The document announces the IADIS International Conference on Intelligent Systems and Agents 2008, which was held in Amsterdam, The Netherlands from July 22-24, 2008. It includes the table of contents for the conference proceedings, listing papers presented on topics related to intelligent systems and agents. The proceedings contain full papers, short papers, and posters accepted from over 97 submissions from 26 countries on areas such as intelligent systems, agents, multi-agent systems, machine learning, and semantic technologies.
4. iii
PROCEEDINGS OF THE
IADIS INTERNATIONAL CONFERENCE
INTELLIGENT SYSTEMS AND
AGENTS 2008
part of the
IADIS MULTI CONFERENCE ON COMPUTER SCIENCE AND
INFORMATION SYSTEMS 2008
Amsterdam, The Netherlands
JULY 22 - 24, 2008
Organised by
IADIS
International Association for Development of the Information Society
5. iv
Copyright 2008
IADIS Press
All rights reserved
This work is subject to copyright. All rights are reserved, whether the whole or part of the material
is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other way, and storage in data banks.
Permission for use must always be obtained from IADIS Press. Please contact secretariat@iadis.org
Intelligent Systems and Agents Volume Editor:
António Palma dos Reis
Computer Science and Information Systems Series Editors:
Piet Kommers, Pedro Isaías and Nian-Shing Chen
Associate Editors: Luís Rodrigues and Patrícia Barbosa
ISBN: 978-972-8924-60-7
6. v
TABLE OF CONTENTS
FOREWORD ix
PROGRAM COMMITTEE xiii
KEYNOTE LECTURES xvii
FULL PAPERS
ANOMALIES DETECTION ON FIREWALLS USING THE MOBILE AGENTS
APPROACH
Fakher Ben Ftima, Kamel Karoui and Henda Ben Ghezala
3
USING HONEY-AGENTS FOR ESTABLISHING TRUST IN MOBILE-AGENTS
E-COMMERCE APPLICATIONS
Sandhya Armoogum and Nawaz Mohamudally
12
FRAMEWORK FOR DEFINING AND RUNNING INTEGRATION TESTS OF
MULTI AGENT SYSTEMS
Khaled Nagi
20
FRAMEWORK FOR AUTOMATED NEGOTIATION: PRELIMINARY REPORT
Fernando Lopes, A. Q. Novais and Helder Coelho
29
TOWARDS A DISTRIBUTED COGNITIVE VIEW OF THE AGENT-MEDIATED
SEMANTIC WEB
Amna Basharat and Gabriella Spinelli
37
A DECLARATIVE PROGRAMMING PARADIGM AND THE DEVELOPMENT OF
KNOWLEDGE MINING AGENTS
Nittaya Kerdprasop and Kittisak Kerdprasop
45
A NOVEL SEMANTIC APPROACH TO DOCUMENT COLLECTIONS
Andrea Addis, Manuela Angioni, Giuliano Armano, Roberto Demontis, Franco Tuveri and
Eloisa Vargiu
53
EFFICIENT QUERY PROCESSING OVER SEMANTIC CACHE
Munir Ahmad, Muhammad Abdul Qadir, Abdul Razaque and Muhammad Sana Ullah
61
VERT: AN AUTOMATIC SUMMARY EVALUATION SYSTEM
Paulo C F de Oliveira, Edson Wilson Torrens, Alexandre Cidral, Sidney Schossland and Evandro
Bittencourt
69
7. vi
A HYBRID ALGORITHM FOR THE FUZZY P-MEDIAN PROBLEM
J.M. Cadenas , J.V. Carrillo , M.C. Garrido, M.J. Canós , C. Ivorra and V. Liern
77
MODELING MULTIAGENT SYSTEMS USING COLORED PETRI NETS
Maryam Nooraee Abadeh and Kamran Zaminifar
85
ARARA: ARTIFACTS AND REQUIREMENTS AWARENESS REINFORCEMENT
AGENTS
Ester J. C. de Lima, José A. Rodrigues Nt., Geraldo B. Xexéo and Jano M. de Souza
92
OPEN HOLONIC MULTI-AGENT ARCHITECTURE FOR INTELLIGENT
TUTORING SYSTEM DEVELOPMENT
Egons Lavendelis and Janis Grundspenkis
100
RISKS IN AGENT-SUPPORTED STOCK MARKET TRADING DECISION MAKING
Shenghua Liu, Sacha Helfenstein and Pertti Saariluoma
109
FORMING TEAMS WITHIN WIKI
Andrew Burrow and Clemens Mayr
117
DISASTER EVACUATION SUPPORT SYSTEM FOR VISITORS
Yoshio Nakatani, Daisuke Watanabe and Mie Nakatani
127
OBJECT TRANSPORTATION WITH AN AGENT INSPIRED BY THE INNATE
AND ADAPTIVE IMMUNE RESPONSES
Fredy Fernando Munoz M., Luis Fernando Nino V. and Gerardo Quintana Lopez
135
THE EFFECT OF GENETIC OPERATIONS ON THE DIVERSITY OF EVOLVABLE
NEURAL NETWORKS
Hany Sallam, Carlo S. Regazzoni, Ihab Talkhan and Amir Atiya
143
AN AUTOMATIC METHOD TO ASSIGN LOCAL RISK
J.L. Castro, M. Navarro, J.M. Sánchez and J.M. Zurita
151
SHORT PAPERS
AGENT NEGOTIATION STRATEGY IN THE ELECTRONIC MARKETPLACE
Dorin Militaru
161
A MODEL FOR PERSONAL LEARNING AGENTS WITH AN INDUCTIVE
LEARNING AGENT-BASED SYSTEM
Hammoud Djamila, Sahnoun Zaidi, Kebache Ramzi and Benelmadani Billel
166
ASPECT-BASED MULTIAGENT SYSTEMS OBSERVATION FOR
PERFORMANCE EVALUATION
Faten Ben Hmida, Wided Lejouad Chaari, and Moncef Tagina
172
DEVELOPING OF AN INTELLIGENT SYSTEM FOR FUELS QUALITY CONTROL
AND MONITORING
Reinaldo de Jesus da Silva, Sofiane Labidi, Milson Silva Monteiro and Osevaldo da Silva Farias
177
8. vii
CELLULAR PETRI NETS
J.M. Maestre and E.F. Camacho
182
TOWARDS AUTONOMIC DEPLOYMENT DECISION MAKING
Rico Kusber, Sandra Haseloff and Klaus David
188
IMPLEMENTATION OF THE GENE EXPRESSION PROGRAMMING IN THE
GENERATION OF PROGRAM TO CALCULATE THE INTEREST RATE IN
UNIFORM PAYMENT SERIES
Evandro Bittencourt, Raul Landmann, Paulo César Oliveira, Sidney Schossland and Edson
Wilson Torrens
193
EVOLUTION OF ARTIFICIAL NEURAL NETWORKS FOR ROBOT CONTROL
USING SPECIATION AND COMPLEXITY MEASURES
Thomas Jorgensen and Barry Haynes
198
DESIGNING AN EXPERT SYSTEM OF LIVER DISORDERS BY USING NEURAL
NETWORK AND COMPARING IT WITH PARAMETRIC AND NONPARAMETRIC
SYSTEM
Mehdi Neshat , Mehdi Yaghobi and Mohammad Naghibi
202
REFLECTION PAPER
A HYBRID FRAMEWORK TOWARDS THE SOLUTION FOR PEOPLE WITH
DISABILITY EFFECTIVELY USING COMPUTER KEYBOARD
Karim Ouazzane, Jun Li and Marielle Brouwer
209
POSTERS
FUZZY LOGIC FOR FORMAL SPECIFICATIONS OF SYSTEMS
