Struggle to convert Cypher

boris.bakman · August 9, 2020, 11:48am

Hello,
I'm trying to use neosemantics in order to implement an existing logic of Cypher.

Data (Relation, item, item):

('Has_subtype','Data', 'Sensitive Data')
('Has_subtype','Data', 'Non Sensitive Data')
('Has_mode', 'Data', 'Data Transmission')
('Has_mode', 'Data', 'Data Storage')
('Has_mode', 'Data', 'Data Usage')
('May_use', 'Data Transmission', 'Transmission Channel')
('May_use', 'Transmission Channel', 'Network')
('Has_subtype', 'Transmission Channel', 'Wireless Channel')
('Has_subtype', 'Transmission Channel', 'Wired Channel')
('Has_subtype', 'Network', 'Untrusted Network')
('Has_subtype', 'Untrusted Network', 'LTE Network')
('Has_subtype', 'Untrusted Network', 'Internet')
('Has_subtype', 'Untrusted Network', 'Wireless Network')
('May_use', 'Sniffer', 'Untrusted Network')
('Has_subtype', 'Sniffer', 'Malicious Sniffer')
('Has_subtype', 'Sniffer', 'Authorized Sniffer')
('May_use', 'Rogue Wi-Fi AP', 'Wireless Network')
('Has_subtype', 'VPN', 'IOS VPN')
('Has_subtype', 'VPN', 'Android VPN')
('Has_subtype', 'Wi-Fi IPS', 'Harmony IoT')

Cypher query:

MATCH path = (:ITEM)<-[:Has_subtype*0..]-(:ITEM)-[:May_use]->(:ITEM)-[:Has_subtype*0..]->(b:ITEM{name:"LTENetwork"})
WITH head(nodes(path)) as ns
WHERE ns.isUsed = true
RETURN ns as result

Cypher graph result

I followed inference guide, trying to use semantics.inference.nodesInCategory and some more, but didn't manage to receive the same results.

I was wondering if it was even possible ?? If not, it's strange, because I'm literally trying to implement reasoning graph here.

Thanks in advance.

jesus_barrasa · August 11, 2020, 5:15pm

Hi Boris, here's a slightly modified version of your example. I hope it clarifies how the inferencing procedures in n10s work.

Step 1: Data load (requires APOC)

UNWIND [{ rel: "SUBCLASS_OF", item2: "Network", item1: "Untrusted Network"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "LTE Network"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "Internet"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-1234", item2: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-6789", item2: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-0631", item2: "Wireless Network"},
{ rel: "SUBCLASS_OF", item2: "Sniffer", item1: "Malicious Sniffer"},
{ rel: "SUBCLASS_OF", item2: "Sniffer", item1: "Authorized Sniffer"},
{ rel: "TYPE", item1: "NetXRay 3.0", item2: "Malicious Sniffer"},
{ rel: "TYPE", item1: "Wireshark 3.2.5", item2: "Authorized Sniffer"},
{ rel: "TYPE", item1: "SolarWinds", item2: "Authorized Sniffer"},
{ rel: "MAY_USE", item1: "NetXRay 3.0", item2: "WIFI-1234"},
{ rel: "MAY_USE", item1: "SolarWinds", item2: "WIFI-1234"},
{ rel: "SUBCLASS_OF", item2: "WAP", item1: "Rogue Wi-Fi AP"},
{ rel: "SUBCLASS_OF", item2: "WAP", item1: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Meraki Go GR10-HW", item2: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Netgear WAC104", item2: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Netgear WAC510", item2: "Rogue Wi-Fi AP"},
{ rel: "MAY_USE", item1: "Meraki Go GR10-HW", item2: "WIFI-1234"},
{ rel: "MAY_USE", item1: "Netgear WAC104", item2: "WIFI-6789"},
{ rel: "MAY_USE", item1: "Netgear WAC510", item2: "WIFI-6789"},
{ rel: "SUBCLASS_OF", item2: "VPN", item1: "IOS VPN"},
{ rel: "SUBCLASS_OF", item2: "VPN", item1: "Android VPN"},
{ rel: "SUBCLASS_OF", item2: "Wi-Fi IPS", item1: "Harmony IoT"}] as item
merge (i1:Item { id: item.item1})
merge (i2:Item { id: item.item2})
with i1, i2, item.rel as relname
call apoc.merge.relationship(i1,toupper(relname),{},{},i2) yield rel
return count(rel) as relsCreated

Step 2: Queries using inferencing (requires n10s)

Question: Which elements may access an untrusted network?

MATCH (cat:Item { id: "Untrusted Network"})
CALL n10s.inference.nodesInCategory(cat, {subCatRel: "SUBCLASS_OF", inCatRel: "TYPE"}) yield node as network
MATCH (network)<-[:MAY_USE]-(x)-[:TYPE]->(type)
RETURN type.id + " '" + x.id + "' can access network '" + network.id + "'" as summary

Which returns:

╒════════════════════════════════════════════════════════════════════════╕
│"summary"                                                               │
╞════════════════════════════════════════════════════════════════════════╡
│"Authorized Wi-Fi AP 'Netgear WAC104' can access network 'WIFI-6789'"   │
├────────────────────────────────────────────────────────────────────────┤
│"Rogue Wi-Fi AP 'Netgear WAC510' can access network 'WIFI-6789'"        │
├────────────────────────────────────────────────────────────────────────┤
│"Authorized Sniffer 'SolarWinds' can access network 'WIFI-1234'"        │
├────────────────────────────────────────────────────────────────────────┤
│"Authorized Wi-Fi AP 'Meraki Go GR10-HW' can access network 'WIFI-1234'"│
├────────────────────────────────────────────────────────────────────────┤
│"Malicious Sniffer 'NetXRay 3.0' can access network 'WIFI-1234'"        │
└────────────────────────────────────────────────────────────────────────┘

Not sure it reflects what you were trying to achieve but maybe you can describe what other queries would be relevant?

Hope this helps.

JB.