ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

Xiao Zhou Wang; Sheng Hong; Jun Zhang; Jiacheng Wang; Lin Lin; Yuanjun Ji; Tong Liu; Zun Wang

doi:10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

Xiao Zhou Wang
, Sheng Hong
, Jun Zhang
, Jiacheng Wang
, Lin Lin
, Yuanjun Ji
, Tong Liu
, Zun Wang^*

^*Corresponding author for this work

School of Cyber Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

Original language	English
Title of host publication	Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	407-413
Number of pages	7
ISBN (Electronic)	9798331535858
DOIs	https://doi.org/10.1109/MICCIS66057.2025.00074
State	Published - 2025
Event	3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 - Dongguan, China Duration: 11 Apr 2025 → 14 Apr 2025

Publication series

Name	Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

Conference

Conference	3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
Country/Territory	China
City	Dongguan
Period	11/04/25 → 14/04/25

Keywords

Cyberspace Security
Information and Communication Technology
Security analysis
Supply chain security

Access to Document

10.1109/MICCIS66057.2025.00074

Cite this

Wang, X. Z., Hong, S., Zhang, J., Wang, J., Lin, L., Ji, Y., Liu, T., & Wang, Z. (2025). ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. In Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 (pp. 407-413). (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MICCIS66057.2025.00074

Wang, Xiao Zhou ; Hong, Sheng ; Zhang, Jun et al. / ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 407-413 (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025).

@inproceedings{03f48fcf4c284c8782a8bd797f25c1e1,

title = "ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph",

abstract = "With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.",

keywords = "Cyberspace Security, Information and Communication Technology, Security analysis, Supply chain security",

author = "Wang, \{Xiao Zhou\} and Sheng Hong and Jun Zhang and Jiacheng Wang and Lin Lin and Yuanjun Ji and Tong Liu and Zun Wang",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 ; Conference date: 11-04-2025 Through 14-04-2025",

year = "2025",

doi = "10.1109/MICCIS66057.2025.00074",

language = "英语",

series = "Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "407--413",

booktitle = "Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025",

address = "美国",

}

Wang, XZ, Hong, S, Zhang, J, Wang, J, Lin, L, Ji, Y, Liu, T & Wang, Z 2025, ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. in Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025, Institute of Electrical and Electronics Engineers Inc., pp. 407-413, 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025, Dongguan, China, 11/04/25. https://doi.org/10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. / Wang, Xiao Zhou; Hong, Sheng; Zhang, Jun et al.
Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. p. 407-413 (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

AU - Wang, Xiao Zhou

AU - Hong, Sheng

AU - Zhang, Jun

AU - Wang, Jiacheng

AU - Lin, Lin

AU - Ji, Yuanjun

AU - Liu, Tong

AU - Wang, Zun

PY - 2025

Y1 - 2025

N2 - With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

AB - With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

KW - Cyberspace Security

KW - Information and Communication Technology

KW - Security analysis

KW - Supply chain security

UR - https://www.scopus.com/pages/publications/105022503229

U2 - 10.1109/MICCIS66057.2025.00074

DO - 10.1109/MICCIS66057.2025.00074

M3 - 会议稿件

AN - SCOPUS:105022503229

T3 - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

SP - 407

EP - 413

BT - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

Y2 - 11 April 2025 through 14 April 2025

ER -

Wang XZ, Hong S, Zhang J, Wang J, Lin L, Ji Y et al. ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. In Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 407-413. (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025). doi: 10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this