Study About Intelligent Agents Versus Malicious Agents Computer Science

Essay add: 21-11-2017, 13:23   /   Views: 113

Intelligent agents are today accepted as powerful tools in a distributed environment because they are not cumbersome for the network traffic; they overcome network latency, operate in heterogeneous environment and possess fault-tolerant behavior. The concept of mobile agent is over a decade old, the technology proves not to be perfect yet, due to a misconception of an intelligent agent as a malicious agent that can be a computer virus. This paper presents a study of intelligent agent and malicious agent called computer virus and comparison is drawn between these two.

1. Introduction

This is a mobile era and the current global affairs in the mobile communications area with the advent of series of emerging technologies and paradigms have changed the computing model from a one to many to a many to many and have created a new paradigm called 'Intelligent Mobile Agent'. The concept of mobile agent is over a decade old, the technology proves not to be perfect yet. Many researchers are now developing methods for improving the technology, with more standardization, better programming environments, as well as design patterns that many allow mobile agents to be used in products. It is obvious that the more an application gets intelligent, the more it also gets unpredictable, dangerous and uncontrollable. The mobile agents in most aspects are considered to be new programming paradigm. There are not many applications out there that use mobile agents, so it is hard for this technology to become widely adopted. Most work had been around the agent's framework instead of developing the real applications. An agent's envisioned autonomous behavior, involving collaboration with other agents at various network locations, creates a dynamic environment that requires new design methodologies and modeling tools to properly formulate and construct agent-based system [7]. There are many mobile agent frameworks that exist today namely, ABLE, Agent Builder, Aglets, JADE, JATLite and many more. There must be standardization on some specific execution environments and the format on how mobile agents should be encoded in terms of code and state, which allows mobile agents to work with other mobile agents [4]. In this paper we try to find out reason why this mobile agent paradigm is not popular and answer the different question about mobile agents that some people think agent is a computer virus and some have the view that it is a distributed object.

The rest of the paper is organized as: Section 2 is an overview of agents, namely, Intelligent Mobile Agent and Malicious Agent (Computer Virus), section 3 is about the results and discussion whereas conclusion is drawn in section 4.

2. Overview of Agents

In this section we will discuss Intelligent Mobile Agent and Malicious Agent.

2.1. Intelligent Mobile Agent

The term 'Mobile Intelligent Agent' is derived from two different disciplines, term 'agent' is created from Artificial Intelligence and 'code mobility' is defined from the distributed systems. An agent is an object which has independent thread of control and can be initiated. Every agent looks like an object, when an agent is implemented in its frame work, it works as an independent thread and can be initiated from the server for execution according to its execution plan. This makes an Agent different from an ordinary object. An Intelligent Agent can be divided into a weak and a strong notations. Table 1shows the properties for both the notations.

Table 1. Notations of an Agent

Weak notationStrong notation



Social ability


Reactivity & Proactivity


Temporal continuity


Goal oriented


Intelligence refers to the ability of the agent to capture and apply domain specific knowledge and processing to solve problems. An intelligent agent uses knowledge, information and reasoning to take reasonable actions in pursuit of a goal. It must be able to recognize events, determine the meaning of those events and then take actions on behalf of a user. The fundamental element of intelligent behaviour is the ability to adopt or learn from experience [1]. An intelligent and autonomous agent has properties like perception, reasoning and action which form the life cycle of an agent as shown in Figure 1[2].

Figure 1 Agent Life cycle

The agent perceives the state of its environment, integrates the perception in its knowledge base that is used to derive the next action which is then executed. This generic cycle is a useful abstraction as it provides a black-box view on the agent and encapsulates specific aspects. An agent initializes itself in the first state, whereas in the second state the agent starts to operate; the next state is the stop and agent may start again depending upon environment and tasks that it tried to accomplish. The agent reaches to its complete state after completing all the tasks [5]. Figure 2 depicts the states of an agent.

