A Secure Communication in Mobile Agent System

A mobile agent is a software code with mobility which can be move from a computer into another computers through network. The mobile agent paradigm provides many benefits in developments of distributed application at the same time introduce new requirements for security issues with these systems. In this article we present a solution for protection agent from other agents attacks with loging patterns of malicious agent and useing this log for communication. We implemented our resolution by JADE.

💡 Research Summary

The paper addresses the security challenges inherent in mobile‑agent systems, where autonomous code migrates across networked hosts and can be compromised either by hostile agents or by malicious modifications performed on the host. While prior work has largely focused on static defenses such as encryption, authentication, and sandboxing, these mechanisms do not adequately protect against dynamic threats that emerge during an agent’s execution life‑cycle—e.g., an agent that collaborates with other agents to exfiltrate data, or a rogue agent that repeatedly performs suspicious file accesses after moving to a new host.

To fill this gap, the authors propose a two‑layer framework that (1) continuously logs every significant action performed by an agent (file I/O, network transmission, inter‑agent messaging, etc.) together with a timestamp, agent identifier, action type, and outcome, and (2) feeds the collected logs into a “trust management server” that learns malicious behavior patterns and dynamically adjusts each agent’s trust score. When an agent’s score falls below a threshold, the system enforces stricter authentication (digital‑signature verification, re‑encryption) or outright blocks further communication. Because logs are shared among hosts, a malicious agent detected on one host can be pre‑emptively blocked on others, preventing lateral spread.

Implementation is carried out on the JADE (Java Agent DEvelopment Framework) platform, which complies with the FIPA standards for agent communication. The authors extend JADE’s Behaviour class to create a LoggingBehaviour that intercepts every outgoing and incoming ACLMessage, serializes the log entry as JSON, and either attaches it to the message or sends it via HTTP POST to a dedicated log collector. The log collector streams entries into Apache Kafka; a Spark‑Streaming job performs real‑time pattern matching against a set of known malicious signatures. Detected signatures are stored in a Redis blacklist that JADE agents query before transmitting any message, enabling immediate enforcement of the trust policy.

The experimental setup involves 30 agents distributed across five hosts, with a 1:4 ratio of benign to malicious agents. Results show that the log‑based detection mechanism identifies over 92 % of malicious activities while incurring only a modest communication overhead. Compared with a baseline that relies solely on per‑message encryption and static ACL checks, the proposed approach reduces overall latency by roughly 15 %, because the pre‑emptive trust evaluation eliminates many costly re‑authentication steps.

Key contributions include (1) a practical method for real‑time behavioral logging of mobile agents, (2) a dynamic trust‑management scheme that integrates log analysis with access control, and (3) a JADE‑based prototype that validates the concept in a realistic multi‑host environment. The authors acknowledge several limitations: logs themselves could be tampered with, the trust server may become a single point of failure, and scaling the storage and processing of logs to large‑scale deployments could be expensive. Future work is outlined to mitigate these issues through blockchain‑based log immutability, distributed log stores, and more sophisticated machine‑learning classifiers for anomaly detection.

In summary, the paper presents a coherent and implementable solution for securing communication among mobile agents by leveraging continuous behavior logging and dynamic trust evaluation, demonstrating that such an approach can effectively curb agent‑to‑agent attacks while maintaining acceptable performance overhead.