Artificial Intelligence Review

, Volume 42, Issue 4, pp 607–636 | Cite as

A review of attacks and security approaches in open multi-agent systems



Open multi-agent systems (MASs) have growing popularity in the Multi-agent Systems community and are predicted to have many applications in future, as large scale distributed systems become more widespread. A major practical limitation to open MASs is security because the openness of such systems negates many traditional security solutions. In this paper we introduce and classify main attacks on open MASs. We then survey and analyse various security techniques in the literature and categorise them under prevention and detection approaches. Finally, we suggest which security technique is an appropriate countermeasure for which classes of attack.


Security Multi-agent system (MAS) Open MAS Attack taxonomy Attack detection Attack prevention Lightweight Coordination Calculus (LCC) 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Aggarwal CC, Yu PS (2008) Outlier detection with uncertain data. In: SIAM international conference on data mining (SDM), pp 483–493Google Scholar
  2. Artikis A, Sergot M, Pitt J (2009) Specifying norm-governed computational societies. ACM Trans Comput Logic 10: 1–42CrossRefMathSciNetGoogle Scholar
  3. Becker MY (2010) Information flow in credential systems. IEEE Comput Secur Found Symp 0: 171–185Google Scholar
  4. Beydoun G, Low G, Mouratidis H, Henderson-Sellers B (2009) A security-aware metamodel for multi-agent systems (MAS). Inf Softw Technol 51(5): 832–845CrossRefGoogle Scholar
  5. Bierman E, Cloete E (2002) Classification of malicious host threats in mobile agent computing. In: SAICSIT’02: Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on enablement through technology. South African Institute for Computer Scientists and Information Technologists, South Africa, pp 141–148Google Scholar
  6. Bijani S, Robertson D, Aspinall D (2011) Probing attacks on multi-agent systems using electronic institutions. In: Declarative Agent Languages and Technologies Workshop (DALT), AAMAS 2011Google Scholar
  7. Borselius N, Mitchell C (2003) Securing FIPA agent communication. In: Proceedings of the 2003 International conference on security and management (SAM’03), vol 1, USA, pp 135–141Google Scholar
  8. Botelho V, Enembreck F, Avila B, de Azevedo H, Scalabrin E (2009) Encrypted certified trust in multi-agent system. In: The 13th international conference on computer supported cooperative work in design, pp 227–232Google Scholar
  9. Braynov S, Jadliwala M (2004) Detecting malicious groups of agents. In: Proceedings of the 1st IEEE symposium on multi-agent security and survivability (MAS&S) 2004. IEEE Computer Society, Philadelphia, pp 90–99Google Scholar
  10. Bresciani P, Giorgini P, Manson G, Mouratidis H (2004a) Multi-agent systems and security requirements analysis. In: Lecture Notes in Computer Science. Springer, BerlinGoogle Scholar
  11. Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004b) TROPOS: an agent-oriented software development methodology. Auton Agents Multi Agent Syst 8: 203–236CrossRefGoogle Scholar
  12. Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack- detection techniques. IEEE Internet Comput 10(1): 82–89CrossRefGoogle Scholar
  13. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv 41: 15:1–15:58CrossRefGoogle Scholar
  14. Cheng A, Friedman E (2005) Sybilproof reputation mechanisms. In: P2PECON’05: Proceedings of the 2005 ACM SIGCOMM workshop on economics of peer-to-peer systems. ACM, Philadelphia, pp 128–132Google Scholar
  15. Clark KP, Warnier M, Quillinan TB, Brazier FM (2010) Secure monitoring of service level agreements. In: Proceedings of the 2nd international workshop on organizational security aspects (OSA 2010). IEEEGoogle Scholar
  16. Dasgupta D, Majumdar N (2002) Anomaly detection in multidimensional data using negative selection algorithm. In: The IEEE conference on evolutionary computation. Hawaii, pp 1039–1044Google Scholar
  17. Demazeau Y, Rocha Costa A. (1996) Populations and organizations in open multi-agent systems. In: Proceedings of the I national symposium on parallel and distributed AI (PDAI’96), HyderabadGoogle Scholar