Victoria López and Javier Montero
215
AN APPROACH FROM COOPERATIVE GAMES TO THE ACCESSIBILITY IN
ORIENTED NETWORKS
Rafel Amer, Antonio Magaña and José Miguel Giménez
219
INTRODUCTION OF A COOPERATIVE GAME TO DEFINE A CONCEPT OF
WEIGHTED CONNECTIVITY ON THE NODES OF CONNECTED GRAPHS
Rafael Amer and José Miguel Giménez
222
9. viii
ENTERPRISE INFORMATION SYSTEMS ENGINEERING METHOD BASED ON
SEMANTIC MODELS OF MULTI-AGENT RESOURCE CONVERSION
PROCESSES AND SOFTWARE
Konstantin A. Aksyonov, Irina A. Spitsina, Evgeny A. Bykov and Natalia V. Goncharova
225
IMPLEMENTATION OF 2D OCCUPANCY MAP FOR EFFECTIVE PATH
PLANNING OF AN MOBILE ROBOT
Jung-hwan Ko and Jung-suk Lee
228
IMPLEMENTATION OF THE 3D ROBOT VISION SYSTEM THROUGH THE
CONVERGENCE CONTROL BASED ON THE OPTO-DIGITAL SCHEME
Jung-hwan Ko and Jung-suk Lee
231
R4P PROJECT, AN OPEN QUADRUPEDAL ROBOT
Luis I. Díaz del Dedo, Luis A. Pérez García, Fernando Berenguer and Nourdine Aliane
234
A FORMAL INTERPRETATION OF IMPLICIT MESSAGES IN AGENT
DIALOGUES
Fernando Ramos Quintana, Josefina Sámano Galindo and Víctor H. Zárate Silva
237
ARCHITECTURAL MODEL FOR MULTI-AGENTS SYSTEMS
González Moreno, Juan Carlos and Luis Vázquez López
241
DOCTORAL CONSORTIUM
COGNITIVE APPROACH TO THE DESIGN OF A USER-ADAPTIVE INTERFACE
FOR AN INTELLIGENT PRODUCT CONSULTING SYSTEM
Elena Minina
247
AUTHOR INDEX
10. ix
FOREWORD
These proceedings contain the papers of the IADIS International Conference on Intelligent
Systems and Agents 2008, which was organised by the International Association for
Development of the Information Society in Amsterdam, The Netherlands, July 22 – 24,
2008. This conference is part of the Multi Conference on Computer Science and
Information Systems 2008, 22 - 27 July 2008, which had a total of 1211 submissions.
The IADIS Intelligent Systems and Agents conference addresses in detail two main aspects:
intelligent systems and agents. The conference has the intention to provide a contribution to
academics and practitioners. So, both fundamental and applied research are considered
relevant.
Submissions were accepted under the following areas and topics:
Area 1 – Intelligent Systems
- Algorithms
- Artificial Intelligence
- Automation Systems and Control
- Bio Informatics
- Computational Intelligence
- Expert Systems
- Fuzzy Technologies and Systems
- Game and Decision Theories
- Intelligent Control Systems
- Intelligent Internet Systems
- Intelligent Software Systems
- Intelligent Systems
- Machine Learning
- Neural Networks
- Neurocomputers
- Optimization
- Parallel Computation
- Pattern Recognition
- Robotics and Autonomous Robots
- Signal Processing
- Systems Modelling
- Web Mining
Area 2 – Agents
- Adaptive Agent Systems
- Agent Applications
- Agent Communication
- Agent Development
11. x
- Agent middleware
- Agent Models and Architectures
- Agent Ontologies
- Agent Oriented Systems and Engineering
- Agent Programming, Languages and Environments
- Agent Systems
- Agent Technologies
- Agent Theories
- Agent Trends
- Agents Analysis and Design
- Agents and Learning
- Agents and Ubiquitous Computing
- Agents in Networks
- Agents Protocols and Standards
- Artificial Systems
- Computational Complexity
- eCommerce and Agents
- Embodied Agents
- Mobile Agents
- Multi-Agent Systems
- Negotiation Strategies
- Performance Issues
- Security, Privacy and Trust
- Semantic Grids
- Simulation
- Web Agents
The IADIS Intelligent Systems and Agents 2008 conference received 97 submissions from
more than 26 countries. Each submission has been anonymously reviewed by an average of
four independent reviewers, to ensure that accepted submissions were of a high standard.
Consequently only 19 full papers were approved which means an acceptance rate below 20
%. A few more papers were accepted as short papers, reflection papers and posters. An
extended version of the best papers will be published in the IADIS International Journal on
Computer Science and Information Systems (ISSN: 1646-3692) and also in other selected
journals.
Besides the presentation of full papers, short papers, reflection papers, doctoral papers and
posters, the conference also included two keynote presentations from internationally
distinguished researchers. We would therefore like to express our gratitude to Professor
James Hendler, Tetherless World Constellation Chair, Rensselaer Polytechnic Institute,
USA and Professor Lucia Rapanotti, Department of Computing, The Open University, UK
for accepting our invitation as keynote speakers.
As we all know, organising a conference requires the effort of many individuals. We would
like to thank all members of the Program Committee, for their hard work in reviewing and
selecting the papers that appear in the proceedings.
12. xi
This volume has taken shape as a result of the contributions from a number of individuals.
We are grateful to all authors who have submitted their papers to enrich the conference
proceedings. We wish to thank all members of the organizing committee, delegates,
invitees and guests whose contribution and involvement are crucial for the success of the
conference.
Last but not the least, we hope that everybody will have a good time in Amsterdam, and we
invite all participants for the next year edition of the IADIS International Conference on
Intelligent Systems and Agents 2009, that will be held in Algarve, Portugal.
