sphinx-project.eu / Blog  / SPHINX Toolkit Decision Support System

SPHINX Toolkit Decision Support System

The term ‘Decision Support System’ refers to an interactive computer-based system or subsystem intended to help decision-makers use communications technologies, data, documents, knowledge and/or models to identify and solve problems, complete decision process tasks, and make decisions.

There are five main categories of DSSs:

  • Communications-driven
  • Data-driven
  • Document-driven
  • Knowledge-driven
  • Model-driven

The SPHINX DSS is a data driven DSS that utilizes historical and real-time data to support the users in decision-making. SPHINX DSS has two main functionalities, the pro-active and the active. The proactive functionality serves as an Intrusion Prevention System (IPS) that notifies the user for an upcoming attack. In this case, the user might stop the attacker by blocking the attacker’s port. On the other hand, with the active functionality, the DSS provides not only a specific response plan for each event but also the risk level reduction for each applied action.

To achieve the above functionalities the DSS utilizes the data from SPHINX components responsible of data collection (e.g., VAaaS, SIEM, MLID) and effectively detects potential abnormalities at different levels of the IT distributed network in the spatiotemporal domain. The data aggregation provides the ability for visualizations and descriptive statistics computations that support the user in decision making.

Also, SPHINX DSS exploits the domain expert’s knowledge to set the rules based on the input data to provide the response plan. Thus, it integrates lower-level decisions and alerts that lead to high-level decisions and plan suggestions that are sent to Interactive Dashboards via a REST API.

The SPHINX DSS  consists  of  four  major  modules:

The Data Management module: It performs the function of storing and maintaining the information that DSS uses.

The Model Management module: A system that stores and maintains the DSS models. In this case a model is a representation of an event (e.g., secure data, possible  intrusion, etc.), on which users can experiment and analyse information in many different ways.

The User Interface Management module: It facilitates  communication within the DSS.

The Knowledge  Management module: It provides information about the relationship among  data that is too complex  for  a  database  to  represent. sent.  It consists of rules that can  constrain possible solutions as well as alternative solutions and methods for evaluating them.

More information about the Decision Support System component can be found at Deliverable 5.1 which is publicly available here and Deliverable 2.6 which is publicly available here.