13
Intelligent mobile agents in large distributed autonomous cooperative systems Johnny S.K. Wong a, * , Armin R. Mikler b,1 a Department of Computer Science, Iowa State University, Ames, Iowa 50011, USA b Department of Computer Sciences, University of North Texas, Denton, TX 76203, USA Abstract A large distributed autonomous cooperative system is a system that provides fundamental services for integrating high-level services in a large distributed system with local autonomy for individual system platforms and processes. This paper discusses the role and the functions of Intelligent Mobile Agents (IMAs) in large distributed autonomous cooperative systems. Rather than providing services to a user at the application level, IMAs considered in this paper are deemed an integral part of system level software and perform tasks that are considered central to the distributed system. A variety of solutions to problems that are inherent to the distributed nature of the computing infrastructure may be implemented through a system of IMAs. These problems include, but are by no means limited to, load balancing, scheduling, information retrieval and management, distributed decision support, routing and flow control, security and intrusion detection. In this paper we discuss some of characteristics of IMA based systems central to solving some of these problems. The eectiveness of IMAs in large distributed systems clearly depends on the design and implementation of the underlying IMA architecture. This paper discusses the features that must be provided by the IMA infra- structure in support of IMAs that are an integral part of the large distributed autonomous cooperative system. Ó 1999 Elsevier Science Inc. All rights reserved. 1. Introduction We view a decentralized autonomous cooperative system (DACS) as a collection of independent comput- ing resources, which cooperate to provide fundamental functionality for integrating high-level services upon which a distributed system can be built (Chow and Johnson, 1997). The system is decentralized in that there is not one dedicated entity, which can coordinate the cooperative eort to provide this functionality. Auton- omy comes from the fact that the system represents an open computing environment in which participating hosts make autonomous decisions about actions neces- sary to perform the required functions. In order to co- ordinate their eorts, individual hosts must be able to acquire information about the state of the system and communicate actions and decisions among each other. This, however, represents a non-trivial task, particularly if the system is composed of hundreds or even thousands of loosely coupled hosts, distributed over a large geo- graphic region. The eectiveness of coordination and the soundness of individual decisions in the global context are a function of the precision and the uncertainty of infor- mation upon which these decisions are based. Due to the fact, that knowledge acquisition takes a finite amount of time and the message delay in a large decentralized in- frastructure is non-negligible, the views of the system, as established by the participating hosts, are often incom- plete and incoherent. In addition, there are generally limitations on the availability of resources that can be extended to the acquisition and representation of a global state view. In general, we would expect the indi- vidual entities in the decentralized infrastructure to display some type of rational behavior. Rational be- havior, defined informally, is the ability to choose the most preferable from a set of available. In terms of utility-functions, an entity will select an action in the attempt to maximize the expected utility (Luce and Raia, 1985). The meaning of utility or preferences in the context of a decentralized autonomous cooperative system has not been defined and is not at all obvious. In fact, we have to recognize that the constituent sub-sys- tems of the DACS, such as the underlying communi- cation network, are themselves a DACS with their own concept of preference. The Journal of Systems and Software 47 (1999) 75–87 www.elsevier.com/locate/jss * Corresponding author. E-mail: [email protected] 1 E-mail: [email protected] 0164-1212/99/$ – see front matter Ó 1999 Elsevier Science Inc. All rights reserved. PII: S 0 1 6 4 - 1 2 1 2 ( 9 9 ) 0 0 0 2 7 - 8

Intelligent mobile agents in large distributed autonomous

  • Upload
    buianh

  • View
    214

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Intelligent mobile agents in large distributed autonomous

Intelligent mobile agents in large distributed autonomouscooperative systems

Johnny S.K. Wong a,*, Armin R. Mikler b,1

a Department of Computer Science, Iowa State University, Ames, Iowa 50011, USAb Department of Computer Sciences, University of North Texas, Denton, TX 76203, USA

Abstract

A large distributed autonomous cooperative system is a system that provides fundamental services for integrating high-level

services in a large distributed system with local autonomy for individual system platforms and processes. This paper discusses the

role and the functions of Intelligent Mobile Agents (IMAs) in large distributed autonomous cooperative systems. Rather than

providing services to a user at the application level, IMAs considered in this paper are deemed an integral part of system level

software and perform tasks that are considered central to the distributed system. A variety of solutions to problems that are inherent

to the distributed nature of the computing infrastructure may be implemented through a system of IMAs. These problems include,

but are by no means limited to, load balancing, scheduling, information retrieval and management, distributed decision support,

routing and ¯ow control, security and intrusion detection. In this paper we discuss some of characteristics of IMA based systems

central to solving some of these problems. The e�ectiveness of IMAs in large distributed systems clearly depends on the design and

implementation of the underlying IMA architecture. This paper discusses the features that must be provided by the IMA infra-

structure in support of IMAs that are an integral part of the large distributed autonomous cooperative system. Ó 1999 Elsevier

Science Inc. All rights reserved.

1. Introduction

We view a decentralized autonomous cooperativesystem (DACS) as a collection of independent comput-ing resources, which cooperate to provide fundamentalfunctionality for integrating high-level services uponwhich a distributed system can be built (Chow andJohnson, 1997). The system is decentralized in that thereis not one dedicated entity, which can coordinate thecooperative e�ort to provide this functionality. Auton-omy comes from the fact that the system represents anopen computing environment in which participatinghosts make autonomous decisions about actions neces-sary to perform the required functions. In order to co-ordinate their e�orts, individual hosts must be able toacquire information about the state of the system andcommunicate actions and decisions among each other.This, however, represents a non-trivial task, particularlyif the system is composed of hundreds or even thousandsof loosely coupled hosts, distributed over a large geo-graphic region.

The e�ectiveness of coordination and the soundnessof individual decisions in the global context are afunction of the precision and the uncertainty of infor-mation upon which these decisions are based. Due to thefact, that knowledge acquisition takes a ®nite amount oftime and the message delay in a large decentralized in-frastructure is non-negligible, the views of the system, asestablished by the participating hosts, are often incom-plete and incoherent. In addition, there are generallylimitations on the availability of resources that can beextended to the acquisition and representation of aglobal state view. In general, we would expect the indi-vidual entities in the decentralized infrastructure todisplay some type of rational behavior. Rational be-havior, de®ned informally, is the ability to choose themost preferable from a set of available. In terms ofutility-functions, an entity will select an action in theattempt to maximize the expected utility (Luce andRai�a, 1985). The meaning of utility or preferences inthe context of a decentralized autonomous cooperativesystem has not been de®ned and is not at all obvious. Infact, we have to recognize that the constituent sub-sys-tems of the DACS, such as the underlying communi-cation network, are themselves a DACS with their ownconcept of preference.

The Journal of Systems and Software 47 (1999) 75±87www.elsevier.com/locate/jss

* Corresponding author. E-mail: [email protected] E-mail: [email protected]

0164-1212/99/$ ± see front matter Ó 1999 Elsevier Science Inc. All rights reserved.