Figure 2. The States of an Agent

Mobile intelligent agents are program that can be dispatched from one computer and delivered to a remote computer for execution. They are capable of autonomous actions in pursuit of a specific goal. Autonomy in agents implies that the software agent has the ability to perform its tasks without supervision, or at least with minimum supervision, in which it will be a semiautonomous software agent. Its autonomy distinguishes it from general software programs. Mobile agents are capable to perform concurrency, client-server asynchrony, reduce network usage (bandwidth + frequency), installation of client-specific interfaces and dynamic interface upgrades. The client becomes 'smart', an Internet-connected device that allows the user's local applications to interact with server-based applications through the use of web services. It supports work offline. It can be deployed and updated in real time over the network from a centralized server. It supports multiple platforms and languages because of web services. It runs on any device that has Internet connectivity, including desktop, workstations, note books, PDAs and mobile phones [4][5][6][7]. The basic working of a mobile agent is depicted in figure 3.

Figure 3. Function of Mobile Intelligent Agent

The explanation of figure 5 is that Computer A and Computer B are connected via a network. In step 1 a mobile agent is going to be dispatched from Computer A towards Computer B. In the mean time Computer A will suspend its execution. Step 2 shows this mobile Agent is now on network with its state and code. In step 3 this mobile Agent will reach to its destination, computer B, which will resume its execution.

The following are areas but not limited to where mobile intelligent agents can be applied:

Distributed Computing: Mobile agents can be applied in a network using free resources for their own computations.

Collecting data: A mobile agent travels around the net. On each computer it processes the data and sends the results back to the central server.

Software Distribution and Maintenance: Mobile agents could be used to distribute software in a network environment or to do maintenance tasks.

Mobile agents and Bluetooth: Bluetooth is a technology for short range radio communication. Originally, the companies Nokia and Ericsson came up with the idea. Bluetooth has a nominal range of 10 m and 100 m with increased power. The applications for mobile agents are myriads.

Mobile agents as Pets: Mobile agents are the ideal pets. Imagine something like creatures. What if you could have some pets wandering around the internet, choosing where they want to go, leaving you if you don't care about them or coming to you if you handle them nicely? People would buy such things won't they?

Mobile agents and offline tasks: Mobile agents could be used for offline tasks such as, an agent is sent out into the internet to do some task, and the agent performs its task while the home computer is offline and returns with its results. Mobile agents could be used to simulate a factory, machines in factory are agent driven, agents provide realistic data for a simulation, e.g. uptimes and efficiencies, and simulation results are used to improve real performance or to plan better production lines [3][8].

Many researchers are now developing methods for improving the technology, with more standardization and better programming environments that may allow mobile agents to be used in products. It is obvious that the more an application gets intelligent, the more it also gets unpredictable and uncontrollable. The main drawback of mobile agents is the security risk involved in using them [3][4]. The table 2 shows strengths and weaknesses of agent technology.

Table 2. Strengths and Weaknesses of an Agent


Overcoming Network Latency


Reducing Network traffic


Asynchronous Execution and Autonomy

Lack of Applications

Operating in Heterogeneous Environments

Limited Exposure

Robust and Fault-tolerant Behavior


2.2. Malicious Agent

A computer virus is a malicious computer program that infects host systems and replicates itself to other host systems. A computer virus has been defined as a set of computer instructions that reproduces itself and it may attach to other executable code. Usually this code is a short program that may either embed in other code or stand on its own. In essence, this computer program is designed to infect some aspect of the host computer and then copy itself as much and as often as it has the chance. Computer Virus is a kind of malicious software written intentionally to enter a computer without the user's permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system [9][10]. The most common types of viruses are:

Resident Viruses: This type of virus permanently residents in the RAM memory, from there it can interrupt and control all of the operations of the system, such as , corrupting files and programs that are opened, closed, copied, renamed etc. The examples of resident viruses are: Randex, CMJ, Meve, and MrKlunky [9][10].

Direct Action Viruses: This type of virus replicates and when it executes take action i.e. when a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. The batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted [9][10].

Overwrite Viruses: This type of virus deletes the information in the files that it infects; rendering them partially or totally useless once they have been infected. The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content. The examples overwrite viruses are: Trj.Reboot, Trivial.88.Dare etc [9][10].

