The History Of Compliance Management

Published Date: 02 Nov 2017

Chapter 1

Introduction

In this century of information technology Every Organization wants to confirm set of rules and requirement laws on operations performed by employees. Compliance Management (CM) is very useful in implement a systematic and integrated process in order to wipe out all wrongdoing in an organization. The need for compliance management is motivated profoundly by the increasing emphasis on law and regulations for company information integrity and information security as evident in various security surveys such as the Ernst & Young Global Information Security Survey [Ernst & Young, 2005]. According to PriceWaterCoopers and AusCERT survey, in last Couple of years Companies are increasingly interconnected and dependent on IT, which makes IT security a very important field for guaranteeing business continuity[Pricewatercooper, 2006] [AusCERT, 2006]. Also various scams and corporate fraud in recent years are driving force for Compliance Management. Compliance Management comprises ambient monitoring, audit & assessment, incident management and recommended actions. CM plays important role in quality control process of a company. Organizations operating in heavily regulated sectors such as financial services and health care industries are often governed by large number of regulatory requirement. As CM is a labor intensive and continuous process, they struggle to implement the large number of internal business/IT controls in an attempt to satisfy the ever growing number of requirements and expectations [Yip, Wong, Prameswaran & Ray, 2008]. Therefore, many experts agree that the process of CM should be automated as much as possible. Different organizations employ unique systems and techniques to support CM. In existing work of [Wong & Yip, 2006][Wong & Yip, 2008]. Compliance auditing is major component of Compliance Management. Compliance Audit verifies various business activities whether rules and standards are met or not. A Plethora of strict rules and regulations which are country and industry specific such as Basel II, HIPPA and Gramm Leach Bliley etc. these laws were designed by respective governments to protect the interest of various stakeholders. On other hand Information Security Management using standards such as COBIT, ISO 17799, ITIL, Baseline Protection Manual (BSI) etc. to ensure reliability and security in a particular business unit. The standard of good practices maintains sanctity of corporate governance as well as protection of assets or valuable resources [P. Saha, N. Pramesswaran, P. Ray & A. Mahanti, 2011].

Ontology based Multi Agent System plays a vital role in compliance auditing. Ontology is frequently defined as "a formal specification of a shared conceptualization of a domain" [Borst, 1997]. Ontology captures implicit and explicit knowledge which can be shared, reused and consumed by autonomous agent. Basically Ontologies used for Communication (between human, computational systems), Computational inference (for internally representing and manipulating plans and planning information, for analyze internal structures, algorithm, inputs and outputs of implemented system in conceptual terms) and for reuse knowledge [Gruninger and J. Lee, 2002]. Ontology provides knowledge base to Multi Agent System for various system operations. Ontologies are successfully developed in various real life applications like Network Management, Security Management, various Financial Applications, Software Engineering and Healthcare. Here in this project we are trying to develop multilayer Ontology architecture across whole agent platform for auditing in banking domain which ensures operational activities complying with rules and regulations.

Chapter 2

Background

Compliance Management

Compliance Management (CM) is very useful in implement a systematic and integrated process in order to wipe out all wrongdoing in an organization. The need for compliance management is motivated profoundly by the increasing emphasis on law and regulations for company information integrity and information security as evident in various security surveys such as the Ernst & Young Global Information Security Survey [Ernst & Young, 2005]. According to PriceWaterCoopers and AusCERT survey, in last Couple of years Companies are increasingly interconnected and dependent on IT, which makes IT security a very important field for guaranteeing business continuity[Pricewatercooper, 2006] [AusCERT, 2006]. Also various scams and corporate frauds like Satyam Computers (India), Lehman Brothers(USA, 2008), Royal Bank of Scottland (2008), Anglo-Irish Bank (2009), worldCom, Telecomms (USA, 2001), Enron(USA, 2001), One.Tel (AUS , 2001), HIH Insurance(2001) AUS, S-Chips Scandals, Singapore, Bofforce, 2G Scam and Common Wealth scam(India) in recent years are driving force for Compliance Management. Compliance Management comprises ambient monitoring, audit & assessment, incident management and recommended actions. CM plays important role in quality control process of a company. Organizations operating in heavily regulated sectors such as financial services and health care industries are often governed by large number of regulatory requirement. CM motivates the people to comply with law and regulation.CM itself a labor intensive task require effective solution programs. Research indicates that compliance program fails due to cost of regulatory compliance, insufficient resources and expertise to address for compliance requirements, lack of knowledge of requirements. CM is facing obstacles because of some other factors such as Organizational Structure and Complexity, Failure to Understand the Law and Collapse of Belief in Law. Compliance Management can be defined as "The process of collection and evaluation of fund, client and investor data, including self-monitoring reports and verification to show whether the fund’s operations are in accordance with the compliance regulations issued by Regulatory body like Securities and Exchange Commission (US) or the Financial Services Authority (UK)."

