SPHINX Toolkit Decision Support System
The term ‘Decision Support System’ refers to an interactive computer-based system or subsystem intended to help decision-makers use communications technologies, data, documents, knowledge and/or models to identify and solve problems, complete decision process tasks, and make decisions.
There are five main categories of DSSs:
The SPHINX DSS is a data driven DSS that utilizes historical and real-time data to support the users in decision-making. SPHINX DSS has two main functionalities, the pro-active and the active. The proactive functionality serves as an Intrusion Prevention System (IPS) that notifies the user for an upcoming attack. In this case, the user might stop the attacker by blocking the attacker’s port. On the other hand, with the active functionality, the DSS provides not only a specific response plan for each event but also the risk level reduction for each applied action.
To achieve the above functionalities the DSS utilizes the data from SPHINX components responsible of data collection (e.g., VAaaS, SIEM, MLID) and effectively detects potential abnormalities at different levels of the IT distributed network in the spatiotemporal domain. The data aggregation provides the ability for visualizations and descriptive statistics computations that support the user in decision making.
Also, SPHINX DSS exploits the domain expert’s knowledge to set the rules based on the input data to provide the response plan. Thus, it integrates lower-level decisions and alerts that lead to high-level decisions and plan suggestions that are sent to Interactive Dashboards via a REST API.
The SPHINX DSS consists of four major modules:
The Data Management module: It performs the function of storing and maintaining the information that DSS uses.
The Model Management module: A system that stores and maintains the DSS models. In this case a model is a representation of an event (e.g., secure data, possible intrusion, etc.), on which users can experiment and analyse information in many different ways.
The User Interface Management module: It facilitates communication within the DSS.
The Knowledge Management module: It provides information about the relationship among data that is too complex for a database to represent. sent. It consists of rules that can constrain possible solutions as well as alternative solutions and methods for evaluating them.