António Palma dos Reis,
ISEG - Technical University of Lisbon,
Portugal
Intelligent Systems and Agents 2008 Conference Program Chair
Piet Kommers, University of Twente, The Netherlands
Pedro Isaías, Universidade Aberta (Portuguese Open University), Portugal
Nian-Shing Chen, National Sun Yat-sen University, Taiwan
MCCSIS 2008 General Conference Co-Chairs
Amsterdam, The Netherlands
July 2008
14. xiii
PROGRAM COMMITTEE
INTELLIGENT SYSTEMS AND AGENTS CONFERENCE
PROGRAM CHAIR
Antonio Palma dos Reis, ISEG - Technical University of Lisbon, Portugal
MCCSIS GENERAL CONFERENCE CO-CHAIRS
Piet Kommers, University of Twente, The Netherlands
Pedro Isaías, Universidade Aberta (Portuguese Open University), Portugal
Nian-Shing Chen, National Sun Yat-sen University, Taiwan
INTELLIGENT SYSTEMS AND AGENTS CONFERENCE COMMITTEE
MEMBERS
Adel M. Alimi, University of Sfax, Tunisia
Adina Magda Florea, University "Politehnica" of Bucharest, Romania
Adrian Perreau de Pinninck, Universitat Autonoma de Barcelona, Spain
Agris Nikitenko, Riga Technical University, Latvia
Alessandro Ricci, Università di Bologna in Cesena, Italy
Alfredo Cuzzocrea, University of Calabria, Italy
Alfredo Garro, Universita' della Calabria, Italy
Amar Balla, Institut National d'Informatique, Algeria
Amine Boumaza, LORIA, France
Andrea Addis, University of Cagliari, Italy
Andrea Giovannucci, Campus Universitat Autonoma de Barcelona, Spain
Angel García-Olaya, Universidad Carlos III de Madrid, Spain
Anton Bogdanovych, UTS, Australia
Anton Nijholt, University of Twente, The Netherlands
Baklouti Nesrine, University of Sfax, Tunisie
Behrouz Homayoun Far, University of Calgary, Canada
Boštjan Pajntar, Jožeph Stefan Institute, Slovenia
Clinton Woodward, Swinburne University of Technology, Australia
Costin Badica, University of Craiova, Romania
Dariusz Krol, Wroclaw University of Technology, Poland
David A. Pelta, University of Granada, Spain
15. xiv
Dickson K.W. Chiu, Computer Systems, Hong Kong
Dídac Busquets, Universitat de Girona, Spain
Djamel Bouchaffra, Grambling State University, USA
Djamila Ouelhadj, ASAP Research Group, UK
Eloisa Vargiu, DIEE - University of Cagliari, Italy
Esma Aimeur, University of Montréal, Canada
Ezendu Ariwa, London Metropolitan University, United Kingdom
Fariba Sadri, Imperial College London, UK
Federico Bergenti, Università degli Studi di Parma, Italy
Federico Castanedo Soltela, Universidad Carlos III de Madrid, Spain
Fernando Lyardet, Darmstadt University of Technology, Germany
Fernando Ramos, Tecnologico de Monterrey, México
Fikret Ercal, University of Missouri, USA
Francesco Amigoni, Politecnico di Milano, Italy
Germán Gutiérrez Sánchez, Universidad Carlos III de Madrid, Spain
Giovanni Semeraro, University of Bari, Italy
Giuliano Armano, University of Cagliari, Italy
Giuseppe Mangioni, Universita di Catania, Italy
Giuseppe Vizzari, University of Milano – Bicocca, Italy
Guillaume Muller, École d'Ingénieurs de Luminy, France
Hans Werner Guesgen, Massey University, New Zealand
Haralambos Mouratidis, University of East London, United Kingdom
Heinrich C. Mayr, Alpen-Adria-Universitaet Klagenfurt, Austria
Huiye Ma, Centrum voor Wiskunde en Informatica (CWI), The Netherlands
Ian Watson, The University of Auckland, New Zealand
Ilhem Kallel, University of Sfax, Tunisia
Jacek Unold, Wroclaw University of Economics, Poland
Jackeline Spinola de Freitas, Universidad Politécnica de Madrid, Spain
Jaime Ramírez, Universidad Politécnica de Madrid, Spain
James Montgomery, Swinburne University of Technology, Australia
Janis Grundspenkis, Riga Technical University, Latvia
Jaume Bacardit, University of Nottingham, UK
Javier Carbó Rubiera, Univ. Carlos III de Madrid, Spain
Jesualdo Tomás Fernández Breis, University of Murcia, Spain
Jesús García Herrero, Universidad Carlos III de Madrid, Spain
Jim Cunningham, Imperial College, UK
Jordi Sabater-Mir, IIIA-CSIC, Spain
Jorge A. Ramírez-Uresti, ITESM-CEM, Mexico
Jørgen Villadsen, Technical University of Denmark, Denmark
José Antonio Iglesias, University of Carlos III, Spain
José Carlos Cortizo Pérez, Universidad Europea de Madrid, Spain
José Manuel Molina López, Universidad Carlos III de Madrid, Spain
16. xv
Juan A. Rodríguez-Aguilar, Universitat Atuònoma de Barcelona, Spain
Juan Manuel Serrano, Universidad Rey Juan Carlos, Spain
Julius Stuller, Academy of Sciences of the Czech Republic, Czech Republic
Krysia Broda, Imperial College, UK
Lars Nolle, Nottingham Trend University, UK
Laura Naismith, McGill University, Canada
Laurent Vercouter, Ecole des Mines de Saint-Etienne, France
Laurentiu Vasiliu, DERI, National University of Ireland, Ireland
Leonardo Garrido, Tecnologico de Monterrey, México
Longbing Cao, Univ of Technology, Sydney, Australia
Luis Martí, University Carlos III of Madrid, Spain
Mª Araceli Sanchis de Miguel, Universidad Carlos III de Madrid, Spain
Maite López Sánchez, University of Barcelona, Spain
Manuel Atencia Arcas, Universitat Autonoma de Barcelona, Spain
Marc Esteva, University of Technology, Sydney, Australia
Maria Bielikova, Slovak University of Technology, Slovakia
María de los Angeles Constantino, Tecnologico de Monterrey, México
Maria Salamó Llorente, University of Barcelona, Spain
Mario Gomez, University of Aberdeen, UK
Marko Grobelnik, Josef Stefan Institute, Slovenia
Matjaz Gams, Jozef Stefan Institute, Slovenia
Mengjie Zhang, Victoria University of Wellington, New Zealand
Michelangelo Ceci, Università degli Studi di Bari, Italy
Miguel Angel Patricio, Universidad Carlos III de Madrid, Spain
Mirjana Ivanovic, University of Novi Sad, Serbia
Monique Calisti, Whitestein Technologies AG, Switzerland
Nicola Gatti, Politecnico di Milano, Italy
Nizar Rokbani, REGIM, Tunisia
P.K. Mahanti, University of New Brunswick, Canada
Paolo Petta, Austrian Research Institute for Artificial Intelligence, Austria
Patrick Wong, Open University, United Kingdom
Pilar Herrero, Universidad Politécnica de Madrid, Spain
Rainer Hilscher, New Vectors LLC, USA
Ramon F. Brena Pinero, Tecnológico de Monterrey, Mexico
Raúl Arrabales Moreno, Universidad Carlos III de Madrid, Spain
Raymond Chiong, Swinburne University of Technology, Malaysia
Razvan Andonie, Central Washington University, USA
Ricardo Imbert, l Universidad Politécnica de Madrid, Spain
Roland Kaschek, Massey University, New Zealand
Roman Neruda, Academy of Sciences of the Czech Republic, Czech Republic
Shenshneg Zhao, Governors State University, USA
Stuart Chalmers, University of Aberdeen, UK
17. xvi
Sven Brueckner, New Vectors, LLC, USA
Sviatoslav Braynov, University of Illinois, USA
Tarek M. Hamdani, University of Sfax, Tunisia
Thierry Moyaux, University of Liverpool, UK
Thomas Bolander, Technical University of Denmark, Denmark
Tibor Bosse, Vrije Universiteit Amsterdam, Netherlands
Tjeerd olde Scheper, Oxford Brookes University, United Kingdom
Tomas Klos, Delft University of Technology, The Netherlands
Tony Hirst, The Open University, United Kingdom
Vincent Thomas, LORIA, France
Viorel Negru, West University of Timisoara, Romania
Walt Truszkowski, NASA, USA
William Song, Durham University, UK
Yubin Yang, Nanjing University, China
Zoran Budimac, University of Novi Sad, Serbia
18. xvii
KEYNOTE LECTURES
WHERE ARE ALL THE AGENTS?
James Hendler
Tetherless World Constellation Chair
Rensselaer Polytechnic Institute, USA
ABSTRACT
In the late 1990s, many of us believed we were at a time where the large-scale deployment of agent-
based computing was right around the corner. The key obstacles to the wider deployment of agent-
based systems were identified early on as a need for interoperability and intercommunication.
Today, however, we have Web Service standards, supported by the largest software development
and support companies, which provide for many of the interoperability needs we identified.
We also have the Semantic Web seeing wide deployment and support from some of the larger data
providing companies. Open source toolkits and tens of thousands of ontologies in OWL are now
available to make domain engineering easier. We have many large Web providers that make access
to their systems available through some sort of service interface or in easily programmable ways, so
access to service providers abounds. Technologies transitioning from research to industry also
include data access for Semantic Web resources, rule- based Web languages, and even expressive
logics for the high end KR needs of some applications. However, looking at what is hot on the Web,
in IT development, and in VC circles, I find myself shaking my head and wondering, "Where are all
the agents?"