PII: S 0 1 6 4 - 1 2 1 2 ( 9 9 ) 0 0 0 2 7 - 8

Page 2: Intelligent mobile agents in large distributed autonomous

Clearly, a DACS may display rational behavior at anumber of di�erent and not necessarily consistent tiers.At the user level, users may expect the system to per-form, so as to optimize the current application. At thesystems level, we may expect the system to attempt tooptimize performance over all the applications that arecurrently active. In addition, the DACS must be able tooptimize system-level activities for it to provide basicfunctionality and to attempt optimality. It will be nec-essary to tradeo� among the preferences of the indi-vidual tiers in order to make the system cooperative atmultiple levels. An example of such tradeo� is thenecessity to delay or reduce application-oriented com-putation in order to optimize throughput at the com-munication level. In general, the participating entities inthe DACS must be able to categorize and rank-order allpossible actions based on information about the globalstate of the system. The emerging decisions will gener-ally have multiple objectives.

Knowledge Acquisition (KA) and Knowledge Rep-resentation (KR), associated with the computation of aglobal view of the state of the system are directly im-pacted by the magnitude and complexity of the DACS.New KA and KR mechanisms are needed that are ca-pable of discriminating among knowledge sources in thesystem so as to generate a su�ciently precise view of thesystem. Resource monitoring, performance monitoring,resource discovery, and system load management areexamples of tasks that generally rely on the performanceof the underlying KA and KR mechanisms.

Distributed system research over the last two decadeshas resulted in a variety of innovative mechanisms,which enable distributed hosts to cooperate in forming acommon, ubiquitous computing platform. While thealgorithms and tools developed in recent years supportthe realization of distributed systems, they generally arenot designed to easily adapt to an ever changing com-puting infrastructure with often unpredictable dynam-ics. Also, these mechanisms are not suitable for ad-hoccollaborative environments, as the availability ofmechanisms is usually a precursor for becoming a par-ticipant in the distributed computing infrastructure.However, as the computing infrastructures grow it isdi�cult to take various goals and preferences of thesubsystems into consideration. In most cases, there doesnot exist a single optimal strategy, which yields optimaldecisions for all the subsystems. For reasons mentionedabove, hosts generally do not have access to global stateinformation and it is often impossible or impractical tocompute a consistent preference structure among thehosts. This warrants the reevaluation of the existingmechanisms in distributed computing in the context oflarge decentralized autonomous systems. In addition toscalable KA and KR implementation, new mechanismsfor the coordination of actions and the cooperationamong the constituent computing resources are needed.

Recent research emphasis on mobile code in the formof intelligent mobile agents (Bradshaw, 1997) and activenetworks (Tennenhouse and Wetherall, 1996), o�ersnew exciting possibilities for developing solutions thatscale well for a variety of Decentralized AutonomousCooperative Systems. The merging of the two researchareas is deemed to yield new mechanisms for buildingvery large, robust distributed systems. Hence, we shouldrevisit the various research areas in distributed com-puting system and reexamine existing solutions todetermine whether they can be improved through IMA-based mechanisms (Smith, 1998).

2. Software agents and their execution environment

In general, an agent is a computer program (thread)that acts autonomously on behalf of a person or orga-nization. Agents can be stationary (executes only on thesystem where it began execution) or mobile (can move toa remote system for execution). When an agent travels,it transports its state and code with it. In this context,the agent state can be either its execution state, or theagent attribute values that help it determine what to dowhen it resumes execution at its destination. An agent'sexecution state is its runtime state, including its programcounter and frame stacks (Bradshaw, 1997; OMG,1998).

An agent's authority identi®es the person or organi-zation on whose behalf the agent acts. Constituent sys-tem components must be able to authenticate thisauthority. Agents require names so that they can beidenti®ed in management operations, and can be locatedvia a directory service. Agents are named by their au-thority and identity. An agent's identity is a uniquevalue within the scope of the authority that identi®es aparticular agent instance.

The location of an agent is the address of a place. Aplace resides within an agent system. Therefore, anagent location should contain the network address (forexample, IP address and port number) of the agentsystem where the agent resides and a place name. Anagent system is a platform that can create, interpret,execute, transfer and terminate agents. Like an agent, itis associated with an authority that identi®es the personor organization on whose behalf the agent system acts.A host can contain one or more agent systems. An agentsystem can contain one or more places and a place cancontain one or more agents. An agent system type de-scribes the capability of an agent. For example, if theagent system type is Aglet, the agent system is imple-mented by IBM, supports Java as the Agent Language,uses Itinerary for travel, and uses Java Archive Formatfor its serialization. All communication between agentsystems goes through the Communication Infrastructure(CI).

76 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 3: Intelligent mobile agents in large distributed autonomous

When an agent transfers from one system to another,it travels between execution environments called places.A place is a context within an agent system in which anagent can execute. This context can provide functionssuch as access control, for example. The source placeand the destination place can reside on the same agentsystem, or on di�erent agent systems that support thesame agent pro®le.

A region is a set of agent systems that have the sameauthority, but are not necessarily of the same agentsystem type. The concept of region allows more thanone agent system to represent the same person or or-ganization. Regions allow scalability because we candistribute the load across multiple agent systems. Mul-tiple regions can be interconnected via one or morenetworks. They may or may not share a Directory Ser-vice, this depends on the agreement between regionauthorities and the implementation of these regions. Anon-agent system can also communicate with the agentsystems within any region as long as it has the autho-rization to do so. A region can contain one or moreagent systems. The systems outside of a region mayaccess the region via the agent systems that are exposedto the outside world, similar to a ®rewall con®guration.These agent systems are called region access points.

Agents, Software Agents, Intelligent Mobile Agents(IMA), and Softbots are terms, which describe theconcept of mobile computing or mobile code (Brad-shaw, 1997). Mobile code is orthogonal to the well-known Remote Procedure Call (RPC), in that theprogram is migrating to the data, rather than the databeing transferred to the executing program. Over thelast decade, the AI community has put forth e�orts tode®ne the characteristics of software agents in generaland IMA in particular. One can dichotomize IMA ac-cording to four characteristics, namely, intelligence,cooperative behavior, autonomy, and mobility (Ro-thermel and Baumann, 1997). While most computerscientists would agree that these characteristics are in-trinsic to an IMA, there is little consensus on how and towhat degree the IMA will manifest each of them. Wede®ne the characteristics of an IMA as follows:· Intelligence: It is the ability to adapt to circumstances

brought upon by the dynamics of the system. This ad-aptation may be limited to each individual agent orencompass the entire agent system. Examples ofadaptive behavior are changes in agent's itinerariesas a function of resource dynamics and variation insize of the agent population as a function of systemdynamics.

· Cooperative behavior: It describes the ability to shareknowledge among agents and/or negotiate a commonstrategy that yields actions that lead to an overall ac-ceptable performance (Rosenschein and Zlotkin,1994). Systems composed of multiple agents are gen-erally referred to as `Multi-Agent Systems'.

· Autonomy: It allows agents to execute without the in-terference of users. An agent displays autonomousbehavior if it is able to complete an assigned taskby appropriately choosing from a set of possiblestrategies.