  18. Denning DE (1976) A lattice model of secure information flow. Commun. ACM 19-5: 236–243CrossRefMathSciNetGoogle Scholar
  19. Douceur JR (2002) The sybil attack. In: IPTPS ’01: Revised papers from the 1st international workshop on peer-to-peer systems. Springer, pp 251–260Google Scholar
  20. Dove R (2009) On detecting and classifying aberrant behavior in unmanned autonomous systems under test and on mission. In: Live virtual constructive conference. International Test and Evaluation AssociationGoogle Scholar
  21. El Ariss O, Xu D (2011) Modeling security attacks with statecharts. In: The joint ACM SIGSOFT conference—QoSA and ACM SIGSOFT symposium. ACM, pp 123–132Google Scholar
  22. Ellison C, Schneier B (2000) Ten risks of PKI: what you’re not being told about public key infrastructure. Comput Secur J 16(2):1–7Google Scholar
  23. Endsuleit R, Wagner A (2004) Possible attacks on and countermeasures for secure multi-agent computation. In: Proceedings of the international conference on security and management (SAM’04), Las Vegas, pp 221–227Google Scholar
  24. Esteva M, de la Cruz D, Rosell B, Arcos JL, Rodriguez-Aguilar JA, Cuni G (2004) Engineering open multi-agent systems as electronic institutions. In: 19th national conference on artifical Intelligence (AAAI 04). AAAI Press, pp 1010–1011Google Scholar
  25. Finin T, Joshi A, Joshi A (2002) Developing secure agent systems using delegation based trust management. In: Security of mobile multiAgent systems (SEMAS 02) held at autonomous agents and multiAgent systems (AAMAS), pp 200–202Google Scholar
  26. Foner LN (1996) A security architecture for multi-agent matchmaking. In: Proceedings of the 2nd international conference on multi-agent systems, pp 80–86Google Scholar
  27. Halpern JY, ONeill KR (2008) Secrecy in multiagent systems. ACM Trans Inf Syst Secur 12: 5:1–5:47CrossRefGoogle Scholar
  28. He Q, Sycara KP, Finin TW (1998) Personal security agent: KQML-based PKI. In: The 2nd international conference on autonomous agentsGoogle Scholar
  29. Igure V, Williams R (2008) Taxonomies of attacks and vulnerabilities in computer systems. Commun Surv Tutor 10(1): 6–19CrossRefGoogle Scholar
  30. Jansen W, Karygiannis T (2000) Mobile agent security. National Institute of Standards and Technology (NIST) Special Publication 800-19Google Scholar
  31. Jurjens J (2002) Using UMLsec and goal trees for secure systems development. In: The 2002 ACM symposium on applied computing. ACM, Madrid, pp 1026–1030Google Scholar
  32. Kadota K, Tominaga D, Akiyama Y, Takahashi K (2003) Detecting outlying samples in microarray data: a critical assessment of the effect of outliers on sample classification. Chem-Bio Inform 3: 30–45CrossRefGoogle Scholar
  33. Karnik NM, Tripathi AR (2001) Security in the Ajanta mobile agent system. Softw Pract Experience 31(4):301–329Google Scholar
  34. Khan A, Arshad Q, Niu X, Yong Z, Anwar MW (2009) On the security properties and attacks against mobile agent graph head sealing (MAGHS). In: The 3rd international conference and workshops on advances in information security and assurance (ISA 09). Springer, Seoul, pp 223–228Google Scholar
  35. Lee H, Alves-Foss J, Harrison S (2004) The use of encrypted functions for mobile agent security. In: The 37th annual Hawaii international conference on system sciences (HICSS’04). IEEE Computer Society, p 10Google Scholar
  36. Lippmann RP, Ingols KW (2005) An annotated review of past papers on attack graphs. Linoln Lab, MIT, CambridgeGoogle Scholar
  37. Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors. In: 2nd Symposium on requirements engineering for information security (SREIS 2002)Google Scholar
  38. Loulou M, Tounsi M, Kacem AH, Jmaiel M, Mosbah M (2007) A formal approach to prevent attacks on mobile agent systems. In: SECUREWARE’07: Proceedings of the the international conference on emerging security information, systems, and technologies. IEEE Computer Society, Washington, pp 42–47Google Scholar