PROBLEM ORIENTED ENGINEERING
Dr. Lucia Rapanotti
Department of Computing, The Open University, UK,
ABSTRACT
Problem Oriented Engineering (POE) is a formal system for engineering design. It views
engineering design as a problem solving process where knowledge exploration and design steps are
intertwined with validation, allowing for iteration between problem and solution spaces. Its
Gentzen-style formulation is meant as a system for 'natural' design, rather than mathematical
proof, to serve the needs of engineering. It also allows for an elegant encoding in Prolog, leading to
a powerful computational engine.
In this keynote lecture, I will introduce the basic elements of POE, and its engineering and logic
foundation, as well as provide an overview of POE current application and development.
22. ANOMALIES DETECTION ON FIREWALLS USING THE
MOBILE AGENTS APPROACH
Fakher Ben Ftima, Kamel Karoui, Henda Ben Ghezala
RIADI, ENSI, University of Manouba,
Tunisia
ABSTRACT
Firewalls are core elements in network security. However, detecting anomalies, particularly in distributed firewalls has
become a complex task. Mobile agents promise an interesting approach for communications between different distributed
systems. In this work, we propose a firewall anomalies’ detection system using the mobile agents approach and highlight
the trumps of this approach compared to the client/server model.
KEYWORDS
Mobile Agents, Firewalls, Anomalies detection, Client/Server
1. INTRODUCTION
Due to the increasing threat of network attacks, firewalls have become important elements not only in
enterprise networks but also in small-size and home networks. Firewalls have been the frontier defense for
secure networks against attacks and unauthorized traffic by filtering out unwanted network traffic
coming to or going out of the secured network [Bellovin94]. The filtering decision is based on a set of ordered
filtering rules defined according to predefined security policy requirements [Benelbahri07]. In spite of their
security aspect, firewalls suffer from incoherence problems in their functioning (blocking) owing to the
various rules which define them. This problem causes a set of anomalies between the rules of a firewall
(intra-firewall anomalies) or between various rules in several firewalls (inter-firewall anomalies) [Cobb97].
The idea is to use the trumps of the Mobile Agents (MA) paradigm to facilitate the anomalies detection on a
firewall or between firewalls. This paper is organized as follows:section 2 introduces a background on
firewalls and MA technologies. Section 3 presents firstly the advantages of the integration of MA on
firewalls, then explain the proposed model functioning. Section 4 studies an example of distributed firewalls
detection anomalies’ implemented with the MA approach. Section 5 evaluates our approach by comparing it
to the client/server model and section 6 concludes and recommends future trends.
2. BACKGROUND
2.1 Firewalls
A firewall is a network element that controls the crossing of packets through the boundaries of a secured
network based on a specific security policy. A firewall security policy is a list of ordered filtering rules
defining the actions performed on packets that satisfy specific conditions [Chapman00]. A rule is composed of
set of filtering fields (also called network fields) such as order, protocol type , source IP address (s_ip),
destination IP address (d_ip), source port (s_port) and destination port (d_port), as well as an action
field. The filtering fields of a rule represent the possible values of the corresponding fields in actual
network traffic that matches this rule. Each network field could be a single value or range of values.
Filtering actions are either to accept, which permits the packet into or out of the secure network, or to
deny, which blockes the packet [Chewsick95].
IADIS International Conference Intelligent Systems and Agents 2008
3
24. b-Correlation anomaly: Two rules are correlated if they have different filtering actions, and the first rule
matches some packets that match the second rule and the second rule matches some packets that match the
first rule. Formally, rule Rx and rule Ry have a correlation anomaly if:
[action]R[action]R,RR yxyCx ≠ℜ . Rule 1 is in correlation with Rule 3 in Figure1
c-Generalization anomaly: A rule is a generalization of a preceding rule if they have different actions,
and if the first rule can match all the packets that match the second rule. Formally, rule Ry is a
generalization of rule Rx if:
[action]R[action]R,RR[order],R[order]R yxyIMxyx ≠ℜ<
Rule 2 is a generalization of Rule1 in Figure1.
d-Redundancy anomaly: A redundant rule performs the same action on the same packets as another
rule such that if the redundant rule is removed, the security policy will not be affected. Formally, rule Ry is
redundant to rule Rx if:
[action]R[action]R,RR[order],R[order]R yxyEMxyx =ℜ<
[action]R[action]R,RR[order],R[order]R yxyIMxyx =ℜ<
Referring to Figure1, Rule 7 is redundant to Rule 6
e-Irrelevance anomaly: A filtering rule in a firewall is irrelevant if this rule cannot match any traffic
that might flow through this firewall. This exists when both the source address and the destination address
fields of the rule do not match any domain that is reachable through this firewall. Formally, rule Rx in
firewall Fwi is irrelevant if:
{ }[dst]Rto[src]Rfrompathaonnodeaisn:nFw xxi ∉
Referring to Figure 1, Rule 8 is irrelevant because the traffic that goes between the source
(140.192.38.*) and the destination (161.120.35.*) doesn’t pass through this firewall.
2.1.3 Inter-Firewall Anomaly
In general, an inter-firewall anomaly may exist if any two firewalls on a network path take different
filtering actions on the same traffic [Ioannidis00]. We suppose a traffic stream flowing from sub-domain Dx
to sub-domain Dy across multiple cascaded firewalls installed on the network path between the two
sub-domains. At any point on this path in the direction of flow, a preceding firewall is called an
upstream firewall whereas a following firewall is called a downstream firewall [Hari00].
Using the above network model, we can say that for any traffic flowing from sub-domain Dx to
sub-domain Dy an anomaly exists if one of the following conditions holds:
1) The most-downstream firewall accepts a traffic that is blocked by any of the upstream firewalls.
2) The most-upstream firewall permits a traffic that is blocked by any of the downstream firewalls.
3) A downstream firewall denies a traffic that is already blocked by the most-upstream firewall.
We assume that the network traffic is flowing from domain Dx to domain Dy, rule Rx belongs to
the policy of the most-upstream firewall Fwx , while rule Ry belongs to the policy of the most-
downstream firewall Fwy. We classify anomalies in multi-firewall environments as follows (detailed
examples are given in section 4) [Lupu97]:
a-Shadowing Anomaly: A shadowing anomaly occurs if an upstream firewall blocks the network traffic
accepted by a downstream firewall. Formally, rule Ry is shadowed by rule Rx if one of the following
conditions holds:
accept[action]R,deny[action]R,RR yxxEMy ==ℜ
accept[action]R,deny[action]R,RR yxxIMy ==ℜ
accept[action]R,deny[action]R,RR yxyIMx ==ℜ
accept[action]R,accept[action]R,RR yxyIMx ==ℜ
b-Spuriousness Anomaly: A spuriousness anomaly occurs if an upstream firewall permits the network
traffic denied by a downstream firewall. Formally, rule Rx allows spurious traffic to rule Ry if one of the
following conditions holds:
deny[action]R,accept[action]R,RR yxyEMx ==ℜ
IADIS International Conference Intelligent Systems and Agents 2008
5
26. • Dynamic adaptation: As the number of firewalls in the network increases, MA can be cloned and
dispatched to these new computing elements; MA adapt their behavior according to network’s topology and
traffic characteristics.
• Robustness and fault tolerance: MA are able to react to multiple situations, especially faulty ones. This
ability ensures the efficient functioning of distributed firewalls even if the system is faulty.
3.2 Principle of Functioning
Based on the advantages presented on section 3.1, we will present the architecture of our system: The
administrator sends a MA to the first firewall (1). The MA encapsulates the set of rules founded on this latter
and migrates to the next firewall (2). It correlates the list of rules (3) and passes to the next firewall. It repeats
the same processes (steps (2) and (3)) until finishing a complete tour of the system (see figure 2). In our
solution, the administrator has the possibility to detect anomalies on a particular firewall (intra-firewall) or on
the entire network (inter-firewalls); the MA returns result when anomaly is detected on the specific firewall
(4) or at the end of the complete tour (5).
