Kondakçı, Süleyman2023-06-162023-06-1620089.78E+12https://doi.org/10.1109/IAS.2008.59https://hdl.handle.net/20.500.14365/35334th International Symposium on Information Assurance and Security, IAS 2008 -- 8 September 2008 through 10 September 2008 -- Napoli -- 73855This paper presents a new concept of security assessment methodology while promoting several areas of its application. Attack pattern analysis, network security monitoring locally or remotely are the major application areas of this concept. Instead of testing each asset or a network node separately by applying repetitive attacks and assessments, the composite system generates and executes attacks once, composes risk data, and uses the risk data for the entire network in order to perform the overall assessment. This unique approach can be used as a model to guide development of intrusion detection systems, intelligent network security analysis, monitoring systems, and also as a complementary function in information security test and evaluation laboratories. © 2008 IEEE.eninfo:eu-repo/semantics/closedAccessComputer crimeInternetNetwork securityNuclear materials safeguardsProgram processorsSecurity of dataApplication areasAttack patternsComposite systemsInformation securitiesIntrusion Detection systemsMonitoring systemsNetwork nodesNew conceptsSecurity assessmentsSecurity monitoringIntrusion detectionConference Object10.1109/IAS.2008.592-s2.0-55349129266