· Mobility: It describes an agent's ability to transfer be-tween di�erent hosts. We need to distinguish twotypes of mobility: remote execution and migration.For remote execution, an agent transfers to a remotesite and executes until task completion. A migratingagent may utilize a number of hosts for the comple-tion of the task, that is, the agent may suspend its ex-ecution, move to a di�erent host, and resumeexecution there.Although the particular manifestation of these char-

acteristics in speci®c applications may di�er, we believethat the above de®nitions are general enough to classifythe agent's functional modules.

Most software agents that have been developed inrecent years perform on behalf of the user. Examples ofsuch agents are e-mail agents, ®lter agents, and searchagents. These agents usually require interaction with theuser. In contrast, the proposed program emphasizes theexperimental design, implementation, and analysis ofIMAs as an integral part of the DACS. These agentsimplement system functions and will execute withoutexplicit user control. For these agents, autonomy isclearly an important characteristic. Instead of executingon behalf of a user, the IMAs for a DACS are consid-ered system agents, which execute on behalf or in sup-port of the system itself. In general, the IMA approachis deemed appropriate for problems that require a sys-tem to autonomously ful®ll a variety of tasks in a dy-namic, unpredictable environment (Maes, 1994).

The tremendous increase in research activities thatfocus on agents-based mechanisms is indicative of theversatility of the concept at large. Di�erent scienti®ccommunities are investigating a large variety of issuesthat are related to agents (Baumann, 1995). While theAI community extends research e�orts towards theprinciples of agent behavior, agent cooperation, andmulti-agent systems, current systems research empha-sizes on the design and the deployment of agents tomeet speci®c functional goals (Schelen and Pink, 1997).Most notably, recent research e�ort in the area of ac-tive networks (Tennenhouse and Wetherall, 1996) isindicative for the trend to deploy mobile agents therebyenabling system components to perform functions thatotherwise cannot be provided. With the emergence ofactive networks, applications (and users) will be able toinstall customized code in network nodes, thereby bi-asing basic network function for certain classes oftra�c. In the context of this paper, this customizedcode may be viewed as a mobile agent. The idea ofdeploying mobile agents in telecommunication systemswas introduced in the mid 1990s and led to a research

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 77

Page 4: Intelligent mobile agents in large distributed autonomous

area generally referred to as intelligent networks (IN)(Magendanz et al., 1996). In this context, however,mobile agents have been used as a catalyst for pro-viding intelligent network services, very similar to theconcept of enabling routers in active networks to exe-cute user/application speci®c code. The next generationof mobile agent research in the ®eld of communicationaimed at the deployment of mobile code in support ofnetwork management. This triggered the design andimplementation of new service architectures that pro-vide the necessary mechanisms to accommodate mobileagents (Krause, 1997; Magendanz et al., 1996). In theresearch domain of computer networking, agents havebeen designed to interact with existing network proto-cols, such as RSVP and SNMP, for the purpose ofnetwork resource reservation and management. Intelli-gent agents form the basis for the development of newmechanisms that enable the network to maintain therequested quality of service (QOS) (Schelen and Pink,1998).

The signi®cance of agents, mobile or stationary, beingable to adapt to the often unpredictable dynamics of theenvironment has been investigated (Mikler et al., 1996).The use of utility-theoretic heuristics for message rout-ing in large grid networks prone to failure, has resultedin a framework for designing and analyzing routing al-gorithms in general, and their knowledge acquisitionand knowledge representation mechanisms in particular.One of the major results of this work was the design andimplementation of routing heuristics, which weighed thesigni®cance of network state information as a functionof distance, thereby reducing the overhead that is asso-ciated with the knowledge acquisition process.

Recently, a number of research projects have emergedaiming at the design and implementation of systemoriented agents. As systems increase in size and com-plexity, more control is delegated to the system itself. Inthe network domain, the ever-increasing heterogeneityof large communication networks has triggered the de-ployment of agents to provide uniform capabilities. Anexample of this approach is the research work on TunnelAgents (de Meer et al., 1998). This work has focused onthe use of tunnel agents to provide end-to-end quality ofservice guarantees across a heterogeneous network in-frastructure, even though some of the intermediatenetworks do not provide the support of the RSVP res-ervation protocol.

The use of intelligent mobile agents in the context ofresource discovery is another area of research, whichencompasses a number of di�erent types of systems. Inlarge communication systems, for instance, agents areused to discover the topology of the underlying networkinfrastructure (Minar et al., 1998). The performance of asingle agent represents the baseline, against which theperformance of collaborative agents of di�erent types iscompared. This work clearly depicts the advantages of

agent cooperation in solving system-related tasks, suchas resource discovery.

In large decentralized systems, agent collaborationhas been exploited for the distributed allocation andsharing of resources. Challenger is a multi-agent systemthat is capable of managing a large set of distributedresources (Chavez et al., 1997). Agents individuallymanage single resources and cooperate with each otherto allow for global resource sharing, thereby increasingthe system utilization. The reported research results arepromising, and suggest that the deployment of cooper-ating agents in a large DACS for resource allocation andsharing is a promising and very feasible approach.

A system of intelligent agents using collaborative in-formation and mobile agent technologies (Bradshaw,1997; Nwana, 1996) is being developed to implement aprototype intrusion detection system (Crosbie andSpa�ord, 1995). The goals of the system design are to(Helmer et al., 1998):· learn to detect intrusions on hosts and via networks

using individual agents targeted at particular subsys-tems;

· use agent technologies to intelligently process auditdata at the sources by using mobile agents;

· have agents collaborate to share information on sus-picious events and determine when to be more vigi-lant or more relaxed;

· apply data mining techniques to the heterogeneousdata and knowledge sources to identify and react tocoordinated attacks on multiple subsystems.A notable feature of the intrusion detection system

based on data mining is the support it o�ers for gath-ering and operating on data and knowledge sourcesfrom the entire observed system. The system couldidentify sources of concerted or multi-stage attacks,initiate countermeasures in response to the attack, andprovide supporting documentation for system adminis-trators that would help in procedural or legal actiontaken against the attacker.

An example of an attack involving more than onesubsystem would be a combined NFS and rlogin attack.In the ®rst step, an attacker would determine an NFS®le handle for an .rhosts ®le or /etc/hosts.equiv (as-suming the appropriate ®le systems are exported by theUNIX system) (van Doorn, 1994). Using the NFS ®lehandle, the attacker would re-write the ®le to givehimself login privileges to the attacked host. Then, usingrlogin from the formerly untrusted host, the attackerwould be able to login to an account on the attackedhost, since the attacked host now mistakenly trusts theattacker. At this point, the attacker may be able tofurther compromise the system. The intrusion detectionsystem based on data mining would be able to correlatethese attacks, help identify the origin of the attack, andsupport system management in responding to the at-tack.

78 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 5: Intelligent mobile agents in large distributed autonomous

There are many other on-going research and devel-opment e�orts based on software agents. In what fol-lows, we will be discussing several issues related to thedesign and implementation of an IMA-based DACS.These issues include requirements for a system levelagent framework, agent-based knowledge acquisition,resource monitoring, inter-agent communication, andsecurity.