Figure 2. Anomalies detection system with the MA approach
4. CASE STUDY
Based on the approach presented in section 3, we will present an experimental case study. We have
implemented a ring network composed of an administrator machine and three firewalls Fw1, Fw2 and Fw3.
These machines are equipped of Core 2 Duo processor with 1,6 MHZ frequency and 1GB of RAM. We used
the platform BeeGent [Toshiba01] to implement the MA approach and the firewalls IPTABLES [Russell99] for
firewalls rules description. We implemented our system under Linux FEDORA6 operating system (see figure
3).
4.1 Experimental Results
4.1.1 Intra-firewalls Anomalies Detection Results
To detect anomalies on a specific firewall, the MA moves to a particular firewall, with a formal description
of the anomalies. It takes the firewall rules one by one and compare them to the anomalies description (see
section 2.1.2). In our example, we suppose that our MA moves to Fw2 to detect eventual anomalies. The
detection results returned by the MA are the following (see figure 3):
Generalization anomalies: (Rule 7 is a generalization of Rule 6), (Rule 8, Rule1), (Rule 8, Rule 2), (Rule 8,
Rule 3), (Rule 8, Rule 5), (Rule 8, Rule 7), (Rule 5, Rule 4)
Redundancy anomalies: (Rule 1 is redundant to Rule 3)
Rules Fw1
Fw2
Fw4
Admin
(5)
(2)
(3)
(4)
(1)
Network
Rules
Rules
Fw3
Rules
IADIS International Conference Intelligent Systems and Agents 2008
7
28. 5.1 Bandwidth Use
5.1.1 The client/server Model
In our system, according to the client/server process (figure 5), each firewall, has several rules to be
analyzed. To detect anomalies, the administrator requests every firewall, rule by rule; in our case, we have 9
requests on Fw1, )89( × correlation requests on Fw2 and )99( × correlation requests on Fw3. We note that there
are 162)99()89(9 =×+×+ requests exchanged between the firewalls and the administrator machine. In a
general case, with (n) firewalls to be analyzed, we have ∑
=
+×
n
i
ixN
2
)1( requests exchanged with the
administrator machine where N is the number of rules on Fw1 and xi is the number of rules on Fwi; it
constitutes a very important load for the whole network traffic especially if the number of firewalls is
important.
5.1.2 The MA Model
According to the MA process (figure 4), the administrator sends a MA that visits all firewalls to detect
anomalies. At the end of its complete tour, the MA returns results to the administrator. In our example, we
note that the MA moves 4 times between firewalls and the administrator machine. In a general case, with (n)
firewalls to be analyzed, we have (n+1) moves between firewalls and the administrator machine; it
constitutes a very important gain for the whole network traffic especially if the number of firewalls is
important.
5.1.3 Interpretations
With the MA approach, the total number of moves between firewalls on the network is lower than that with
the client/server requests. This gain will reduce the global bandwidth use.
5.2 Execution Time:
We define the execution time by [Longman95]:
Execution time=treatment time+ latency time
Latency time = transmission time + propagation time
The transmission time represents the necessary time to transmit data on network. It is defined by:
ratebit
messagetheofsize
ion timetransmissThe =
The propagation time is the necessary time to transfer data from the transmitter to the receiver. It is
defined by:
speednpropagatio
distance
n timepropagatioThe =
In our example, the links dij connecting all machines (i=1, j=2, 3 or 4) are equal to (5m) and the
propagation speed is equal to ( s/m102 8
× ) for all firewalls. Also, we suppose that the links joining all
firewalls have the same bit rate (10 Mbits/s).
5.2.1 The client/server Model
The global requests' treatment time which includes; interactions with Fw1, correlations of rules of Fw2 and
correlations of rules of Fw3 is estimated to 5(s). The administrator sends many requests to firewalls across the
links dij.The request size is equal to 1(kbits).The global requests size to Fw1, Fw2 and Fw3 are respectively
Q12 = 9 (kbits); Q13 =8 (kbits) and Q14 = 9 (kbits).The responses size from these latter are respectively A12 =9
(kbits), A13 = 24 (kbits) and A14 = 33 (kbits).
IADIS International Conference Intelligent Systems and Agents 2008
9
30. REFERENCES
[Al-Shaer04] Al-Shaer, E. Hamed, H.,2004. Discovery of policy anomalies in distributed firewalls. Sch. of Comput. Sci.,
Telecommun. & Inf. Syst.2004 DePaul Univ., Chicago, IL, USA.
[Bellovin94] Bellovin, M. and Chewsick, R.,1994.Network firewalls. IEEE Communications Magazine, pages 50-57.
[Bellovin99] Bellovin, M.,1999.Distributed Firewalls.Special Issue on Security, ISSN 1044-6397.
[Benelbahri07] Benelbahri, A. and Bouhoula, A.2007.Tuple Based Approach for Anomalies Detection within Firewall
Filtering Rules. IEEE Symposium on Computers and Communications. ISCC 2007. 12th Volume , Issue , 1-4
Page(s):63 – 70.
[Chapman00] Chapman, D. and Zwicky, E.,2000. Building Internet Firewalls, Second Edition, Orielly & Associates Inc.
[Chewsick95] Chewsick, W. and Belovin, S.,1995. Firewalls and Internet Security, Addison- Wesley.
[Cobb97] Cobb, S.,1997.ICSA Firewall Policy Guide v2.0. NCSA Security White Paper Series.
[Eronen01] Eronen, P. and Zitting, J.,2001.An Expert System for Analyzing Firewall Rules. Proceedings of 6th
Nordic
Workshop on Secure IT-Systems (NordSec 2001).
[Guttman98] Guttman, R. et al., 1998. Agent-mediated electronic commerce: a survey. Knowlrdge Engineering Review.
13(2):143-147.
[Hari00] Hari, B. et al.2000.Detecting and Resolving Packet Filter Conflicts. Proceedings of IEEE INFOCOM’00.
[Ioannidis00] Ioannidis, S. et al.,2000.Implementing a Distributed Firewall. Proceedings of 7th ACM Conference on
Computer and Comminications Security (CCS’00).
[Jansen99] Jansen, W et al.,1999. Applying mobile agents to intrusion detection and response. Technical report, NIST
Interim Report - 6416.
[Karoui05] Karoui, K.,2005. MA Overview, published in Encyclopedia of Multimedia Technology and Networking , Idea
Group.
[Karoui07a] Karoui, K. and B.Ftima, F., 2007.Interaction Mobile Agents – Web Services. Encyclopedia of Multimedia
Technology and Networking, IGI global.
[Karoui07b] Karoui, K. and B.Ftima, F., 2007. Effectiveness of Web Services-Mobile Agents Approach in E-commerce
System. Encyclopedia of Information Science and Technology, IGI global.
[Lange99] Lange, D. and Oshima, M.,1999. Seven Good Reasons for Mobile Agents - Dispatch your agents; shut off
your machine. Communications of the ACM Issue.
[Longman95] Longman, A and Halsall, F., 1995. Data Communications Computer Networks and Open System, , ISBN:0-
201-42293-X ,.Publishing Co., Inc. Redwood City, CA, USA.
[Lupu97] Lupu, E. and Sloman, M.,1997.Conflict Analysis for Management Policies. Proceedings of IFIP/IEEE
International Symposium on Integrated Network Management (IM’1997).
[Russell99] Russell, R.,1999. Linux iptables HOWTO, v0.0.2.
[Toshiba01] Toshiba Corporation,. 2001.Beegent Multi-Agent Framework.
[Wack02] Wack, J. et al,.2002. Guidelines on Firewalls and Firewall Policy. NIST Recommendations, SP 800-41.
