Dipl.-Inform. Rafael Uetz

Wissenschaftlicher Mitarbeiter bei Fraunhofer FKIE

Telefon: +49 228 50212-593
Fax: +49 228 50212-688
E-Mail: rafael.uetz@REMOVETHISPART.fkie.fraunhofer.de
  Fraunhofer FKIE
Zanderstraße 5
D-53177 Bonn
Raum: 2.18 - Zanderstr. 5

Research Interests

  • Security Information and Event Management
  • Security Monitoring / Intrusion Detection / Threat Hunting
  • Digital Forensics
  • Event Correlation
  • Machine Learning and Anomaly Detection


Please see undefinedmy Google Scholar profile.


Supervised Theses

  • "Evaluation of Risk-Based Alerting Approaches", Master's Thesis, WT 2022/2023.
  • "A Comparison of Alarm Prioritisation Methods in SOCs", Master's Thesis, WT 2021/2022.
  • "Evaluation der Reproduzierbarkeit simulierter Cyberangriffe in SOCBED", Bachelor Thesis, ST 2021.
  • "Clustering Text-Based Logs With an Empirical Offline Approach", Master's Thesis, WT 2020/2021.
  • "Bewertung der MITRE ATT&CK Evaluations als Benchmark zur Angriffsdetektion", Bachelor Thesis, ST 2020.
  • "Evaluation von Windows Event Logging Best Practices zur Erkennung von Post-Exploitation-Schritten", Bachelor Thesis, ST 2019.
  • "Generating a Dataset for Evaluating Attack Detection Methods", Master's Thesis, ST 2019.
  • "Security Event Correlation on Log Event Streams", Master's Thesis, ST 2018.
  • "Design, Implementierung und Evaluation von Clustering-Verfahren zur Typisierung von Logdaten", Bachelor Thesis, WT 2017/2018.
  • "Spam Detection with Machine Learning", Master's Thesis, WT 2016/2017.
  • "Streaming Algorithms for Flow-based Data Exfiltration Detection", Master's Thesis, WT 2016/2017.
  • "Design, Implementation and Evaluation of a Statistical Approach for Network Anomaly Detection", Master's Thesis, WT 2015/2016.
  • "Conception, Implementation and Evaluation of a Secure Deletion Mechanism for Sensitive User Data in Main Memory", Master's Thesis, ST 2014.
  • "Simulation of an Enterprise Network with Realistic User Behavior", Master's Thesis, ST 2014.
  • "Forensische Untersuchung der Firefox-History durch Analyse gelöschter SQLite-WAL-Dateien", Bachelor Thesis, ST 2013.
  • "Parallel File Carving for Fragmented JPEG Files", Master's Thesis, ST 2012.

Supervised Labs, Seminars, and Project Groups

  • "Intrusion Detection Systems", Project Group, ST 2020.
  • "An Evaluation of Elasticsearch, HDFS and Spark for Security Data Analytics", Lab, WT 2018/2019
  • "APT-Simulatoren", Project Group, WT 2018/2019
  • "Detection of IoCs using Sysmon and the Elastic Stack", Lab, ST 2018.
  • "Elasticore: Elasticsearch Correlation Engine", Lab, WT 2017/2018.
  • "Log Clustering with Adaptable Patterns", Lab, WT 2016/2017.
  • "Log Event Correlation", Seminar, WT 2016/2017.
  • "A Framework for the Simulation of Targeted Attacks", Lab, WT 2015/2016.
  • "A taxonomy and evaluation of selected targeted attacks focussed on the current APT landscape and the Intrusion Kill Chain", Seminar, WT 2015/2016.
  • "Detection of Targeted Attacks", Lab, ST 2015.
  • "SIEM Analysis Against Targeted Attacks", Lab, WT 2014/2015.
  • "IT-Sicherheitsvorfälle in der Praxis", Project Group, WT 2014/2015.
  • "Browsing Privacy", Seminar, ST 2014.
  • "SSD Forensics", Seminar, WT 2013/2014.
  • "A Forensic Analysis of Firefox Private Browsing Artifacts in Main Memory", Lab, ST 2013.
  • "A Forensic Analysis of Private Browsing Artifacts", Seminar, ST 2013.
  • "Host-based Intrusion Detection/Prevention Systems", Seminar, WT 2012/2013.
  • "Implementierung eines Programms zur Wiederherstellung gelöschter Dateien aus einer FAT32-Partition", Project Group, WT 2012/2013.
  • "Implementation of a File Carver for Fragmented JPEGs", Lab, WT 2011/2012.


  • Lecture and exercise on logging and log management as part of the course "Digitale Forensik", H-BRS, WT 2020/2021, 2021/2022, and 2022/2023.
  • Exercises for the course "Network Security", Uni Bonn, ST 2013, 2014, and 2015.


  • "Security Awareness Game", Student Internship, WT 2013/2014.
  • "Malicious Mouse", Student Internship, WT 2011/2012.