3. Towards IMA-based DACS

Intelligent autonomous multi-agent systems representa new programming paradigm for designing, analyzingand implementing complex and sophisticated softwaresystems. Agent-based systems have been claimed as `thenext signi®cant break-through in software development'(Sargent, 1998), `the new software revolution in soft-ware' (Jenning and Wooldridge, 1998), and `anotheremerging concept in the evolution of modern operatingsystems' (Chow and Johnson, 1997). The key abstrac-tion used in this new software paradigm is the concept ofan agent, as de®ned previously.

At this moment, there are two major obstacles for thewidespread use of the multi-agent technology, namely,the lack of a systematic design methodology to specifythe multi-agent system for software systems and the lackof available industrial-strength multi-agent toolkits(Jenning et al., 1998). Furthermore, intelligent mobileagents are not the silver bullet that result in unprece-dented improvements in the performance of softwaresystems. As Wooldridge and Jennings (1998) pointedout, it would be na�õve to assume that the bene®ts ofagent technology are implicit. As a matter of fact, it canbe shown that whether or not agent-based solutionconstitute an improvement over conventional ap-proaches depends (among other things) on the type ofproblem to be solved, the topology of the distributedcomputing environment, and the availability of com-putational resources. As mentioned above, most agent-based systems are de®ned and implemented at the ap-plication level. This constitutes an abstraction, whichallows the environment to be modeled to the agent'sability. For agent-based service integration at the systemlevel, the agents and their respective execution envi-ronment must be modeled to the parameters of thecommunication and computing infrastructure. That is, ifthe network of agent daemons is implemented as ap-plication on top of the operating system layer andphysical network, it is easy to disregard certain systemconstraints. If, however, agents are to execute as an in-tegral part of the operating system itself, the agent in-terfaces must be implemented at the system level. Hence,the topological properties and computational charac-teristics of constituent hosts, routers, and gateways willa�ect the performance of the agent-based system.

As mentioned above, thus far, most agent-basedsystems have been developed at the application level. Inthese systems, the details of the operating system as wellas the properties of the underlying communication in-frastructure are transparent to the user and the agentsthat act on their behalf. It is not the agent runtime en-vironment that provides this transparency but a specialabstraction layer, often referred to as Middleware. Withthis abstraction, individual agents and in fact, the entireagent execution environment can be de®ned on top of avariety of very powerful services (rather than singlefunctions). With the use of these services, one can con-struct an arbitrary computational infrastructure inwhich the relationship between constituent nodes is de-termined by functionality rather than topological andsystem related properties. At this level, it is irrelevantwhether two communicating entities reside on the samehost, or are half a world apart, separated by a complexconglomeration of interconnected networks. For thedesign of a distributed system at this level, the ability tocommunicate among processes on di�erent nodesthrough inter-process-communication (IPC) is assumed(Lynch, 1996). The topological properties are built intothe distributed system through constraining the abilityof processes (or nodes) to communicate. In fact, thecomputational model may be drastically di�erent fromthe physical computing and communication infrastruc-ture, as depicted in Fig. 1. Clearly, the mapping fromthe physical infrastructure to the computational modelcan e�ect the attainable system performance. An agent-based software system, implemented at the level of thecomputational model, will have to work with the ab-stract constraints, and speci®c quality of service levelswill have to be negotiated across the abstraction layers.

3.1. The need for agent system interoperability

While strictly delineated DACS will generally bebased on a single agent implementation, very large in-frastructures, and ad-hoc systems in particular may bebased upon di�erent implementations of agent systems.

Fig. 1. Computational model embedded in a physical network.

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 79

Page 6: Intelligent mobile agents in large distributed autonomous

Hence, an important goal in mobile agent technology isinteroperability between various agent systems. Whenthe source and destination agent systems are similar,standardization of these actions can result in interop-erability. However, when the two agent systems aredramatically di�erent, only minimal interoperability canbe achieved.

The following is a common scenario that wouldbene®t from standardization of mobile agent actions.Suppose that AgentX (from Agent System A) wants tocommunicate with AgentY (from Agent System B). IfAgent System A and Agent System B support the sameagent pro®le, the ability to inter-operate is implicit.AgentX can request a transfer to Agent System B, ob-tain whatever information is required, and return to itsoriginal agent system.

However, if Agent System A and Agent System Bsupport di�erent agent pro®les, there are two ways forthe agents to communicate. In one of the two cases localcommunication is possible, in the other case it is not.

Case 1: Agent can take advantage of locality. In thisscenario, a new agent system is added (Agent System C).Agent System A and Agent System C supports the sameagent pro®le, and Agent System C is local (same host/network) to AgentY. AgentX discovers this fact via acall to Agent System B, then requests a transfer to AgentSystem C. Once AgentX travels to Agent System C, itcan communicate locally with AgentY via IPC, get theinformation it needs, then return to Agent System A.

Case 2: Agent cannot take advantage of locality. Inthis scenario, AgentX cannot ®nd an agent system localto Agent System B that supports the same agent pro®leas Agent System A. It therefore remains on HostA, andcommunicates with AgentY across the network viaRPC. Although it does not have the advantage of lo-cality, communication can still occur.

There are several areas of mobile agent technologythat the mobile agent community should consider forearly standardization in order to promote interopera-bility including: agent management, agent transfer,agent and agent system names, agent system types, andlocation syntax.

4. Agent movement and itineraries

The e�ects of topological properties on the perfor-mance of the agent system are best illustrated through anumber of experiments in which agents assimilateproperties of the system they are executing in. Theseresults are based on those experiments used to evaluatethe performance of agents in a network-mapping task(Minar et al., 1998). While the original experimentsaimed at the evaluation of di�erent types of agents, weemphasize on the e�ects of the underlying topology onthe agents' ability to discover the parameters of the

system infrastructure. The fact that we have chosen thenetwork-mapping task as one example of a class ofknowledge acquisition problems is secondary. In fact, itshould be noted that the discovery of system propertiesand the representation of the knowledge that was ac-quired in this process represent fundamental applica-tions for intelligent mobile agents.

Our experiments are based on the simulation ofagents in an arbitrary network topology modeled by adigraph G� (V, E). As an agent traverses the graph,either by random walk or conscientious movement, itacquires information about the topology of G. Uponvisiting a vertex vi, an agent assimilates knowledge of theexistence of all edges eij, selects the next vertex on thetour, and makes the transition. Other parameters, suchas available bandwidth, current ¯ow, or fault informa-tion may be collected in a more practical scenario. Un-der the assumption that all agents can move betweenvertices in unit time, the increase of topological know-ledge in each agent over time is recorded. The fact thatan agent has acquired additional topological informa-tion is represented as a change of uncertainty, i.e., theratio of an agent's knowledge to the total topologicalinformation (in the number of edges eij in G). The graphG used in our experiments consists of the two fullyconnected sub-graphs G1 and G2, which are connectedby a single edge e12 to form G (see Fig. 2).

Representative results of our experiments are shownin Fig. 3. All agent execution traces shown in Fig. 3contain sections in which there is no improvement of thetopological information acquired by an agent. Theseplateaus occur whenever an agent traverses an area ofthe graph, which had been visited previously. The size(or length) of a plateau depends, among other things, onthe agents itinerary, the agent's starting point, and mostnoteworthy, the topology itself. In order to assimilateinformation from new regions, an agent may have totraverse areas already contained in the agent's know-ledge base. Since we assume that agents have no a prioriinformation about the makeup of the environment, aplateau is an insu�cient condition for the termination ofthe knowledge acquisition process. In fact, certaincharacteristics of the infrastructure may prohibit certainagent traversal to ever lead to convergence, that is,certain areas may remain unvisited.

