In this thesis we study how the existing PINGS-algorithm (Procedures for INvestigative Graph Search) can be used for finding described phenomena in a generic knowledge graph. The knowledge graph represents all identified entities (nodes) and connections (edges) that we assume to know about something as a network. We identify candidates, subgraphs, by describing the phenomena as a query graph. The query graph is a small representation of known entities and connections we assume to at least partially match. As we query the knowledge graph using the query graph, the result can contain similar but not necessary exact matches. The original PINGS-algorithm is developed by Muramudalige et al.

First, we study the original PINGS-algorithm and test the functionality on the basis of available information. We test the algorithm with a dataset that is created by the original developers and presented in the cited articles.

During the study, we realize that the publiced source code of the PINGS-algorithm doesn't work as such for the intended purpose. We decide to re-write the algorithm following the published articles and documentation to make the algorithm work for our knowledge graph. For evaluating the algorithm suitability for our case, we develop a synthetic knowledge graph consisting of computers, networks and vulnerabilities. This synthetized netowrk is more heterogenous of nature compared to the original material.

As a result of this work, we manage to find vulnerable computers and connections in the synthetic network. We discover that the PINGS-algorithm can roughly fit the purpose of mining described phenomena from an generic incomplete knowledge graph. We describe identified and proposed improvements and proposals of continued study that can improve the algorithm and similar solutions.