IADIS International Conference Intelligent Systems and Agents 2008
11
32. tampering or spying is detected during interaction with a honey-agent, the honey-agent can inform the server
that maintains records on a server’s trustworthiness thereby implementing social control. This approach can
provide an effective stop-gap measure as it discourages servers to behave badly in order to maintain a good
reputation. However, this approach does not eliminate the problem of malicious servers nor is it successful in
detecting all malicious activities of a malevolent agent server.
The next section briefly describes the mobile-agent system model and the threats posed by malicious
agent servers to mobile-agents. Existing techniques for mobile-agent security are presented in section 3.
Section 4 describes the concept of social control. Section 5 and 6 describes the trust evaluation architecture
and how Honey-agents are deployed for evaluating the trustworthiness of the agent servers. Finally, we
conclude and present future works.
2. MOBILE-AGENT SYSTEM MODEL AND MALICIOUS HOST
PROBLEM
Mobile-agents are capable of continued, autonomous operation disconnected from the owner and they
migrate to other hosts during their lifetime to perform their task. The use of mobile-agents saves bandwidth
and permits off-line and autonomous execution in comparison to usual distributed systems based on message
passing as shown in Figure 1 below. Essentially, a mobile-agent consists of code, data and state information
needed to carry some computation.
Figure 1. Client-Server model versus Mobile-Agent computing model
Several models exist for describing agent systems (Fuggetta, 1998), (FIPA, 1998), (OMG, 1997). For
discussing security related issues though, it suffices to consider a very simple model consisting of the mobile-
agent and the agent platform provided by the agent server as described in (Jansen, Karygianinis, 2000). The
agent platform provides the necessary computational environment for the mobile-agent to operate. The
platform from which a mobile-agent originates is referred to as the home platform, and normally is the most
trusted environment for a mobile-agent. A simple mobile-agent system model is as depicted in Figure 2.
As can be observed from Figure 1 and 2, mobile agents hop from agent server to agent server and execute
locally on the destination agent platform. The agent servers have complete control on the executing mobile-
agents and thus many attacks may be performed by malicious servers on the mobile-agent. The malicious
server can modify the code, data, and/or state information being carried by the mobile-agent. Likewise the
malicious server can inspect the code of the mobile-agent to learn about the decision making strategy of the
agent. Again the malicious server may inspect the confidential data such as credit card details or signing key
being carried by the mobile-agent. Thus, the protection of mobile-agents from malevolent agent servers is as
important as the protection of the host from malicious mobile-agents. Ideally, it is required that the mobile
agent be equipped with security features that enables it to execute in an untrusted environment autonomously
(i.e. without interactions with its originating site) and without the untrusted host being able to read and
modify the mobile-agent’s code and data.
Client
Client
API Server
Agent
Platform
Server
(a) Client Server Model: Information
exchanged between client and server
(b) Mobile-agent Computing Model:
Mobile-agent travels to server (agent
platform) and locally interacts with server
IADIS International Conference Intelligent Systems and Agents 2008
13
34. against tampering and eavesdropping. But unfortunately, it is not practical and feasible for all servers to be
equipped with a trusted hardware. A further step towards protecting a mobile-agent against malicious hosts is
to make eavesdropping and tampering difficult or expensive. Code obfuscation, for example, tries to make
the mobile-agent’s program illegible, the data hidden and thus difficult to understand and manipulate. (Hohl,
1998) proposes to generate an executable mobile-agent from a given agent specification such that the
generated agent cannot be attacked by read or modify attacks i.e. mobile-agent is a blackbox using code
obfuscation techniques. However, code obfuscation only provides time limited protection because given
enough time, the code can be analysed. In (Sander, Tschudin, 1998) the use of mobile cryptography whereby
encrypted programs – mobile-agent program can be converted into a ciphered-program such that it can
execute on the untrusted host while remaining in the encrypted form - is proposed as the only way to give
privacy and integrity to mobile code (and data). However, mobile cryptography is expensive as it is difficult
to implement. The proposed scheme intends to complement the existing schemes for protecting agents by
adding social control mechanisms as described next.
4. SOCIAL CONTROL MECHANISMS
Introduced in sociology as early as the end of the 19th
century, the concept of social control originally
denoted the capacity of a group or society to regulate itself and to secure coherency and unity in social life
(Martingale, 1978). Social control in this sense, relates to how social action is coordinated toward a chosen or
an emergent social order. Modern theories of social control focus on the strategies and techniques that help
regulate mobile-agent and agent server behaviour, and lead to conformity and compliance with the rules of
society (at both the macro and micro levels). The main elements used in the enforcement of social
commitments are: (1) sanctions, which are considered in their general sense of incentives, and (2)
philosophies of punishment, which result in punishment strategies determining the type of sanction (and its
magnitude) to be applied, and explains how sanctions are assigned to social commitments (Pasquier et al,
2006). For our purpose, we believe that social sanctions are applied. Trust, credibility and reputation are
social values that could be affected by social sanctions. As pointed out in (Posner, Rasmusen, 1999), social
sanctions are usually the effects of some implicit informational disclosure where the violator’s action
conveys information about him that he would rather not have others know. For example, the fact that an
agent server inspects the code of a mobile-agent to learn about its decision making strategy might be taken
into account by other mobile-agents when evaluating his reputation and the trust they put in him. Social
control mechanisms to enforce social commitments are designed according to a philosophy of punishment.
Unless there is an international infrastructure to legally deal with wrongdoers, deterrence is the only
punishment policy that can be applied. Deterrence is a utilitarian principle stating that the aim of sanctions is
to prevent future violation. Applied to the enforcement of social commitment in mobile-agent based e-
commerce, it means that using severe sanctions with a high prohibitive effect tends to transform social
commitments into strict obligations.
5. TRUST EVALUATION ARCHITECTURE
We propose the use of a trust evaluation architecture which: (1) uses honey-agents to evaluate the
trustworthiness of agent servers; (2) provide information to mobile-agents about trustworthiness of agents
servers (social sanction); (3) prevents or mitigate subsequent damage caused by interacting with malicious
servers; and (4) allows mobile-agents interaction not to be restricted only on few trusted servers. The
architecture is as shown in Figure 3.
IADIS International Conference Intelligent Systems and Agents 2008
15
36. find product details and price for a specific product with the aim of choosing the best option to its owner. It
may further negotiate for better price but is not allowed to purchase products. Once, a product is chosen from
the server, the mobile-agent informs its owner, such that the owner starts a dialogue with the server for
purchase. We implement a simple decision making strategy of the honey-agent as shown in Figure 4. Our
aim is to identify those agent servers which inspect the agent code to find the decision-making logic of the e-
commerce agents on how acquisitions are made.
Figure 4. Decision making algorithm of honey-agent
To be able to successfully identify the malicious server, the honey-agent is programmed to be a single
hop mobile-agent i.e. it moves from the evaluator to one agent server and back again. It does not hop from
server to server as then it may be difficult to determine the malicious server in the itinerary of the mobile-
agent. However, it may be argued that such honey-agents can be easily detected by the malicious agent server
as it has been sent by the evaluator. However, this may not be the case as often mobile agents sent to do
product brokering are anonymous as users like to maintain their anonymity unless they effectively have to
reveal it. Picturing a global electronic commerce framework, users prefer to make queries about prices and
assets anonymously and only reveal their identities at the places where they actually make the acquisitions
(Marques et al, 1999). An anonymous agent is simply one that has not authenticated with the platform though
it may authenticate the platform as is the case with honey-agents. When an agent is unauthenticated, its
functionality on the platform is restrained to read-only certain designated data, write to a blackboard, perform
simple computations, or leave. This is often enough for the agent to find information about required products.