A conscientious agent, as de®ned in the original ex-periment (Minar et al., 1998), traverses the graph by

Fig. 2. Sample graph G.

80 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 7: Intelligent mobile agents in large distributed autonomous

selecting the next vertex to be visited according to thenumber of previous visitations to that vertex. The vertexwith the least number of visitations is then selected.With this strategy, an agent is attracted by new areas,which add new topological information. This can dras-tically reduce the time spent in an already known area ofthe graph. The preference order over the reachablevertices may be an e�ective heuristics, however, it doesnot represent an admissible heuristics (Pearl, 1984) forweakly connected topologies as the one shown in Fig. 2.While the sample graph may appear contrived, we be-lieve that agents in a distributed environment may en-counter such structures due to inconsistent routing tableentries, bandwidth constraints, system faults, or ad-hoccollaborative infrastructures.

For a strongly connected graph, as shown in Fig. 4,the preference ordering deployed in conscientious agentdoes represent an admissible heuristics. That is, the goalto acquire knowledge from all vertices in the graph,thereby guaranteeing the agent's knowledge base toconverge will be achieved. Nevertheless, an optimaltraversal of the graph cannot be guaranteed under theassumption that the agent does not have any a prioriinformation. The graph depicted in Fig. 5 clearly illus-

trates the superior traversal by conscientious agents, yetalso indicates the variation of performance. For agentapplications, such as system monitoring, resource dis-covery, tra�c management, and fault management, theperformance goal is, however, to obtain complete andreliable system state information in the least amount oftime possible.

In the above example, network-mapping agents hadto assimilate knowledge of a static network topology.Consequently, the information in the agent's knowledgebase increased monotonically with time. In more real-istic applications, the agents may have to monitor dy-namically changing system parameters, such as network¯ow, available bandwidth, bu�er space, system load, orquality of service commitments. As before, an agent maytraverse the distributed infrastructure and assimilate thecorresponding parameters from constituent entities. Theinformation is then made available to a decision process,which may be a system administrator, a special process,or the agent itself. The quality or e�ectiveness of actionstaken as a consequence of the information obtained bythe agent will clearly depend on the precision andcompleteness of this information. The reliability dy-namic system information does not only depend on theunderlying topology, but also the system's dynamics. Inthis scenario, the agent's knowledge base changes non-monotonically, and the strategy previously employed byconscientious agents is no more admissible, as the ob-jective has changed to re¯ect the intricacies of a dynamicenvironment. Hence, agents must follow an itinerary ofsystem traversal, which optimizes the reliability of in-formation. Since system topology and system dynamicsare seldom known a priori, agents may have to derive anFig. 4. A strongly connected graph.

Fig. 3. Rate of knowledge acquisition for a single agent on a random walk. Note: Topological properties may prevent the agent's knowledge base

from ever converging, as shown with ``run6''.

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 81

Page 8: Intelligent mobile agents in large distributed autonomous

optimal itinerary over time and adapt to changing sys-tem parameters. In order to meet the above performanceobjectives and to tackle some of the issues implicit to alarge, dynamic distributed infrastructure, ongoing re-search in the area of intelligent mobile agents and dis-tributed computing aims at the deployment of multiplecollaborative agents.

5. Multi-agent systems

The area of multi-agent systems has its roots in the®eld of distributed AI. The primary research emphasishas been on distributed problem solving and coordi-nation of computational constituent modules in orderto ®nd e�cient solutions (Jenning et al., 1998). In re-cent years, agent and multi-agent systems have experi-enced some degree of anthropomorphism, in thatagents have been attributed with implicit intellect al-lowing computer scientists to study sociological aspectsof multi-agent systems. In the context of DACS, weshall take a more problem oriented approach by in-vestigating the intricacies of the application and howagents may exploit the intrinsic properties of the solu-tion space and the environment they act in. Our em-phasis shall be the performance of agents in a speci®cenvironment applied to a particular problem. Ratherthan making the agent's autonomy the central point ofstudy, the goal is to develop an analytical framework insupport of the design and analysis of agent-based sys-tems. Although the constituent agent's in a DACS mayact autonomously, they coordinate their e�ort bysharing information, thereby implicitly synchronizing

their actions. The advantage of multiple agents in aDACS lies therefore in the division of labor, similar toa parallel processing system. The following exampleillustrates the advantages of multiple cooperating in-telligent mobile agents in a resource-monitoring sce-nario.

5.1. Cooperating agents for resource monitoring

In any distributed environment, a number of IMAswith active interaction will lead to a high degree of in-formation exchange across the entire domain. Here,uncertainty is the degree of measure of the maximumerror associated with the quanti®ed information carriedby the agents. An agent retrieves information from aresource R at a time instant t. Some other resource R0

may request for that speci®c information from theagent. Assuming that the reply reaches resource R0 attime instant t + t0, we de®ne uncertainty of informationas the maximum phase lag of information reported at R0

when compared to the actual value at this time instantt + t0. For simpli®cation, we assume a homogeneousdistributed system of n resources. The system is furtherassumed to be topologically independent (i.e., the un-derlying topology is not taken into consideration), andcharacterized by a uniform stochastic process. The net-work topological constants are proportionality con-stants in a given topology, related to inter-nodedistances in the network. In what follows, we use multi-agents for optimization of global information exchangethroughout the distributed system. The problem is tocompute an upper bound on the degree of uncertainty ofthe information carried by these agents.

Fig. 5. Random versus conscientious graph traversal.

82 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 9: Intelligent mobile agents in large distributed autonomous

We de®ne the operators in Table 1 as follows:First, we consider a single IMA, which traverses a

system of n resources. Based on a sequential itinerary,the agent visits each of the system's resources in se-quence. Using this itinerary, the agent assimilates aknowledge base, which contains the values KB(t) withthe following values at time t:

KB�t� � �V1�t ÿ �nÿ 1�u�; V2�t ÿ �nÿ 2�u�; . . . Vn�t��:However, the actual values maintained by each of the

resources are: �V1�t�; V2�t�; . . . ; Vn�t��. We compute thecorresponding uncertainty of information, c, for thisscenario as a measure of the time lags.

c � k��nÿ 1�u� �nÿ 2�u� � � � � u�� ku��nÿ 1�n=2�: �1�

In Fig. 6 intuitively, one would expect the sequentialitinerary to yield a knowledge base with the least un-certainty, under the assumption that the agent monitorsa set of n independent, homogeneous resources imple-mented by the same stochastic process. To show thatthis conjecture is indeed true, we deviate slightly fromthe sequential itinerary. Without loss of generality, wechange the agent's traversal such that instead of visitingresource Rn at time t, the agent visits resource R1. Withthis modi®ed resource traversal, the agent's knowledgebase can be described as:

KB�t� � �V1�t�; V2�t ÿ �nÿ 2�u�; . . . ; Vn�t ÿ u0��where u0 P nu.