  39. Majumdar A, Thomborson C (2005) On the use of opaque predicates in mobile agent code obfuscation. In: Intelligence and security informatics. Springer, Berlin, pp 255–236Google Scholar
  40. Massacci F, Mylopoulos J, Zannone N (2010) Security requirements engineering: the SI* modeling language and the secure tropos methodology. Adv Intell Inf Syst 265: 147–174CrossRefGoogle Scholar
  41. McDermott JP (2000) Attack net penetration testing. In: The 2000 workshop on new security paradigms (NSPW’00), Cork, pp 15–21Google Scholar
  42. Microsoft (2010) Threat risk modeling. Retrieved from The Open Web Application Security Project:
  43. Mitchell C (2003) Security for Mobility. Institution of Electrical Engineers, PiscatawayGoogle Scholar
  44. Mouratidis H (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng (IJSEKE) 17(2): 285–309CrossRefGoogle Scholar
  45. Mouratidis H, Giorgini P (2009) Enhancing secure tropos to effectively deal with security requirements in the development of multiagent systems In: Safety and security in multiagent systems. Springer-Verlag, pp 8–26Google Scholar
  46. Mouratidis H, Giorgini P, Manson G (2003a) Modelling secure multiagent systems. In: AAMAS 03: Proceedings of the 2nd international joint conference on autonomous agents and multiagent systems. ACM, New York, pp 859–866Google Scholar
  47. Mouratidis H, Giorgini P, Weiss M (2003b) Integrating patterns and agent-oriented methodologies to provide better solutions for the development of secure agent systems. In: Workshop on expressiveness of pattern languages 2003, at ChiliPLoPGoogle Scholar
  48. Necula G, Lee P (1998) Safe, untrusted agents using proof-carrying code. In: Vigna G (eds) Mobile agents and security. Springer, Berlin, pp 61–91CrossRefGoogle Scholar
  49. Novak P, Rollo M, Hodik J, Vlcek T (2003) Communication security in multi-agent systems. In: The 3rd central and eastern European conference on multi-agent systems (CEEMAS’03). Springer, pp 454–463Google Scholar
  50. Odubiyi JB, Choudhary AR (2007) Building security into an IEEE FIPA compliant multiagent system. In: Proceedings of the 2007 IEEE workshop on information assurance, IAW. IEEE Computer Society, West Point, pp 49–55Google Scholar
  51. Oey MA, Warnier M, Brazier FM (2010) Security in large-scale open distributed multi-agent systems. In: Kordic V (ed) Autonomous agents. IN-TECH, pp 107–130Google Scholar
  52. Page JP, Zaslavsky AB, Indrawan MT (2005) Extending the buddy model to secure variable sized multi agent communities. In: Proceedings of the 2nd international workshop on safety and security in multiagent systems, Utrecht, pp 59–75Google Scholar
  53. Park H, Ju H, Chun K, Lee J, Ahn S, Noh B (2006) The algorithm to enhance the security of multi-agent in distributed computing environment. In: ICPADS’06: Proceedings of the 12th international conference on parallel and distributed systems. IEEE Computer Society, Washington, pp 55–60Google Scholar
  54. Paruchuri P, Tambe M, Ordonez F, Kraus S (2006) Security in multiagent systems by policy randomization. In: Proceedings of the 5th international joint conference on autonomous agents and multiagent systems (AAMAS 06). ACM, Hakodate, pp 273–280Google Scholar
  55. Paruchuri P, Pearce JP, Marecki J, Tambe M, Ordonez F, Kraus S (2009) Coordinating randomized policies for increasing security of agent systems. Inf Technol Manag 10: 67–79CrossRefGoogle Scholar
  56. Petrie C, Bussler C (2003) Service agents and virtual enterprises: a survey. IEEE Internet Comput 7: 68–78CrossRefGoogle Scholar
  57. Poslad S, Calisti M (2000) Towards improved trust and security in FIPA agent platforms. In: Workshop on deception, fraud and trust in agent Societies, SpainGoogle Scholar
  58. Poslad S, Charlton P, Calisti M (2002) Specifying standard security mechanisms in Multi-agent systems. In: Trust, reputation, and security: theories and Practice, AAMAS 2002 international workshop. Springer, Berlin, pp 122–127Google Scholar
  59. Quillinan TB, Warnier M, Oey MA, Timmer RJ, Brazier FM (2008) Enforcing security in the agentScape middleware. In: Proceedings of the 1st international workshop on middleware security (MidSec). ACMGoogle Scholar