Moreover, the receiving server would know that the last platform visited by the agent is the evaluator server,
but this is not a give-away of the honey-agents as it is typical for mobile-agent, in this scenario, to visit the
evaluator to learn about the trustworthiness of the agent server before moving to a particular agent server.
Similarly, it is plausible that the mobile-agent after execution on an agent server moves back to the evaluator
before moving to its next agent server.
To detect code inspection and consequently cheating by the server, several such Honey-agents can be sent
to the targeted server but with different threshold price for the same product. It would be possible to observe
some pattern in the proposed price by the server. For, instance we would be able to detect if the mobile-agent
after inspection of code is proposing prices higher than its normal rate because, it knows from inspection that
the mobile-agent is highly likely to accept such a price. This shows the intent of the agent server to cheat on
its offers by selling cheaper product for higher value. Figure 5 shows how the behaviour of a few agent
servers vary. We assume that the server does not implement offer and demand law as then the more the
demand, the higher the price are but rather the servers use fixed selling prices. As can be seen from Figure 5,
the server may not cheat every time. Thus, the evaluator may not be able to always detect trustworthiness
effectively everytime and more honey-agents interaction may be required to determine trustworthiness. In
case, more complex e-commerce strategies are used, then properly constructed games can be used to obtain
important insights to evaluate trustworthiness.
7. CONCLUSION
We have seen that the proposed mechanism uses the same concepts as honeypots in the context of e-
commerce for detecting attacks on mobile-agents by malicious agent servers. Once an attack is detected, the
social sanction is that the information pertaining to the attack is published such that other mobile-agents are
able to evaluate the trustworthiness of the agent servers. This also acts as a deterrent to other servers.
However, the proposed scheme has two primary disadvantages. The first is that trust of an agent server is
only evaluated during its interaction with the honey-agent. Assuming that a malicious server is always
malicious then the interaction with the honey-agent would be a good indication of the trustworthiness of the
if proposedprice <= thresholdprice
select server for purchase
else
reject server
end if
IADIS International Conference Intelligent Systems and Agents 2008
17
38. REFERENCES
Bennet S. Yee, 1997. A Sanctuary for Mobile Agents. Technical Report CS97-537, University of California in San
Diego, April 28, 1997.
Giacomo Cabri, Letizia Leonardi, Franco Zambonelli, 1998. How to Coordinate Internet Applications based on Mobile
Agents. Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises,
pp. 104 - 109
O. Esparza. Miguel Soriano. Jose L. Muñoz. Jordi Forné. 2003. A protocol for detecting malicious hosts based on
limiting the execution time of mobile agents. Proceedings of the Eighth IEEE International Symposium on
Computers and Communication (ISCC’03). pp. 251
W.Farmer, J.Guttman, and V.Swarup. 1996. Security for Mobile Agents: Authentication and State Appraisal.
Proceedings of the Fourth European Symposium on Research in Computer Security. pp 118 – 130.
FIPA Specification, part 1, version 2.0, Agent Management. Foundation for Intelligent Physical Agents, October 1998.
Fuggetta A., G.P. Picco, and G. Vigna. 1998. Understanding Code Mobility. IEEE Transactions on Software
Engineering, 24(5).
Xudong Guan, Yiling Yang, Jinyuan You. 2000. POM – A mobile agent security model against malicious hosts.
Proceedings of the fourth international conference on high performance computing in asia-pacific region. pp. 1165-
1166 vol.2.
Fritz Hohl. 2000. A Framework to Protect Mobile Agents by Using Reference States. Proceedings of the 20th
International Conference on Distributed Computing Systems ( ICDCS 2000), p.410.
Fritz Hohl. 1999. A Protocol to Detect Malicious Hosts Attacks by Using Reference States. Technical Report Nr. 09/99.
Faculty of Informatics, University of Stuttgart, Germany. http://www.informatik.uni-stuttgart.de/cgi-bin/
Wayne Jansen, Tom Karygiannis, 2000. NIST Special Publication 800-19 Mobile Agent Security (2000), pp. 2-8.
Hohl Fritz. 1998. Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts. Giovanni Vigna
(Ed.): Mobile Agents and Security, pp. 92-113. Springer-Verlag
G. Karjoth, N. Asokan, and C. Gülcü. 1998. Protecting the Computation Results of Free-roaming Agents. Proceedings of
Second International Workshop on Mobile Agents (MA' 98), Stuttgart, Germany. Lecture Notes In Computer
Science; Vol. 1477. pp. 195 - 207
Maes P., R. Guttman, and A. Moukas, 1999. Agents that Buy and Sell. Communications of the ACM, vol. 42, pp. 81-91.
P.Pasquier, R.Flores, B.Chaib-draa. 2006. An ontology of Social Control Tools. Proceedings of AAMAS06, Japan
R.A. Posner and E.B. Rasmusen. 1999. Creating and Enforcing norms, with special reference to sanctions. International
Review of Law and Economics. 19(3), 369-382.
Paulo Jorge Marques, Luis Moura Silva, Joao Gabriel Silva, 1999. Security mechanism for using mobile agents in
electronic commerce. Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems. pp. 378
D.Martingale. 1978. Social Control for the 1980s: A Handbook for Order in a Democratic Society. Chapter: The Theory
of Social Control, pages 46 – 58. Wesport. CT Greenwood Press
Minsky, Y.; van Renesse, R.; Schneider, F.; Stoller, S. 1996. Cryptographic support for fault-tolerant distributed
computing. Proceedings of the Seventh ACM SIGOPS European Workshop, pp. 109-114
Object Management Group (OMG) Technical Committee (TC). 1997. Mobile Agent System Interoperability Facilities
Specification. Document orbos/97-10-05.
Jong-Youl Park, Dong-Ik Lee and Hyung-Hyo Lee. 2001. Data Protection in Mobile Agents; one-time key based
approach. Proceedings of the Fifth International Symposium on Autonomous Decentralized Systems (ISADS01), pp.
411 - 418
Tomas Sander, Christian F. Tschudin. 1998. Protecting Mobile Agents Against Malicious Hosts. In G. Vigna (ed.),
Mobile Agent Security, Springer-Verlag. Lecture Notes in Computer Science. No. 1419
L. Spitzner. 2002. Honeypots: Tracking Hackers, Addison-Wesley.
Giovanni Vigna. 1997. Protecting mobile agents through tracing. Proceedings of the Third ECOOP Workshop on Mobile
Object Systems, Jyv¨askyl¨a Finnland,
Giovanni Vigna. 1998. Cryptographic traces for mobile agents. In: G.Vigna (Ed): Mobile Agents and Security, volume
1419 of LNCS. Springer-Verlag, pp. 137-153
IADIS International Conference Intelligent Systems and Agents 2008
19
40. 2. BACKGROUND
2.1 Overview of Testing
During the software life cycle of monolithic systems, usually three main models are generated: requirements
model, design model, and implementation model. These models have to be validated in order to ensure high
quality software. In Figure 1, the process of the minimal validation within software engineering is illustrated
(Thaller 2002). The testing of the models is performed in opposite direction of their building. In the first step,
the implementation is tested by unit test during the coding. The purpose of unit testing is to identify errors
within the algorithms on the level of individual classes. Tests are case-based, i.e., the test program creates
defined sequences of input patterns and evaluates whether the output meets the pre-defined requirements.