The corresponding uncertainty, c, is computed as:

c � k��nÿ 2�u� �nÿ 3�u� � � � � u� u0�6 ku��nÿ 2� � �nÿ 3� � � � � � 1� n�6 ku��nÿ 1� � �nÿ 2� � � � � � 1� 1�6 ku�1� �nÿ 1�n=2�:

�2�

Clearly, the uncertainty in the later case is greater thanthe uncertainty computed in Eq. (1). Hence, any devia-tion from the sequential itinerary will result in a largeruncertainty when considering a single agent in a ho-mogeneous set of n resources. Hence, the sequentialitinerary yields the least uncertainty under the statedconditions.

Under the same assumptions as before, we now in-corporate m mobile agents. We are considering a hy-pothetical model wherein there is no overhead attachedto the synchronization for the meeting of the agents.Each of the m agents is responsible for n/m resources.We assume that each of the m agents exchanges infor-mation with other agents after it traverses its corre-sponding resource partition. In what follows, we willshow that an increase in the number of IMAs results inthe diminishing of the di�erence between the best andthe worst case uncertainties. We shall consider the sce-nario of the worst case knowledge base of the agent.

KB�t� � ��V1�t�n=mÿ 1�u�; V2

� �t ÿ �n=mÿ 2�u�; . . . ; Vn=m�t��;� �mÿ 1��C�t ÿ �n=m�u� � C�t ÿ �n=m� 1�u�� � � � � C�t ÿ �2n=mÿ 1�u��:

Here, C represents the resource information obtainedfrom the other (m ÿ 1) agents. The uncertainty associ-ated with information carried by an agent in this systemis computed as:

cm � k0u���n=mÿ 1� � �n=mÿ 2� � � � � � 1� � �mÿ 1�� ��n=m� � �n=m� 1� � � � � � �2n=mÿ 1���

� k0u�n�nÿ m� � �mÿ 1�n�3nÿ m��=2m2:

For m� 1, cm� k0 u [(nÿ1)n/2], which is equivalent tothe uncertainty associated with the single agent system.For a system with multiple agents (i.e. m > 1), the as-sociated uncertainty cm decreases as the number ofagents increases. In practice, however, inter-agentcommunication for the exchange of information doesconstitute a signi®cant overhead. This suggests the ex-istence of an optimal number of agents for a givenenvironment. Autonomous control of the agent popu-lation as a function of topology and system dynamics isone of the challenging research issues in the area of in-telligent mobile agents. A detailed discussion of possibleapproaches is beyond the scope of this paper and will bepresented elsewhere. Nevertheless, the above exampleillustrates the e�ects of multiple cooperating agents. Ingeneral, the multi-agent paradigm represents a powerfuland scalable solution to many problems in DACS.

6. Agent security

It has been pointed out that one of the major researchareas on software agents (Farmer et al., 1996; Berkovits

Table 1

Operator Interpretation

c, cm uncertainty of information in an IMA

KB (t) knowledge base of agent at time t

Vi(t) actual value of the ith resource at time t

u uniform transmission time between resources

n number of resources

m number of IMAs

k, k0 network topological constants

Fig. 6. Sequential itinerary by retrieve agent.

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 83

Page 10: Intelligent mobile agents in large distributed autonomous

et al., 1998) and active networks (Ortiz, 1998) should beon agent security issues, including agent authenticationand authorization before multi-agent systems can befully deployed. We clearly advocate ubiquitous com-puting by providing an open computing infrastructure,which promotes the sharing of resources and services.Nevertheless, such an environment constitutes a signi-®cant investment that must be protected against de-struction as well as corruption. In the context of agentbased systems, the problem of providing the necessarysystem security is rather complex. Not only do we needto provide the necessary mechanisms to protect infor-mation that is transmitted between constituent hosts, wemust develop a security infrastructure which can protectthe entire system from the very mechanisms upon whichthe system is based.

The problem of providing the necessary level of se-curity is exacerbated by the introduction of mobile codeinto the system. In addition to conventional informationsecurity, constituent hosts must be protected fromfraudulent agents, agents must be protected fromfraudulent hosts, and agents must be protectedfrom other agents. The latter is particularly importantin a multi-agent environment in which agents may altertheir behavior as a function of information receivedfrom other agents.

Jamba is a secure framework for distributed com-puting systems (Havaldar and Wong, 1998). It providesfeatures for digital certi®cates, access control, auditcontrol, and system administration. In the followingsection, we will provide a brief overview of Jamba andhighlight speci®c approaches for providing a secureframework for multi-agent systems.

7. System architecture of Jamba

The Jamba system is the set of components thatprovide the security services. The Jamba environmentconsists of the Jamba system, the Certi®er and the ap-plication components, which is composed of producerand consumer agents.

In Fig. 7, the various types of interactions among theJamba components are:1. Request for security services (by both the consumer

agent and the provider agent).2. Logical communication path between the consumer

agent and the provider agent.3. Certi®cate distribution by the certi®er to Jamba, con-

sumer agent and provider agent.In general, the Jamba system is a set of components

that work together to provide a number of securityservices. One of the components, the secure facilitator,acts as a gateway for the other components. The securefacilitator is the only component that is `publicly' ac-cessible, and all security services are provided through

this facilitator. When an application component wantsto interact with Jamba, it registers with the secure fa-cilitator. De-registration mechanism is also provided.The secure facilitator obtains the digital certi®cate fromthe certi®er, and manages it on behalf of the Jambasystem. The public interface of the secure facilitator alsoenables request and use of security services of the Jambasystem. The only Jamba component with which it in-teracts directly is the Core Manager. The Core Managerinteracts with and manages the rest of the componentsof the system (as shown in Fig. 8).

The Core Manager is the most crucial component ofthe Jamba system. It creates and manages all the corecomponents. The core components include Principalauthenticator, access decision, audit decision, domain or-ganizer, vault. Each of these components provides cer-tain speci®c functionality to the Jamba system. The coremanager manages the relationship among them. It is

Fig. 7. High-level view of the Jamba environment.

Fig. 8. Component-level view of the Jamba system. Types of interac-

tions among various components (in the above diagram): (1) stores

component-related information; (2) makes decisions on allowing ac-

cess; (3) organizes components in a domain hierarchy; (4) makes a

decision on auditing events, and stores event information in an audit

trail; (5) authenticates, registering components and generating cre-

dentials; (6) registered components accessing security services.

84 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 11: Intelligent mobile agents in large distributed autonomous

also the only Jamba component that is in direct contactwith the secure facilitator. So, the secure facilitator ac-cesses all the services through a well-de®ned interface ofthe core manager.

When the Jamba system initializes at startup, it re-quests the certi®er for digital certi®cates. These certi®-cates are used in interaction with consumer agent andprovider agent components, and vouch for the validityof the services. The key pairs and the certi®cates aremanaged by the Jamba system itself. In fact, the man-agement of key pairs, certi®cates and related securityinformation is totally dependent on the component thatowns them. The Jamba environment does not specifyany speci®c mechanism in this regard, resulting in better¯exibility.