  60. Ray M (2009) Authentication gap in TLS renegotiation.
  61. Rescorla E, Ray M, Dispensa S, Oskov N (2010, Feb) Transport layer security (TLS) renegotiation indication extension. Internet Engineering Task Force (IETF)Google Scholar
  62. Riordan J, Schneier B (1998) Environmental key generation towards clueless agents. Mobile agents and security. Springer, Berlin, pp 15–24CrossRefGoogle Scholar
  63. Robertson D (2005) A lightweight coordination calculus for agent systems. In: Declarative agent languages and technologies II, vol 3476/2005. Springer, Berlin, pp 183–197Google Scholar
  64. Robertson D, Giunchiglia F, Harmelen Fv, Marchese M, Sabou M, Schorlemmer M et al (2008) Open knowledge—coordinating knowledge sharing through peer-to-peer interaction. In: Languages, methodologies and development tools for multi-agent systems. 1st International workshop, LADS 2007. Revised Selected and Invited Papers, vol 5118, pp 1–18Google Scholar
  65. Robles S (2008) Trust and security. In: Moreno A., Pavn J. (eds) Issues in multi-agent systems: the agentCities. ES experience (Vol. Chapter 4). Birkhäuser, Basel, pp 87–115CrossRefGoogle Scholar
  66. Rojas DM, Mahdy AM (2011) Integrating threat modeling in secure agent-oriented software development. Int J Softw Eng (IJSE) 2: 23–36CrossRefGoogle Scholar
  67. Sabelfeld A, Myers A (2003) Language-based information-flow security. IEEE J Sel Areas Commun 21(1): 5–19CrossRefGoogle Scholar
  68. Schneier B (1999) Attack trees. Dr. Dobb’s J Softw Tools 24: 21–29Google Scholar
  69. Sierra C, Walton C, Robertson D, Gerloff EJ, Li JS, Abian J et al (2008) Report on bioinformatics case studies. TechreportGoogle Scholar
  70. Silei L, Rui Z, Jun L, Junmo X (2008) A novel security protocol to protect mobile agent against colluded truncation attack by cooperation. In: International conference on cyberworlds, pp 186–191Google Scholar
  71. Sit E, Morris R (2002) Security considerations for peer-to-peer distributed hash tables. In: IPTPS’01: revised papers from the 1st international workshop on peer-to-peer systems. Springer, pp 261–269Google Scholar
  72. Sun B, Chen H (2011) Communication security in MAS with XML security specifications. Appl Mech Mater 65:251–254Google Scholar
  73. Sycara K, Paolucci M, Van Velsen M, Giampapa J (2003) The RETSINA MAS infrastructure. Auton Agents Multi Agent Syst 7: 29–48CrossRefGoogle Scholar
  74. Tan H, Moreau L (2002) Extending execution tracing for mobile code security. In: 2nd International workshop on security of mobile multiAgent systems (SEMAS 2002), Bologna, pp 51–59Google Scholar
  75. Tan JJ, Poslad S, Xi Y (2004) Policy driven systems for dynamic security reconfiguration. In: Proceedings of the 3rd international joint conference on autonomous agents and multiagent systems (AAMAS), vol 3. IEEE Computer Society, pp 1274–1275Google Scholar
  76. Tekbacak F, Tuglular T, Dikenelli O (2009) An architecture for verification of access control policies with multi agent system ontologies. In: COMPSAC’09: Proceedings of the 2009 33rd annual IEEE international computer software and applications conference. IEEE Computer Society, pp 52–55Google Scholar
