It all begins with structured meaning. Consider a cybersecurity ontology where WannaCry ransomware exploits CVE-2023–1234, APT28 targets enterprise assets, SQL injection attacks originate from threat actors, and web applications are protected by WAFs and firewalls — all formally defined in OWL/RDF using Protégé. This is not just documentation; this is machine-computable intelligence. In this article, I show how such rich semantic models are transformed into AI-queryable Neo4j knowledge graphs and supercharged with Qdrant-based GraphRAG, enabling large language models to answer complex questions like “Which malware exploits our most critical vulnerabilities and how is it mitigated?” with precision, traceability, and real-world production relevance.
Neo4j is a Labeled Property Graph (LPG) database where both nodes and relationships are first-class citizens with labels, direction, and rich properties — making it an ideal runtime engine for ontology-driven GraphRAG systems.
<IPIndicator rdf:about="#IOC_MaliciousIP">
<rdfs:label>Malicious IP Address</rdfs:label>
<ipAddress>45.123.45.67</ipAddress>
<threatLevel>High</threatLevel>
</IPIndicator>
<FileHashIndicator rdf:about="#IOC_MalwareHash">
<rdfs:label>Malware File Hash</rdfs:label>
<fileHash>ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa</fileHash>
</FileHashIndicator>
<DomainIndicator rdf:about="#IOC_MaliciousDomain">
<rdfs:label>Malicious Domain</rdfs:label>
<description>evil-command-server.com</description>
<threatLevel>Critical</threatLevel>
</DomainIndicator>
<CommandAndControlServer rdf:about="#C2_Server01">
<rdfs:label>C2 Server</rdfs:label>
<ipAddress>45.123.45.67</ipAddress>
</CommandAndControlServer>
<!-- Relationships -->
Full Ontology is here https://github.com/vishalmysore/graphrag/blob/main/graphrag/ontologies/cybersecurity-threat.owl
Now lets load them into Protege!
For setup instructions please look at my previous article here
Once you load the ontology you can export it to Neo4J AuraDB cloud from the plugin directly
After you export the ontology you will get a confirmation on total number of nodes, classes, exported
Login to your Neo4J cloud and view the graph directly
The concept of transforming an Ontology into a Knowledge Graph (KG) stored in a system like Neo4j is fundamentally about bridging two different, yet complementary, paradigms for knowledge representation: Semantic Web Models and Labeled Property Graphs (LPGs).
🧠 1. The Two Paradigms
The concept relies on understanding the distinct strengths of the semantic model (Protégé/OWL) and the property graph model (Neo4j/Cypher).
A. Ontology (OWL/RDF) — The Formal Blueprint
An Ontology is a formal, explicit specification of a conceptualization. It acts as the schema or blueprint for an entire knowledge domain.
Focus: Formal Semantics, Reasoning, and Consistency. What must be true based on logical rules (axioms and constraints).
Structure: Uses the Resource Description Framework (RDF), which is built on Triples: (Subject, Predicate, Object).
Classes (e.g., Threat, Malware) define the types of entities.
Object Properties (e.g., exploits, targets) define relationships between entities.
Datatype Properties (e.g., cveID, severity) define attributes of entities.
Strength: Enables logical reasoning (e.g., inferring that a Ransomware instance is also a Threat instance) and ensures data consistency using reasoners like HermiT.
B. Knowledge Graph (LPG) — The Operational Data Structure
A Knowledge Graph in a system like Neo4j uses the Labeled Property Graph (LPG) model. It focuses on storing and querying large volumes of interconnected, real-world data efficiently.
Focus: Efficient Traversal, Pattern Matching, and Scalability. What exists and how is it connected in the data.
Structure: Comprised of four key components:
Nodes: Represent entities (e.g., specific server, specific malware instance).
Labels: Categorize nodes (e.g., :Server, :Malware). A node can have multiple labels.
Relationships (Edges): Connect nodes and are always directional (e.g., [:TARGETS]).
Properties: Key-value pairs on both nodes and relationships.
Strength: Enables fast, iterative pathfinding (Cypher’s MATCH and RETURN) and the application of graph algorithms (e.g., PageRank).
🗺️ 2. The Core Conversion Mapping
The conceptual conversion process translates the formal semantic components of the ontology into the structural components of the Labeled Property Graph.
Press enter or click to view image in full size
Example Conversion Trace
Our ontology defined the following relationship structure:
Threat - Exploits--> Vlunerablity
In the Neo4j Knowledge Graph, this is materialized by:
A Threat Node (e.g., labeled :Ransomware)
An outbound Relationship (Type [:EXPLOITS])
A Vulnerability Node (e.g., labeled :ZeroDayVulnerability)
A Cypher query to find this pattern would look like:
MATCH (t:Threat)-[:EXPLOITS]->(v:Vulnerability)
RETURN t.label, v.cveID
🔄 3. The Power of Synergy
The core conceptual benefit of converting an ontology to an LPG Knowledge Graph is the ability to combine the best of both worlds:
Logical Rigor + Computational Speed: We use the ontology to define the meaning and rules of our domain (e.g., a Vulnerability must have a CVE ID), ensuring high data quality. We use the Knowledge Graph to store and query billions of actual instances at high speed.
Schema Flexibility: The LPG model is schema-optional (or schema-flexible), allowing you to quickly ingest new, messy data, while the ontology acts as the canonical, semantic layer on top, validating and organizing the data.
Advanced Inference: The initial ontology can be used by an OWL reasoner to infer new facts (e.g., inferring a vulnerability is “High Risk” based on its CVSS score). These inferred facts can then be written directly back into the Neo4j graph as new nodes or relationships, making the graph smarter and ready for querying.
This synergy enables powerful applications like Graph-based Retrieval-Augmented Generation (GraphRAG), where the graph provides grounded, explicit knowledge to large language models, mitigating hallucination and providing context-aware answers.
Top comments (0)