The certi®er plays the central role of a certi®cateauthority. It generates and maintains certi®cates andrelated information. This utility component generatescerti®cates for any component that requests for certi®-cates to be generated and veri®ed. All the components inthe Jamba environment require and obtain a certi®cate(during initialization) before proceeding with any otherinteractions (especially with the Jamba system). Duringthe registration of a component, attributes (privilege andidentity) are assigned, credentials created and a currentobject corresponding to the registered component isstored in the vault. The creation of the attributes and thecredentials is done by the principal authenticator com-ponent. The core manager oversees this series of actions,and the result is returned to the secure facilitator. In asimilar fashion, all other services undergo a pattern ofsteps managed by the core manager.

The X.509 standard is used for the certi®cates. TheDigital Signature Algorithm (DSA), which is a publickey cryptosystem, is used to sign the certi®cates. Thisvouches for the validity of the certi®cate. The public keyof the certi®er is publicly available, and a public inter-face is exposed for communication with the certi®er.The components obtain certi®cates from the certi®erand use them for accessing services and communication.These components have a degree of trust in the certi®er,which acts as an authority on its certi®cates. Anycomponent can use the Jamba system for various secu-rity services. It has to interact with the certi®er to obtaina certi®cate. This certi®cate needs to be submitted to theJamba system for registration. Once registered, it canrequest services. A component has a Jamba-speci®c partand an task-speci®c part. The Jamba speci®c part issmall and is provided as a set of utility classes. Thiseases system design and development. The task com-ponents in Jamba can act either as a provider or con-sumer of task-speci®c services. This approach is similarto that used by Kerberos (Treese, 1988) except thatpublic key cryptosystem is used instead of user nameand password. This is particularly important to use thepublic key technology as there are many administrative

units in a large distributed autonomous cooperativesystems.

The principal authenticator is responsible for gener-ation of privileges and identities for a registered appli-cation component. The credentials, which are generatedas part of the registration process, are stored in the vault(by the core manager). The principal authenticator usesinformation stored persistently in a database as a basisfor assigning of privileges and identities. It communi-cates with the database processor with regard to ac-cessing related information.

One of the most important services provided by theJamba system is access control. When a consumer agentattempts to access certain task-speci®c services from aprovider component, the provider agent requests theJamba system (through secure facilitator) to validate theaccess rights of the consumer. The secure facilitatorpasses this request to the core manager, which com-municates with the access decision component to make adecision. The access decision component makes the de-cision on allowing access based on the componentidentities of both the consumer agent and provideragent.

Last but not least, the vault is a passive storagecomponent. It stores information such as componentreferences, privileges, credentials, current objects andsecure associations. This organization simpli®es access-ing information regarding a particular applicationcomponent for operations such as access control. Thevault itself contains a set of components. These com-ponents internally organize and manage di�erent objectsbased on the component identity of the task component.The vault can be easily extended to store new objects,and is a ¯exible storage mechanism. All other corecomponents of the Jamba system use the vault at vari-ous di�erent stages.

The security framework provided by Jamba allowsthe system developers to build security components intothe multi-agent systems, which include access control,audit control, authentication and system administration.

8. Summary

In this paper we have presented the role and thefunctions of Intelligent Mobile Agents (IMAs) in largedistributed autonomous cooperative systems. Our dis-cussion focused on the use of software agents and multi-agent systems as a new programming paradigm for thedesign, analysis and implementation of system levelsoftware as an integral part of a large autonomousdistributed system. The ®eld of autonomous softwareagent and multi-agent systems is a fast expanding areaof research and development in recent years. It repre-sents a melting pot of research results from related areasin computer science such as distributed computing,

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 85

Page 12: Intelligent mobile agents in large distributed autonomous

arti®cial intelligence, software engineering, distributeddatabases, and programming languages. This new ap-proach will provide a diverse range of software solutionsto distributed computing at the system-level as well as atthe application-level (Jenning et al., 1998).

There are several potential problems that must beovercome before the software agents and multi-agentsystems can be fully deployed and used in an e�ectiveand e�cient manner. There are a number of funda-mental research and development issues that remain tobe solved. These issues include, among others, the con-trol and management of agent population, the repre-sentation of information in agents, e�cient agentinter-communication and agent security.

While the multi-agent system represents a powerfuland scalable paradigm for the design and implementa-tion of DACS, new mechanisms will need to be devel-oped that allow the system to control and manage theagent population as a function of the underlying to-pology and the system dynamics. To do so, researchmust emphasize on the study of basic principles and ®nde�cient ways to deal with the creation and terminationof autonomous agents in large distributed autonomouscooperative systems. For the deployment of multi-agentsystem as a fundamental paradigm in large DACS, thecomplexity of knowledge representation, communica-tion between agents, and the representation of agentsthemselves becomes a critical issue. Hence, research ef-forts must encompass the study of interaction amongagents in terms of the communication language used,mutual authentication, and low-level agent infrastruc-tures. As the transfer of agents through the distributedsystem infrastructures may represent a signi®cant re-source overhead, strategies for compact knowledgerepresentation must be developed.

Although there has been signi®cant emphasis on thedevelopment of basic security mechanisms for the designand implementation of a secure agent infrastructure, theproblem of system level security remains to be in need offurther investigation. Particularly for ad-hoc distributedsystems, for which there may not be any a priori mem-bership in a particular public key infrastructure, the is-sues of authentication between agents, between agentsand systems, and mutual trust deserve further investi-gation.

One of the most noteworthy advantages of the multi-agent paradigm is its ability to scale and adapt to theproperties of the DACS. Through dynamic changes inbehavior of individual agents or the agent population atlarge, an agent-based DACS will be able to sustainconstant performance under a variety of possibly ad-verse conditions. Among other approaches, agents mayreact to changes in the system through adaptive itiner-aries, which alter the agent's traversal of system com-ponents, adaptive heuristics, which alter the preferenceordering in the decision sub-system, or adaptive inter-

agent communication. The e�ects of system character-istics on the performance of multi-agent systems must becarefully investigated through experimental systemmodeling and performance analysis. Only when robustand scalable solutions to these problems are found willthe full potential of intelligent mobile agent systems forlarge distributed autonomous cooperative systems berealized.

References

Baumann, J., 1995. Agents: A triptychon of problems. In: Proceedings

of the ECOOP '95 Workshop. Objects and Agents: Love at First

Sight or a Shotgun-Wedding?.

Berkovits, S., Guttman, J., Swarup, V., 1998. Authentication for

Mobile Agents. In: Mobile Agents and Security LNCS 1419, pp.

114±136.

Bradshaw, J.M., 1997. Software Agents, AAAI Press, Menlo Park,

California/The MIT. Massachusetts Institute of Technology,

Cambridge, Massachusetts and London, UK.

Chavez, A., Moukas, G.A, Maes, P., 1997. Challenger: A multi-agent

system for distributed resource allocation. In: Proceedings of the

International Conference on Autonomous Agents, Marina Del

Ray, California.

Chow, R., Johnson, T., 1997. Distributed Operating Systems and

Algorithms. Addison-Wesley, Longman.

Crosbie, M., Spa�ord, G., 1995. Defending a computer system using

autonomous agents. In: Proceedings of the 18th National

Information Systems Security Conference.

de Meer, H., Richter, J.P., Pulia®to, A., Tomarchio, O., 1998. Tunnel

agents for enhanced internet QoS. IEEE Concurrency 6 (2), 30±

37.

