ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

Xiao Zhou Wang; Sheng Hong; Jun Zhang; Jiacheng Wang; Lin Lin; Yuanjun Ji; Tong Liu; Zun Wang

doi:10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

Xiao Zhou Wang
, Sheng Hong
, Jun Zhang
, Jiacheng Wang
, Lin Lin
, Yuanjun Ji
, Tong Liu
, Zun Wang^*

^*此作品的通讯作者

网络空间安全学院

China Mobile Communications Group Co., Ltd.
Ltd.
Beihang University
China Mobile Group Design Institute Co., Ltd.
Ltd
Ministry of Industry and Information Technology

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

1 引用（Scopus）

摘要

With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

源语言	英语
主期刊名	Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
出版商	Institute of Electrical and Electronics Engineers Inc.
页	407-413
页数	7
ISBN（电子版）	9798331535858
DOI	https://doi.org/10.1109/MICCIS66057.2025.00074
出版状态	已出版 - 2025
活动	3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 - Dongguan, 中国期限: 11 4月 2025 → 14 4月 2025

出版系列

姓名	Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

会议

会议	3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
国家/地区	中国
市	Dongguan
时期	11/04/25 → 14/04/25

访问文件

10.1109/MICCIS66057.2025.00074

其它文件与链接

链接到 Scopus 的出版物

引用此

Wang, X. Z., Hong, S., Zhang, J., Wang, J., Lin, L., Ji, Y., Liu, T., & Wang, Z. (2025). ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. 在 Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 (页码 407-413). (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MICCIS66057.2025.00074

Wang, Xiao Zhou ; Hong, Sheng ; Zhang, Jun 等. / ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. 页码 407-413 (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025).

@inproceedings{03f48fcf4c284c8782a8bd797f25c1e1,

title = "ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph",

abstract = "With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.",

keywords = "Cyberspace Security, Information and Communication Technology, Security analysis, Supply chain security",

author = "Wang, \{Xiao Zhou\} and Sheng Hong and Jun Zhang and Jiacheng Wang and Lin Lin and Yuanjun Ji and Tong Liu and Zun Wang",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025 ; Conference date: 11-04-2025 Through 14-04-2025",

year = "2025",

doi = "10.1109/MICCIS66057.2025.00074",

language = "英语",

series = "Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "407--413",

booktitle = "Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025",

address = "美国",

}

Wang, XZ, Hong, S, Zhang, J, Wang, J, Lin, L, Ji, Y, Liu, T & Wang, Z 2025, ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. 在 Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025, Institute of Electrical and Electronics Engineers Inc., 页码 407-413, 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025, Dongguan, 中国, 11/04/25. https://doi.org/10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. / Wang, Xiao Zhou; Hong, Sheng; Zhang, Jun 等.
Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc., 2025. 页码 407-413 (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

AU - Wang, Xiao Zhou

AU - Hong, Sheng

AU - Zhang, Jun

AU - Wang, Jiacheng

AU - Lin, Lin

AU - Ji, Yuanjun

AU - Liu, Tong

AU - Wang, Zun

PY - 2025

Y1 - 2025

N2 - With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

AB - With the fast development of technology, the importance of ICT (Information and Communication Technology) product supply chains in production and daily life is growing and becoming a bigger market. Given the differences that exist between traditional and ICT product supply chains, security issues relating to ICT product supply chains have been increasingly coming to the fore. This paper proposes an ICT supply chain security assessment model based on Bayesian attack graphs. The model begins by analyzing the ICT supply chain to identify potential vulnerabilities and establishing an attack graph. Once the attack graph model structure is constructed, Bayesian theory is applied for quantification. A quantitative evaluation index for ICT supply chain threats is established based on the difficulty of exploiting vulnerabilities and their impact level. The corresponding atomic attack probabilities are calculated and linked to the ICT supply chain's security attribute nodes in the form of conditional transition probabilities. This approach not only infers the risk probability of an attacker successfully reaching various attribute nodes but also dynamically updates the changes in risk status based on observed attack behaviors. This enables the assessment of the overall risk status of the target supply chain under different conditions.

KW - Cyberspace Security

KW - Information and Communication Technology

KW - Security analysis

KW - Supply chain security

UR - https://www.scopus.com/pages/publications/105022503229

U2 - 10.1109/MICCIS66057.2025.00074

DO - 10.1109/MICCIS66057.2025.00074

M3 - 会议稿件

AN - SCOPUS:105022503229

T3 - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

SP - 407

EP - 413

BT - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025

Y2 - 11 April 2025 through 14 April 2025

ER -

Wang XZ, Hong S, Zhang J, Wang J, Lin L, Ji Y 等. ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph. 在 Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025. Institute of Electrical and Electronics Engineers Inc. 2025. 页码 407-413. (Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025). doi: 10.1109/MICCIS66057.2025.00074

ICT Supply Chain Security Evaluation Model Based on Bayesian Attack Graph

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此