Boot Virus: This type of virus affects the boot sector of a floppy or hard disk which is an essential part of a disk, where information about the disk itself is stored along with the bootable program for the computer from the disk. In order to protect from the boot viruses, it is the best way to ensure that floppy disks are write-protected and never start the computer with an unknown floppy disk in the disk drive. The examples of boot viruses are: Polyboot.B, AntiEXE, etc [9][10].

Macro Virus: This type of virus infects files that are created using certain applications or programs that contain macros. The macros make it possible to automate series of operations so that they are performed as a single action, and hence save the user to carry them out one by one. The examples of macro virus are: Relax Melissa.A, Bablas, and O97M/Y2K etc [9][10].

Directory Virus: The directory viruses change the paths of a file which indicate the location. Executing a program or a file with the extension .EXE or .COM, infected by a virus, you are unknowingly running the virus program, the original file and program is moved by the virus. It is impossible to locate the original file if it is infected by directory virus [9][10].

Polymorphic Virus: The polymorphic viruses encrypt or encode themselves in a different way by using different algorithms and encryption keys every time they infect a system. This makes it impossible for anti-viruses to find them using string or signature searches because they are different in each encryption and also enables them to create a large number of copies of themselves. The examples of polymorphic virus are: Elkern, Marburg, Satan Bug, and Tuareg etc [9][10].

File Infectors: This type of virus infects programs or executable files with an .EXE or .COM extension. When one of these programs is run, directly or indirectly, the virus is activated, producing its damaging effects. The majority of existing viruses belongs to this category, and can be classified through their actions [9][10].

Companion Viruses: Companion viruses are file infectors, resident or direct action viruses. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run i.e. resident viruses or act immediately by making copies of themselves i.e. direct action viruses. The examples of companion viruses are: Stator, Asimov.1539, and Terrax.1069 etc [9][10].

FAT Virus: The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. The attack of such types of viruses is dangerous, by preventing access to certain sections of the disk where important files are stored. The damages caused can result in information losses from individual files or even entire directories [9][10].

Worms: A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on the system. If worms are detected in a system then it is possible to remove them through anti-virus programs. The examples of worms are: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson etc [9][10].

Trojans or Trojan Horses: Trojans or Trojan horses are another type of malicious code, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms [9][10].

Logic Bombs: They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs. Their objective is to destroy data on the computer after certain conditions. Logic bombs go undetected until launched, and the results can be destructive [9][10].

3. Results and Discussion

We can simulate a virus attack on a small, isolated network test-bed by using a mobile agent. A virus is a piece of code with has two characteristics: first, at least a partially automated capability to reproduce and second, a method of transfer which is dependent on its ability to attach itself to other computer entities (programs, disk sectors, data files, etc.) that moves between these systems. The abilities to automatically reproduce and move to other hosts are indigenous properties of all viruses. This ability to transfer and reproduce manifests as the rapid spread of a virus through a computer network. A virus tends to be inefficient and wasteful of host computer and network resources. The properties of reproduction and transferability are not unique to viruses. Agents, namely mobile autonomous agents, also have these capabilities. An agent can be defined as an entity that can receive, percepts through sensors from its environment, and perform actions on its environment through affecters. An autonomous agent is a species of agent that senses its environment and acts in pursuit of its own agenda and so as to affect what it senses in the future. A mobile agent is yet another species of agent that is capable of transporting itself from one machine to another. Therefore, the combination of these agents yields a mobile autonomous agent and is capable of behaving much like a virus because it possesses the capability to autonomously reproduce and transfer itself to other machines. A virus can be disguised as a mobile agent and distributed in the network causing damage to the host machines that execute the agent. Can think of agents as a kind of virus? The answer is "No". The major and fundamental Differences are: First, the agents use deliberate transport infrastructure and the second, viruses hijack some bug or feature of existing distributed system (email/ftp) [3][8].