With a proper architectural framework, e.g., Spring framework in Java (Walls & Breidenbach, 2007), it is
possible to isolate each class, and test it outside the application container. If the implementation model
appears to be correct, modules are integrated and their composite behavior is tested. Integration tests are
scenario-based, i.e., the test program implements a complete sequence of events and simulates user
interactions and the outputs and the internal states of the system are evaluated along the execution of the
scenario. Usually, a test outside the container is not possible here. After completion of these tests the
software is supposed to satisfy the specification of the design model. However, there may be inconsistencies
between the design model and the requirements model. These are identified in the acceptance tests, which are
the final stage of testing (Thaller 2002). They are sometimes also called run-time monitoring. Run-time
monitoring is a procedure to analyze the behavior of a system in run-time. They often serve in performance
tuning and acceptance tests concerning the key performance indices.
Figure 1. Minimal validation in software engineering
Other formal methods of testing knowledge engineering and mission critical subsystems include static
analysis, model checking, and theorem proving (Menzies & Pecheur 2004). Static analysis concentrates on
the structures within the source code without execution of the system. Model checking is to verify a property
of a system by exploring all of the systems reachable states. Theorem proving is used for formal verification
of software systems. Here, a mathematical model of a computer program is generated to determine whether it
satisfies desired properties.
2.2 Overview of MAS Testing Frameworks
Since March 2004, JADE comes with its own test suite (Cortese, et al. 2005). The JADE test suite permits to
create tests that can be executed in a uniform and automatic way. It is mainly used by the JADE team to test
JADE itself. Users are encouraged to use the suite to test JADE-based agent systems. However, it seems that
the tool is best suited for testing the system infrastructure and related services rather the logic of the agents
themselves. Passi (Care, et al. 2004) provides a simple testing framework which lets developers build a test
suite. It is built on top of JADE and is based on a two-level model. At the first level, the agent is treated as an
atomic entity. The second level is the specific agent tasks. However, Passi does not support testing at the
agent society level.
In (Rouff 2002), a test agent is introduced which is inserted into a community of agents to examine each
of the agents as well as the community as whole. The test agent can send or receive specific messages, handle
IADIS International Conference Intelligent Systems and Agents 2008
21
42. run. In Figure 3, the event is triggered if event1 ends successfully and event2 ends with a failure or after
120 seconds from starting the test.
Figure 3. A sample test script in XML format
With each event, there can be one or more actions –marked by the tags <action> - that are carried on
when the event is triggered. An action can be carried out once or more. This is determined by the tag
<Frequency> which determines the number of runs and the time interval between them. There four types
of actions: platform actions, agent actions, world model actions and assertions.
Platform actions, such as CreatePlatform and CreateAgentContainer are JADE specific
operations. Currently, we support most of the operations mentioned in the JADE administrator guide
(Bellifemine, et al. 2007). The necessary parameters are passed over to these actions using the optional
<Parameters> tag. Agent actions, such as CreateAgent and CreateAgentGroup, are responsible
for creating, suspending or destroying agents in the JADE platform. Almost all actions have their *Group
counterpart that allow the same action on a set of agents. The range of their agent identifiers are declared in
the <Parameters> tag. World model actions manipulate non agent objects in the system. This way, the
test script is capable of indirectly stimulating the agents to engage in the desired interaction. The action
declares a Java class, a method to invoke and a set of parameters to pass in the <ActionDescription>
tag. The assertions are encapsulated in a method of a java class; which is also described in the
<ActionDescription> tag. As short hand, some of the standard state queries in JADE are encoded in
special action types; such as AMSQuery which invokes a standard AMS state query to the hosting platform.
The parameters needed for such queries are declared in the optional <Parameters> tag. The results of
these queries are also passed to the Java class declared in the <ActionDescription> tag.
3.2 The Test Execution Engine
The test execution engine consists of an event, condition, action (ECA) processing engine. A simple
dispatcher implements a partial order serialized invocation of actions. The standard topological sort algorithm
is slightly modified in order to incorporate temporal conditions (such as start after 100 ms). Time is simply
IADIS International Conference Intelligent Systems and Agents 2008
23
44. 4. VALIDATION
In order to validate our proposed framework, we implement three simple multi agent applications and use the
framework to define and perform integration tests. In the first scenario, we test the macro behavior of a large
group of agents. We make assertion on both the world model and the internal states of the agents. The second
scenario consists of only two agents. Its purpose is to assert on their internal state after a longer set of
interactions which implies testing the micro behavior of the system. In the third scenario, we assert on the
state of the MAS platform.
4.1 Testing the Macro Behavior: The Ant Colony
In this multi agent application scenario, the standard ant colony is implemented. Each ant is an agent. Agents
have a home zone and they search for food to bring in back home as illustrated in Figure 6a. If an agent has
no clue where to find food, it just performs a random walk in equal probably to move to front (Pf), to the
right (Pr), to the back (Pb), or to the left (Pl) as illustrated in Figure 6b. However, if it finds food, it deploys a
pheromone, which is a hormone that can be smelled by other ants. The strength of the pheromone decreases
with time till it vanishes. If there are pheromones in the neighborhood of an agent, its probability to move (Pf,
Pr, Pb, Pl) is changed to be proportional to the density of the pheromone in the corresponding direction. To
find the way back home, the ants produce another type of pheromone whose strength is inversely
proportional to the distance they walk away from home. Again, the strength of this pheromone decreases with
time until it vanishes. The ants should be able to transport food back home even if an obstacle is placed
between them as illustrated in Figure 6c.
Figure 6. (a) Ant colony looking for food. (b) Probabilistic model for ant movement (c) Placing an obstacle between
home and food
A typical Agent unit test would be to take one ant, distribute pheromones around it and assert that on
average, the ant moves in the right direction. If the pheromone is implemented as an agent too, a valid test for
this agent would to assert that the strength of the pheromone decreases with time. Having done these tests
however does need assert that the ants will find food and bring it home. An integration test is needed. We use
our framework to create the MAS platform, deploy 100 ants, and assert that after a certain setup time, the
quantity of the food is decreasing which requires an assertion on the world model. Another valid assertion on
the state of the agents is to assert that the majority if the agents are around the imaginary line connecting
home with food. Then, the scenario introduces an obstacle between home and food, and then asserts that food
is still decreasing after waiting for a certain time needed by the agents to readapt. On a later phase, the run-
time monitoring tests aim at fine tuning the probabilities Pf, Pr, Pb, Pl and the rate of decay of pheromone to
get the food transported as fast and efficient as possible to home.
Figure 7 illustrates the test script file used in our validation case. Lines 2-10 start the JADE platform. The
optional parameters cover all startup parameters of JADE and lines 11-14 start one agent container. The
event Start Agent Group (line 15-20) creates 100 agents all from the same base class AntAgent.
They all have the same prefix ant_ and they are numbered from 0 to 99. The class getAgentLocation
(lines 21-34) asserts that the majority of the ants are on the right track. The measurement repeated 10 times
with 10 seconds between each measurement, while the class getFoodLevel (lines 35-46) checks that the
IADIS International Conference Intelligent Systems and Agents 2008
25
46. Figure 8. The test script for the betting agents’ scenario.
4.3 Testing the State of the Platform: The Mobile Agent
In this scenario, there is only one mobile agent that hops between four agent containers according to a
transition probability matrix. The steady state distribution of the presence of the agent on each of the
containers can be mathematically calculated easily.
The unit test is to test a single agent transition from one container to the other. The assertion is one by
querying the AMS on the location of the agent before and after the transition. An integration test as defined
and executed using our framework is to test that the average stay in the agent in one container is almost equal
to the corresponding mathematical value. The run-time monitoring is interested in measuring the number of
bytes that are sent through the transportation layer, the latency during the migration, etc.
Figure 9 illustrates the test script file used in our validation case. Lines 2-32 create the platform, the four
containers and the hopping agent. Lines 33-45 periodically query the AMS to find out the location of the
agent and ensure that the average stay in each location is almost the same as the mathematical steady state
value.
Figure 9. The test script for the mobile agent’s scenario
IADIS International Conference Intelligent Systems and Agents 2008
27