The growing complexity of enterprise networks and the proliferation of security devices creates a resource availability crisis for security professionals seeking to concurrently manage security controls and analyze voluminous log records for evidence of suspicious activity. This dissertation proposes the use of data mining techniques and firewall management tools to facilitate the secure management of controlled networks and simultaneously reduce security management resource requirements.
The techniques presented in this dissertation each advance the state of the art in resource-constrained security management by focusing on the implementation of security controls in a controlled environment, such as a university data center. The techniques presented in this research present practical approaches to security management. Earlier work in this space offers unwieldy techniques difficult to implement in a production environment due to either the complexity of the technique or the overhead introduced by significant false positive rates. This work applies analysis techniques that leverage the uniquely stable nature of such environments and proposes an architecture for the extension of this control to mobile systems. It strives to maximize the benefit achieved by the tools while simultaneously minimizing the cost to the implementing organization.