Compliance Auditing

Business processes requires information to make decisions for successful business execution. Business unit’s wanted to ensure reliability of such collected information for decision making process, this will achieve by performing periodic step by step verification of information of institute known as auditing. Auditing is very old process which used in accounting for check transactions in profit & loss and Balance sheets. Ancient countries like Egypt, Mesopotamia, Rome, Greece, United Kingdom and India have reference of auditing. Even Arthshastra also has reference of accounting and auditing. Principles of double entry for cross verification of entries in account book introduced in 1494 at Venice by Luca Paciolo for verification of entry made in ledger, at that time this method is less utilized during preceding century. Gradually increase in volume of trading operations, use of capital by traders and partnerships in trading require perfect accounting system. Auditing grew rapidly after the industrial revolution in 19th century. The enormous increase in trade in that period, which was fostered by discovery of steam and mechanical inventions, led to joint stock companies which separate owners(or Shareholders) and management. These owners (or shareholders) were demanding for report of experts on companies accounts. Auditing ascertain genuineness of operations in any business unit [Ernest and Ernest].

Auditing term derived from Latin word Audire which means ‘to hear’. Auditing is step by step process for examine policy and procedure was followed or not. According to Guidelines for quality and environmental management systems auditing [AS/NZS ISO 19011:2003]:

‘An audit is a systematic, independent and documented verification process of objectively obtaining and evaluating audit evidence to determine whether specified criteria are met’.

There are various approaches for conducting audit like Risk based, Structure based, Collateral based and Transaction based. There are two Principle objectives for conduct Audit in an institute 1) Detection of Fraud 2) Detection of Errors [Ernest and Ernest].

2.2.1 Features of Basic Auditing

Auditing performs Systematic and Scientific Examination.

Auditing is performed by independent body of Persons.

Auditing verifies result shown by a Company, institute or Organization.

Auditing regularly review internal and External Control.

In 20th century evolution of computing technology brought a digital platform for performing calculations and storage of data, so all the Business activities was started to perform on e-paper. In the end of 20th century computing and communication technologies rapid growth lead invention of internet which made sharing information very easy and after that In the beginning of 21st century Search Engine made information available at single click. In this age information Organization concern for reliability and security of confidential information because unreliable source and unsecure data increases risk. For manage and mediate risk organization requires auditing of information systems. in recent couple of years companies widely using IT in their business, which come up with new risks like security attacks (such as phishing, cross scripting, malware, DoS, cyber-squatting etc.), security vulnerabilities (such as Browser weaknesses) and violation of basic principal of information security (such as Confidentiality, Integrity and Availability). A wide range of policies and procedures concerning the use of IT made by Information Security Management using standards (such as COBIT, ISO 17799) to ensure reliability and security in a particular business unit.

Information security management, as traditionally defined covers wide concept of Information security governance. It addressed most of all aspect to operational information security management but in today's information age compliance monitoring and enforcement also integral part of Information Security Management. There is clear difference between Information Security Compliance Management and Information Security Operational Management shown in [von solms, 2005].

Information Security Management needs to build best practices for audited and auditor communities. These practices should consist of code of practices and assurance process activities, security implementation guidelines, guidelines for technology components which are critical for security and real-time monitoring processes that can detect and report potential security vulnerabilities or breaches of security [Jericho Forum]. A comprehensive review of such best practices in an organization, which periodically ensure breach of any law, statutory, regulatory or conceptual obligations known as a Compliance Audit. Definition of compliance auditing According to investorwords.com

"A comprehensive review of some aspect of the internal operations of a company that requires certification by a regulatory body to verify that it is in compliance with mandatory guidelines. Compliance audit procedures may be conducted internally, but are usually facilitated by the certifying organization. A company may require several compliance audits to review regulatory adherence in multiple departments, such as finance, IT, manufacturing, human resources, marketing and sales [http://www.investorwords.com/19265/compliance_audit.html]".

