IPMES+ Source Code and Experiment Data

software

posted on 2025-03-22, 11:36 authored by Hong-Wei Li, Ping-Ting Liu, Bo-Wei Lin, Yennun Huang

Overview

IPMES+ is a system that performs incremental pattern matching over audit event streams (provenance graph). It is the successor of the original IPMES.

The core concept of the original IPMES involves decomposing a target behavioral pattern into multiple total-ordered subpatterns (Preprocessing), matching and reordering events (Matching Layer), composing events against these subpatterns (Composition Layer), and then combining subpattern matches into complete instances (Join Layer). IPMES+ retains a similar architecture with key differences:

Integrate frequency and flow semantics by extending event pattern types and merging the Matching Layer into the Composition Layer for efficient support.
Enhancing event matching and state management through Shared Entity Filtration, Flow Contraction, and Sibling Entity Sharing Enforcement to reduce search space and state explosion.
Port the prototype from Java to Rust for better memory control and locality.

Directory Structure of This Artifact

data/: The input data for our experiments.
IPMES_PLUS/: Source code of IPMES+.
IPMES/: Source code of IPMES and IPMES with Siddhi.
timingsubg/: Modified source code of Timing.
patches/: Patch files for Experiment 4 for IPMES+.
experiments.py: The script to conduct experiments in our paper.

License

All the files in data/ and IPMES_PLUS/data/ are licensed under CC BY-NC 4.0.
The license for the source code of IPMES+ is stated in IPMES_PLUS/LICENSE.
The license for the source code of IPMES is stated in IPMES/LICENSE.
We have included our modified version of timingsubg in the timingsubg/ directory of this artifact. As of the submission of this artifact, the authors of timingsubg have not provided a license for their code. Our use of this code is solely for the purpose of experimental comparison. All copyright remains with the original authors.

Authors

Hong-Wei Li (Research Center for Information Technology Innovation, Academia Sinica, Taiwan) g6_7893000@hotmail.com
Ping-Ting Liu (Department of Computer Science, National Yang Ming Chiao Tung University, Taiwan) xyfc128@gmail.com
Bo-Wei Lin (Department of Computer Science, National Yang Ming Chiao Tung University, Taiwan) 0800680274united@gmail.com
Yennun Huang (Research Center for Information Technology Innovation, Academia Sinica, Taiwan) yennunhuang@citi.sinica.edu.tw