The article proposes the concept of DSS used in CS IO software tasks. The model of representation in the conceptual and functional aspect of the process of formation and application of the KB DSS is described for the circumstances associated with the identification of certain difficult-to-explain signs of anomalies and attacks, which allows to increase the understanding of the analyzed processes of cyber defense of the IO. The developed template and models make up the computational core of the DSS during the detection of intrusions, which may be characterized by weakly structured features at different stages.Based on the existing apparent contradiction between an increase in the level of cybernetic threats to the security of the OB and an increase in the intensity of external malicious influences with a simultaneous increase in CS requirements, an important scientific and technical task is to further develop existing and develop new methods and models for intelligent DSS in conditions of poorly structured data on signs and identified anomalies in the IO.