According to Medicare Australia, aims of Compliance audit are [Professional Practices]:

Support people in doing the right thing through the provision of information and advice.

Educate those who make honest mistakes.

Actively pursue those who deliberately misuse the system.

2.2.2 Objectives of Compliance Audit

According to Guidelines for quality and environmental management systems auditing [AS/NZS ISO 19011:2003]:

It maintains the integrity of the regulatory system administered by any organization or institute, ie, legislation, licenses’, notices, consents

It ensures credible and robust regulation

It improves compliance with legislative requirements

Through public audit reporting, ensuring Organization’s regulatory activity is open and transparent.

It ensures that statutory instruments are robust and are appropriately used to achieve desired outcomes.

It ensures that regulation across all organizations in state/nation is consistent and transparent.

In this modern age where perfection and quality of work matters a lot, compliance plays a crucial role for measure such indicators. Till now these compliance audit was performed manual and limited to particular sector, but here we want make compliance knowledge reusable in various sectors by using Ontology and we can automate this process using Software Agents or Multi Agent System.

2.2.3 Basic Audit Process

Pre-site Visit Activities

For successful audit, proper planning and preparation conducted in such a way resources and equipment are available and time is allocated to carry out the audit in most effective manner.

Audit planning and preparation: The Audit plan clearly defines audit’s objectives, scope and timetable. An audit plan should include key elements such as audit objectives, audit criteria, scope, quality plan, an assessment of logistics, timetable, roles and responsibilities of audit team members and allocation of appropriate resources to critical areas of the audit.

Collecting background information: Basic purpose of collecting background information is to collect relevant information that can meet the objectives of the compliance audit. This step includes requirements and other regulations or guidelines for information retrieval like site details, such as maps and process descriptions, environmental issues, technical information, industry standards, operating manuals, plans and procedures, previous audits and compliance history, safety requirements and working language, and social and cultural characteristics of audit site.

Audit checklists: The audit checklist helps auditors in conducting a thorough, systematic and consistent audit.

Providing prior notice of an audit: Generally, all compliance audits are undertaken unannounced. But sometimes notice need to be sent.

On-site Activities

Figure 2.1: Basic Audit Process

Opening meeting: The objective of the opening meeting is to meet with the site representative and explain, confirm the audit plan, outlining the objectives, scope and audit procedures provide a short summary of how the audit activities will be undertaken.

Collecting audit evidence: The following tasks need to be completed: gather information, complete audit checklists document, and take a photographic record.

Closing meeting and communication: after finishing the site inspection, undertaken all necessary interviews and collected all necessary evidence, a closing meeting is held with the site representatives. In the closing meeting, the audit team should: give a general indication of the preliminary audit findings, provide a briefing on any items needing immediate attention.

Post-site Visit Activities

Evaluation of audit evidence: Audit conclusions are drawn by evaluating evidence collected during the site inspection. Firstly, the auditor must review information gather, fill information gaps, after filling information gaps the auditor must evaluate the evidence.

Audit report: Auditor prepares audit report with findings and recommendations relevant to organization and list needed follow-up actions. The report must include details like the audit objectives, audit scope, dates and places, audit criteria, audit findings, conclusions and recommendations.

Follow-up action program: The follow-up action program is specify a course of action, which need to be achieve according to organization guidelines.

Regulatory review: The regulatory review assesses the quality of product and recommendation for improvements.

. Information Technology and Security Issues

Information Technology offers an easy and efficient way to collect, store, process and transmit information to various organizations like banking and financial, telecommunication, healthcare, airlines, Railways, manufacturing and many more. Vital business decisions are made by the organizations on the basis of this information and therefore, it is imperative to ensure that right information is available at the right time to the right people. Further, adequate security controls also require for ensure that the information and the information systems inaccessible to unauthorized persons. Information stored in the computer systems and transmission requires secure communication. Advancement in Information Technology will providing better and more powerful tools to the organizations, to acquire, store, process and network data. Such advancement also requires immediate need for robust and rugged security controls relating to computer hardware, software, application software, communication systems and data. The need for security controls assumes greater importance in view of the advent of Internet, the global internetworking phenomenon. The extent of criminal activities in the Internet based environment is expected to grow along with advancement in Information Technology. Each organization is suffering from the following security issues:

Unauthorized access to Information & Information Systems.

