Speed TCP Benchmarking Environment — Lessons Learned
Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN), Seite 160-163
IEEE Conference on Local Computer Networks (LCN)
Dubai, UAE
7.-10. November
November 2016


Frommel, Julian; Rogers, Katja; Brich, Julia; Besserer, Daniel; Bradatsch, Leonard; Ortinau, Isabel; Schabenberger, Ramona; Riemer, Valentin; Schrader, Claudia; Weber, Michael
Integrated Questionnaires: Maintaining Presence in Game Environ- ments for Self-Reported Data Acquisition.