Table 3. Comparison of Intelligent and Malicious Agent

PropertyIntelligent AgentMalicious Agent




Processing Power

More Autonomous

Not Capable

Network support


It can work in any type of the network

Network Load Management

Reduce Network traffic and latency

Not Capable

Transport Protocol



Packet size Network

Code and execution state can be moved around network. (only code in case of weak mobility)

The full code (Only full text of a program)

Network Monitoring

It gives flexibility to analyze the managed nodes locally

Not Capable

Type of the Client


Not Capable

A Sample piece of Code

1. public class agentClass extends Kaariboga{

2. public agentClass(String name) {

3. super("Agent Name_"+name); }

4. public void onArrival() {

5. // display the message; }

6. public void onDestroy() throws ArrayIndexOutOfBoundsException {

7. // display the message; }

8. public void run() {

9. sum = a + b;

10. System.out.println ("The sum is:" + sum);}


No Specified program code


Yes, Intelligent agent always uses and send through a specific framework

No, Malicious agent does not use any frame work. It spread through email or ftp.

In an intelligent agent, the client becomes smart; which supports work offline, can be deployed and updated in real time over the network from a centralized server, supports multiple platforms and languages because of web services and runs on any device that has Internet connectivity, including desktop, workstations, note books, PDAs and mobile phones. The codes to add two integer numbers are shown as an example in table 3, an agent in 'Kaariboga Java based Agent framework'. The malicious agent has no specific program code, its transport protocol is unknown, it can work both synchronous and asynchronous modes of communication, it can work in any type of network either heterogonous or homogenous and its purpose is only to damage the computer resources.

They are just distributed objects with a different name. Microsoft's objects like OLE, COM, DCOM and ActiveX have been around for years. What is the difference? Let us examine a distributed object application and a distributed multiagent system application. A distributed object application is defined by the objects, the data and the behavior (methods) required implementing the function needed. The interactions between objects are explicitly defined; the sequence of methods calls is spelled out in detail. An object is a software entity that encapsulates state (data) and behavior (function) and exposes a set of methods or procedures to manipulate that state. Objects are used by objects to perform action. Objects do not initiate actions of their own preference. In a multiagent system, we have a collection of software entities that autonomously perform actions. Each agent has a more complex internal state than an object, but more importantly, they have internal goals. Agents decide what to do and when to do it. Agents can say 'no' when requested to perform an action. Objects have fixed roles. Agents can change roles dynamically as application runs. In a distributed objects application, every object is contributing a small piece of function in achieving a single application goal. In an agent system, a collection of goal-oriented software entities cooperate to achieve a single application goal. Objects involve methods. Agents have conversations. Objects are data packets with buttons waiting to be pushed. Agents are actively deciding what buttons to push [8]. Table 4 shows the major differences between distributed objects and an agent. We still believe if we are talking about a single agent then it looks like a distributed object.

Table 4. A Comparison of an Intelligent Agent and a Distributed Object

Distributed ObjectIntelligent Agent

It invokes methods

It has conversation

Object wait what action for the actions

Agents decide what action will be taken

It is a small piece of program

It is a collection of programs

It is only for achieving a single application goal

They are programs which co-operate with each other to achieve a single application goal.

It does not initiate actions for its own.

It performs autonomous action

They have fixed roles

Agents can change roles dynamically as the application runs.

Objects are used by other to perform actions

Agents can say 'no' when requested to perform an action

4. Conclusion

In this paper we try to find out reasons why this mobile agent is not yet a well accepted paradigm. There are different questions about an agent like some people think that an agent is like a malicious agent which is a 'computer virus' and some have the view that it is a 'distributed object'. We have tried to answer all these questions in this paper. We discuss intelligent agent and malicious agent and draw a comparison between these types of agents. We also draw a comparison between and agent and distributed object. The intelligent agents are always sent through a specific framework while the malicious agents spread through 'ftp' or 'email'. The intelligent agent performs autonomous action, changes its role dynamically as the application runs while the distributed object has the fixed roles and does not initiate actions for its own. We conclude here security, performance, lack of applications, limited exposure and standardization are the major weaknesses that mobile agents are not yet popular enough. It is an era of the people where many users can interact with many intelligent devices at the same time, one can say it is a many-to-many communication where intelligent mobile agents can play important role in the development of these applications due to their support of asynchronous communication, autonomous and heterogeneous behavior, reduce network traffic and latency and smart clients.

Article name: Study About Intelligent Agents Versus Malicious Agents Computer Science essay, research paper, dissertation