Loss/Modifications/Manipulations of data.

Loss of confidential information.

Problems inherent in an open Network for example viruses, Worms, sabotage, hacking etc.

The survival of the banks and the financial institutions depends on the security infrastructure for ensuring the accessibility, quality, adequacy and integrity of its information Systems. The security measures for safeguarding the information resources will require including the identification and assessment of risks and the development of proper controls to offset/reduce possible threats.

2.3.1. Information Systems Audit (IS audit)

In earlier section we have discussed that organization wants to ensure accessibility, quality, adequacy and integrity of information systems, this can be achieve through periodic monitoring of information systems by Information Security Auditor. It is the process of collecting, evaluating the evidence/information whether computer system are safeguard its assets through adoption of adequate Security control measures, maintain data integrity, achieve goals of the organization effectively and result in the efficient use of the available Information System resources. IS audit is an independent subset of normal audit process. The following factors have contributed to the inevitability of IS audit:

An organization’s ability to survive can get severely undermined through corruption or destruction of its information and information systems.

There is a possibility of misallocation of resources because of decisions based on incorrect data or poor quality Information Systems.

If computer system is not controlled, the possibilities of misuse can be very high.

Computer hardware, software and personnel are valuable assets of any organization and hence, require to be utilized optimally.

Computer errors may result in huge financial loss.

A control is defined as a system which prevents, detects or corrects unlawful events. Control consists of the policies, procedures, practices and organizational structures, designed to provide reasonable assurance that the business objectives of the organization will be achieved. IS auditors are required to evaluate the effectiveness of the security controls. so an IS auditor understand the nature of security controls. These control help in to prevent and detect unauthorized access.

2.3.2. Organizations & Exposures

Each organization will require identifying the events and circumstances, whose occurrence could result in a loss to the organization. These are called exposures. Controls are those acts/measures, which the organization must implement to minimize these exposures. Controls are broadly of the following types:

Deterrent Controls

Deterrent Controls are designed to deter unauthorized people internal as well as external, from accessing the information and information systems.

Preventive Controls

Preventive Controls prevent the cause of exposure from occurring or at least minimize the probability of the occurrence of unlawful events.

Detective Controls

When a cause of exposure has occurred, detective controls report its existence in an effort to arrest further damage or minimize the extent of damage. Detective controls limit the losses, if an unlawful event at all occurs.

Corrective Controls

Corrective Controls are designed to help the organization recover from a loss situation. Business Continuity Planning is a corrective control. Without corrective controls in place, the organization will suffer from the risk of loss of business and other losses.

2.3.3. Information Systems Audit & Benefits

The following major benefits are expected from the conduct of IS audit :

IS audit can be equated to a preventive tool. It would identify the risks and remedial measures can be taken to protect the interests of the organization.

Regular conduct of IS audit would deter people/employees/users from indulging in manipulation of data, frauds etc.

Any laxity in the controls/security of the Information Systems could be eliminated if IS audit is conducted at regular intervals.

Regular conduct of IS audit and proper follow-up on the suggestions/recommendations in the IS audit report will provide the management reasonable assurance about the functionality and the security related performance capability of the Information Systems.

Security features and controls can be further improved, based on the suggestions/recommendations made in the IS audit report.

IS audit can verify whether there exists appropriate security infrastructure in the organization Information Systems or not.

Ontology

Ontology word comes from Greek word ontos, for "being", and logos, for "Science", which can be translated as study of being or study of existence. It is branch of philosophy specifically, metaphysics concerned with nature of existence. It includes Identification and study of the categories of things that exist or may exist in universe [Ngyun, 2000]. Ontology captures concepts in a particular domain and Relationship between these concepts. Ontology brings interoperability and reusability for example different electronic devices manufacturers can use a common vocabulary and syntax to build catalogs that describe their products. Then the manufacturers could share the catalogs and use them in automated design systems [Chandrasekaran et al., 1999]. A number of fields of AI and computing use ontologies: knowledge representation, knowledge engineering, qualitative modelling, language engineering, database design, information retrieval and extraction, and knowledge management and organization [McGuinness, 2002]. [Guarino] has described various possible interpretation of "Ontology":

Ontology is an informal conceptual System.