  77. Tekbacak F, Tuglular T, Dikenelli O (2011) Policies for role based agents in environments with changing ontologies. In: The 10th international conference on autonomous agents and multiagent systems (AAMAS 11), Taipei, pp 1335–1336Google Scholar
  78. Thirunavukkarasu C, Finin T, Mayfield J (1995) Secret agents—a security architecture for the KQML agent communication language. In: Intelligent information agents workshop (CIKM’95)Google Scholar
  79. Traynor P, McDaniel P, Porta TL (2008) Security for telecommunications networks: future directions and challenges. Springer, USGoogle Scholar
  80. van’t Noordende G, Brazier FM, Tanenbaum AS (2004) Security in a mobile agent system. In: The 1st IEEE symposium on multi-agent security and survivability, pp 35–45Google Scholar
  81. van’t Noordende GJ, Overeinder BJ, Timmer RJ, Brazier FM, Tanenbaum AS (2009) Constructing secure mobile agent systems using the agent operating system. Int J Intell Inf Database Syst (IJIIDS) 3: 363–381Google Scholar
  82. Vazquez-Salceda J, Padget JA, Cortes U, Lopez-Navidad A, Caballero F (2003) Formalizing an electronic institution for the distribution of human tissues. Artif Intell Med 27: 233–258CrossRefGoogle Scholar
  83. Vila X, Schuster A, Riera A (2007) Security for a multi-agent system based on JADE. Comput Secur 26: 391–400CrossRefGoogle Scholar
  84. Vitabile S, Conti V, Militello C, Sorbello F (2008) An extended JADE-S based framework for developing secure multi-agent systems. Comput Stand Interfaces 31: 913–930CrossRefGoogle Scholar
  85. Wagner G (1997) Multi-level security in multiagent systems. In: Proceedings of the 1st international workshop on cooperative information agents. Springer, London, pp 272–285Google Scholar
  86. Wahbe R, Lucco S, Anderson T (1993) Efficient software-based fault isolation. In: The 14th ACM symposium on operating systems principles, pp 203–216Google Scholar
  87. Wang H, Varadharajan V, Zhang Y (1999) A secure communication scheme for multiagent systems. In: PRIMA’98: selected papers from the 1st Pacific Rim international workshop on multi-agents, multiagent platforms, vol 1599. Springer, London, pp 174–185Google Scholar
  88. Wong HC, Sycara K (1999) Adding security and trust to multi-agent systems. In: Proceedings of autonomous agents’99 workshop on deception, fraud, and trust in agent societies, pp 149–161Google Scholar
  89. Xiao L (2009) An adaptive security model using agent-oriented MDA. Inf Softw Technol 51: 933–955CrossRefGoogle Scholar
  90. Yu E, Cysneiros LM (2002) Designing for privacy and other competing requirements. In: 2nd Symposium on requirements engineering for information security (SREISTM02), RaleighGoogle Scholar
  91. Yue X, Qiu X, Ji Y, Zhang C (2009) P2P attack taxonomy and relationship analysis. In: ICACT’09: Proceedings of the 11th international conference on advanced communication technology. IEEE Press, pp 1207–1210Google Scholar
  92. Zaslavsky A, Indrawan M (2004) A buddy model of security for mobile agent communities operating in pervasive scenarios. Proc. Australas Inf Secur Data Mining Web Intell Softw Int 32: 17–25Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  1. 1.Informatics SchoolEdinburgh UniversityEdinburghUK
  2. 2.Computer Science DepartmentShahed UniversityTehranIran

Personalised recommendations