Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.
08-09-2020 04:48 AM
Hello,
I'm trying to use neosemantics in order to implement an existing logic of Cypher.
Data (Relation, item, item):
('Has_subtype','Data', 'Sensitive Data')
('Has_subtype','Data', 'Non Sensitive Data')
('Has_mode', 'Data', 'Data Transmission')
('Has_mode', 'Data', 'Data Storage')
('Has_mode', 'Data', 'Data Usage')
('May_use', 'Data Transmission', 'Transmission Channel')
('May_use', 'Transmission Channel', 'Network')
('Has_subtype', 'Transmission Channel', 'Wireless Channel')
('Has_subtype', 'Transmission Channel', 'Wired Channel')
('Has_subtype', 'Network', 'Untrusted Network')
('Has_subtype', 'Untrusted Network', 'LTE Network')
('Has_subtype', 'Untrusted Network', 'Internet')
('Has_subtype', 'Untrusted Network', 'Wireless Network')
('May_use', 'Sniffer', 'Untrusted Network')
('Has_subtype', 'Sniffer', 'Malicious Sniffer')
('Has_subtype', 'Sniffer', 'Authorized Sniffer')
('May_use', 'Rogue Wi-Fi AP', 'Wireless Network')
('Has_subtype', 'VPN', 'IOS VPN')
('Has_subtype', 'VPN', 'Android VPN')
('Has_subtype', 'Wi-Fi IPS', 'Harmony IoT')
Cypher query:
MATCH path = (:ITEM)<-[:Has_subtype*0..]-(:ITEM)-[:May_use]->(:ITEM)-[:Has_subtype*0..]->(b:ITEM{name:"LTENetwork"})
WITH head(nodes(path)) as ns
WHERE ns.isUsed = true
RETURN ns as result
I followed inference guide, trying to use semantics.inference.nodesInCategory
and some more, but didn't manage to receive the same results.
I was wondering if it was even possible ?? If not, it's strange, because I'm literally trying to implement reasoning graph here.
Thanks in advance.
08-11-2020 10:15 AM
Hi Boris, here's a slightly modified version of your example. I hope it clarifies how the inferencing procedures in n10s work.
Step 1: Data load (requires APOC)
UNWIND [{ rel: "SUBCLASS_OF", item2: "Network", item1: "Untrusted Network"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "LTE Network"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "Internet"},
{ rel: "SUBCLASS_OF", item2: "Untrusted Network", item1: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-1234", item2: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-6789", item2: "Wireless Network"},
{ rel: "TYPE", item1: "WIFI-0631", item2: "Wireless Network"},
{ rel: "SUBCLASS_OF", item2: "Sniffer", item1: "Malicious Sniffer"},
{ rel: "SUBCLASS_OF", item2: "Sniffer", item1: "Authorized Sniffer"},
{ rel: "TYPE", item1: "NetXRay 3.0", item2: "Malicious Sniffer"},
{ rel: "TYPE", item1: "Wireshark 3.2.5", item2: "Authorized Sniffer"},
{ rel: "TYPE", item1: "SolarWinds", item2: "Authorized Sniffer"},
{ rel: "MAY_USE", item1: "NetXRay 3.0", item2: "WIFI-1234"},
{ rel: "MAY_USE", item1: "SolarWinds", item2: "WIFI-1234"},
{ rel: "SUBCLASS_OF", item2: "WAP", item1: "Rogue Wi-Fi AP"},
{ rel: "SUBCLASS_OF", item2: "WAP", item1: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Meraki Go GR10-HW", item2: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Netgear WAC104", item2: "Authorized Wi-Fi AP"},
{ rel: "TYPE", item1: "Netgear WAC510", item2: "Rogue Wi-Fi AP"},
{ rel: "MAY_USE", item1: "Meraki Go GR10-HW", item2: "WIFI-1234"},
{ rel: "MAY_USE", item1: "Netgear WAC104", item2: "WIFI-6789"},
{ rel: "MAY_USE", item1: "Netgear WAC510", item2: "WIFI-6789"},
{ rel: "SUBCLASS_OF", item2: "VPN", item1: "IOS VPN"},
{ rel: "SUBCLASS_OF", item2: "VPN", item1: "Android VPN"},
{ rel: "SUBCLASS_OF", item2: "Wi-Fi IPS", item1: "Harmony IoT"}] as item
merge (i1:Item { id: item.item1})
merge (i2:Item { id: item.item2})
with i1, i2, item.rel as relname
call apoc.merge.relationship(i1,toupper(relname),{},{},i2) yield rel
return count(rel) as relsCreated
Step 2: Queries using inferencing (requires n10s)
Question: Which elements may access an untrusted network?
MATCH (cat:Item { id: "Untrusted Network"})
CALL n10s.inference.nodesInCategory(cat, {subCatRel: "SUBCLASS_OF", inCatRel: "TYPE"}) yield node as network
MATCH (network)<-[:MAY_USE]-(x)-[:TYPE]->(type)
RETURN type.id + " '" + x.id + "' can access network '" + network.id + "'" as summary
Which returns:
╒════════════════════════════════════════════════════════════════════════╕
│"summary" │
╞════════════════════════════════════════════════════════════════════════╡
│"Authorized Wi-Fi AP 'Netgear WAC104' can access network 'WIFI-6789'" │
├────────────────────────────────────────────────────────────────────────┤
│"Rogue Wi-Fi AP 'Netgear WAC510' can access network 'WIFI-6789'" │
├────────────────────────────────────────────────────────────────────────┤
│"Authorized Sniffer 'SolarWinds' can access network 'WIFI-1234'" │
├────────────────────────────────────────────────────────────────────────┤
│"Authorized Wi-Fi AP 'Meraki Go GR10-HW' can access network 'WIFI-1234'"│
├────────────────────────────────────────────────────────────────────────┤
│"Malicious Sniffer 'NetXRay 3.0' can access network 'WIFI-1234'" │
└────────────────────────────────────────────────────────────────────────┘
Not sure it reflects what you were trying to achieve but maybe you can describe what other queries would be relevant?
Hope this helps.
JB.
All the sessions of the conference are now available online