Ontology is a formal semantic account.

Ontology is a specification of a conceptualization.

Ontology is a representation of a conceptual System Via a logical Theory.

Ontology is the vocabulary used by a logical theory.

Ontology is a specification of logical theory.

But most widely adopted definition: "An ontology is an explicit specification of a conceptualization" [Gruber, 1993]. Slightly different definition: "Ontologies are defined as a formal specification of a shared conceptualization"[Borst, 1997]. After one year definition further illustrate by [Studer, Benjamins & Fensel , 1998] as "An ontology is a formal, explicit specification of a shared conceptualisation. A 'conceptualisation' refers to an abstract model of some phenomenon in the world by having identified the relevant concepts of that phenomenon. 'Explicit' means that the type of concepts used, and the constraints on their use are explicitly defined. For example, in medical domains, the concepts are diseases and symptoms, the relations between them are causal and a constraint is that a disease cannot cause itself. ‘Formal’ refers to the fact that the ontology should be machine readable, which excludes natural language. 'Shared' reflects the notion that an ontology captures consensual knowledge, that is, it is not private to some individual, but accepted by a group."

2.4.1. Types of Ontology

Figure 2.2: Types of Ontologies on the Basis of Various Characteristics

According to [Hadzic] various types of Ontologies are characterized as follow:

In terms of granularity: coarse-grained and fine-grained.

In terms of formality: highly-informal, semi-informal, semi-formal and rigorously-formal.

In terms of generality: Top level Ontologies, middle level ontologies, Domain ontologies, task ontologies and application ontologies.

In terms of computational capability: heavy weight and light weight.

In terms of Granularity, Coarse-grained facilitates the conceptualization of domain at macro level, and are typically represented in a language of minimal expressivity. On other hand, fine-grained ontologies allow conceptualization of a domain at the micro-level and tend to be represented in a language of significant expressivity.

In terms of Formality, at one hand of formality spectrum, highly informal ontologies are expressed and at other hand of spectrum, rigorous formal semantics [Upshold].

In terms of Generality, Top level ontologies are high level ontologies, Foundational Ontologies, domain-independent Ontologies. Mid-level Ontologies serve as a bridge between top-level ontologies and domain ontologies; they serve a purpose analogous to that of software libraries in the object-oriented programming paradigm. Domain ontologies specify concepts and inter-concept relations particular to a domain of interest. Task Ontologies are ontologies used in specific tasks. Application ontologies are Ontologies used in specific applications. They typically utilise both domain and task ontologies.

In terms of Computational Capability, Ontologies may be classified as being heavy-weight or light-weight. Light weight ontologies lack axioms and other constraints, and so are very difficult to reason on. In contrast, heavy-weight Ontologies comprise all the necessary elements for it to be feasible to make inference about the knowledge they contain.

2.4.2. Ontology Engineering

Ontology Engineering Consist Design, Principles, Development, Processes and Activities, Supporting Technologies and Systematic Methodologies for Ontology Development.

2.4.2.1. Ontology Representation Language

Earlier ontology representation languages are:

KIF, which is based on first-order logic;

Ontolingua, which is built on top of KIF but includes frame-based representation;

Loom, based on description logics.

Other ontology representation languages or Web-based ontology languages are:

SHOE, built as an extension of HTML;

XOL, developed by the AI centre of SRI International as an XML-ization of a small subset of primitives from the OKBC protocol called OKBC-Lite;

RDF, developed by the W3C as a semantic-network-based language to describe Web resources;

RDF Schema, also developed by the W3C, is an extension of RDF with frame-based primitives; the combination of both RDF and RDF Schema is known as RDF(S);

OIL, which is based on description logics and includes frame-based representation primitives;

DAML+OIL is the latest release of the earlier DAML (DARPA Agent Markup Language), created as the result of a joint effort of DAML and OIL developers to combine the expressiveness of the two languages;

OWL, or Web Ontology Language, developed under the auspices of the W3C and evolved from DAML+OIL; OWL is currently the most popular ontology representation language.