Farmer, W., Guttman, J., Swarup, V., 1996. Security for mobile

agents: Issues and requirements. In: National Information

Systems Security Conference. National Institute of Standards

and Technology.

Havaldar, R., Wong, J., 1998. Jamba: A Secure Framework for

Distributed Computing Systems, Submitted for publication.

Helmer, G., Wong, J., Honavar, V., Miller, L., 1998. Intelligent agents

for intrusion detection. IEEE Information Technology Confer-

ence, Syracuse, New York, pp. 121±124 .

Nwana, H.S., 1996. Software agents: An overview. Knowledge

Engineering Review 11 (3), 205±244.

Jenning, N., Sycara, K., Wooldridge, M., 1998. A roadmap of agent

research and development. Autonomous Agents and Multi-Agent

Systems 1, 275±306.

Jenning, N., Wooldridge, M., 1998. Applying agent technology. In:

Jenning, N., Wooldridge, M. (Eds.), Agent Technology: Foun-

dations, Applications and Markets. Springer, Berlin, Germany.

Krause, S., 1997. MAGNA±A DPE-based Platform for Mobile Agents

in Electronic Service Markets. In: The Proceedings of the Third

International Symposium on Autonomous Decentralized Systems

(ISADS '97).

Luce, R.D., Rai�a, H., 1985. Games and Decisions. Dover Publica-

tions, New York.

Lynch, N.A., 1996. Distributed Algorithms. Morgan Kaufmann

Publishers, San Francisco, California.

Maes, P., 1994. Modeling adaptive autonomous agents. Arti®cial Life

Journal 1 (1/2), MIT Press, Cambridge, MA.

Magendanz, T., Rothermel, K., Krause, S., 1996. Intelligent agents: an

emerging technology for next generation telecommunications?

Proceedings of INFOCOM '96, San Francisco, California, pp.

24±28.

86 J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87

Page 13: Intelligent mobile agents in large distributed autonomous

Mikler, A.R., Honavar, V.G., Wong, J.S.K., 1996. Analysis of utility-

Theoretic heuristics for intelligent adaptive network routing. In:

Proceedings of the International Conference on Arti®cial Intel-

ligence Portland, Oregon, vol. 1, pp. 96±102.

Minar, N.N., Kramer, K.H., Maes, P., 1998. Cooperating Mobile

Agents for Mapping Networks. In: Proceedings of the First

Hungarian National Conference on Agent Based Computing.

Ortiz, S., 1998. Active networks: The programmable pipeline. IEEE

Computer 31 (8), 19±21.

Pearl, J., 1984. Heuristics: Intelligent Search Strategies for Computer

Problem Solving. Addison-Wesley, Reading, MA.

Rosenschein, J.S., Zlotkin, G., 1994. Rules of Encounter. The MIT

Press, Cambridge, MA.

Rothermel, K., Baumann, J., 1997. Mobile Software-Agenten:

Chancen und Risiken, Internet ± von der Grundlagentechnologie

zum Wirtschaftsfaktor, dpunkt-Verlag.

Sargent, P., 1998. Back to school for a brand new ABC. In: The

Guardian, 12 March 1992, p. 28.

Schelen, O., Pink, S., 1998. Resource reservation agents in the internet.

In: Proceedings of Eighth International Workshop on Network

and Operating Systems Support for Digital Audio and Video

(NOSSDAV '98). Cambridge, UK.

Schelen, O., Pink, S., 1997. An Agent-based Architecture for Advance

Reservations. In: Proceedings of IEEE 22nd Annual Conference

on Computer Networks (LCN '97), Minneapolis.

Smith, E.J., 1998. Interview with David Tennenhouse DARPA.

Computing Research News 10 (3).

Tennenhouse, D.L., Wetherall, D., 1996. Towards an active network

architecture. In: Proceedings of Multimedia Computing and

Networking, San Jose, CA.

Treese, G., 1988. Berkeley UNIX on 1000 Workstations: Athena

Changes to 4.3BSD. In: Proceedings of the 1988 Winter USENIX

Conference, Dallas, TX, pp. 175±182.

van Doorn, L., 1994. nfsbug.c, Available online at http://www.asmo-

deus.com/archive/Xnix/nfsbug/nfsbug.c.

Wooldridge, M., Jennings, N.R., 1998. Pitfalls of agent-oriented

development. In: Proceedings of the Autonomous Agents 98

Conference, Minneapolis, pp. 385±391.

Dr. Johnny Wong is an Associate Professor of the Computer ScienceDepartment, Iowa State University at Ames, Iowa, USA. Before hecame to Iowa State University, he was on the faculty of the ComputerScience Department at the University of Sydney. His research inter-ests include Operating Systems, Distributed Systems, Telecommuni-cation Networks, Broadband-Integrated Services Digital Networks(B-ISDN), Concurrency Control and Recovery, Multimedia andHypermedia Systems, Intelligent Multi-Agents Systems, IntrusionDetection.

He has been an investigator for research contracts with TelecomAustralia from 1983 to 1986, studying the performance of networkprotocols of the ISDN. During this period, he has contributed to thestudy and evaluation of the communication architecture and proto-cols of ISDN. From 1989 to 1990, he was the Principal Investigatorfor a research contract with Microware Systems Corporation at DesMoines, Iowa. This involved the study of Coordinated MultimediaCommunication in ISDN. In Summers 1991 and 1992, Dr. Wong wassupported by IBM corporation in Rochester. While at IBM, heworked on the Distributed Computing Environment (DCE) for theApplication Systems. This involved the integration of communicationprotocols and distributed database concepts. Dr. Wong is also in-volved in the Coordinated Multimedia System (COMS) in Course-ware Matrix Software Project, funded by NSF Synthesis CoalitionProject to enhance engineering education. From 1993 to 1996, he wasworking on a research project on a knowledge-based system for en-ergy conservation education using multimedia communication tech-nology, funded by the Iowa Energy Center. From 1995 to 1996, hewas supported by the Ames Laboratory of the DOE, working inMiddleware for Multidatabases system.

Currently, he is working on Intelligent Multi-Agents for IntrusionDetection and Countermeasures funded by the o�ce of INFOSECResearch and Technology of the National Security Agency (NSA)and Database Generating and X-Ray Displaying on the World WideWeb Applications funded by Mayo Foundation.

Dr. Armin R. Mikler received his Diploma in Informatik from fach-hochschule Darmstadt, Germany in 1988. He received his M.S. andPh.D. (Computer Science) from Iowa State University in 1990 and1995, respectively. From 1995 to 1997, he worked as a postdoctoralresearch associate in the Scalable Computing Laboratory at the AmesLaboratory, USDOE. Since 1997, Dr. Mikler has been an assistantprofessor in the Department of Computer Sciences at the University ofNorth Texas. His research interests include: Intelligent Tra�c Man-agement, Coordination of Intelligent Mobile Agents, Decision-makingin Distributed Environments, and Cluster Computing.

J.S.K. Wong, A.R. Mikler / The Journal of Systems and Software 47 (1999) 75±87 87