2.4.2.2. Ontology Development Environment

Ontology development environment integrate an ontology editor with other tools and usually support multiple ontology representation languages. They are aimed at providing support for the entire ontology development process and for the subsequent use of the ontology [Corcho et al., 2002].

http://protege.stanford.edu/plugins/owl/images/OWLClasses-Classification.png

Figure 2.3: Protégé (Ontology Development Environment) Screenshot [Protégé, 2012]

Protégé is an Ontology Development Environment, which was developed at Stanford University. It facilitates the defining of concepts (classes) in ontology, properties, taxonomies, and various restrictions, as well as class instances [Protégé, 2012].

2.4.3. Ontology Development Methodology

There are various methodologies like DOGMA, TOVE, SENSUS and DILIGENT. According to [Noy & McGuinness, 2001] suggested steps for ontology Development as follows:

Determine the domain and scope of the ontology.

Consider reusing existing.

Enumerate important terms in the ontology.

Define the classes and the class.

Define the properties (slots) of classes.

Define the facets of the slots.

Create instances.

Figure 2.4 is an example ontology creation by these seven steps mentioned by [Noy & McGuinness, 2001].

C:\Users\Avinash Navlani\Desktop\Compliance_Audit Ontology.png

Figure 2.4: Ontology for Auditing

Others ontology development methodologies (such as the one proposed by van der Vet and Mars [van der Vet & Mars, 1998] and Methontology framework[Fernández-López et al., 1999].

2.4.4. Application of Ontologies

Ontologies are successfully developed in various real life applications like Network Management, Security Management, various Financial Applications, Software Engineering and Healthcare. Other Major Fields for Ontologies knowledge management, e-learning, e-commerce, and integration of Web resources, databases, cooperation of Web services with enterprise applications, natural-language processing, intelligent information retrieval, virtual organizations, and simulation and modeling.

Multi Agent System

Multiagent System provides a modular architecture for large complex problem. Here problem is

subdivided into independent functionally specific component known as Agent. Whenever interdependent problems arise than agents in the system must coordinate. According to woldridge "A multiagent system is one that consists of a number of agents, which interact with one another, typically by exchanging messages through some computer network." In a multiagent System, agents should have capability of cooperate, coordinate, and negotiate. A MAS can be defined as a loosely coupled network of problem solvers that interact to solve problems that are beyond the individual capabilities or knowledge of each problem solver (Durfee and Lesser 1989).These problem solvers, often called agents, are autonomous and can be heterogeneous in nature. The characteristics of MASs According to [Sycara, 1998] :

Each agent has incomplete information or capabilities for solving the problem and, thus, has a limited viewpoint.

There is no system global control.

Data are decentralized.

Computation is asynchronous.

Issues and Challenges

Despite of various potential advantages Multiagent System has some issues and challenges. [Bond and Gasser, 1988] have added some issues are:

How do we formulate, describe, decompose, and allocate problems and synthesize results among a group of intelligent agents?

How do we enable agents to communicate and interact? What communication languages and protocols do we use? How can heterogeneous agents interoperate? What and when can they communicate?

How do we ensure that agents act coherently in making decisions or taking action? How do we ensure the MAS do not become resource bounded?

How do individual agents can represent and reason about the actions, plans, and knowledge of other coordinating agents?

How do we recognize and reconcile disparate viewpoints and conflicting intentions among a collection of agents trying to coordinate their actions?

How do we design technological platforms for development Multiagent Systems?

Intelligent Agent

Agents are autonomous, social, proactive, adaptable, Independent and mobile in nature. Agents have ability to learn, understand and analyse complicated environment. A system or environment of set of agents is generally known as Multi-Agent System (MAS), which able to solve complex, dynamic and social problems. Agent Based Model is able to solve scientific problem in various domain like Life Science, Social Science, GIS and Gaming Simulation. ABM helps in performing simulation on real life’s complex models, which illustrate complex structure in simple manner. Simulation is imitation of real life entities, where experiment performed using random numbers and behaviour of system on given input value is analysed. Agents can be defined as:

"An agent is an entity whose state is viewed as consisting of mental components such as beliefs, capabilities, choices, and commitments." [Yoav Shoham, 1993]

"An entity is a software agent if and only if it communicates correctly in an agent communication language." [Genesereth and Ketchpel, 1994]

"Intelligent agents continuously perform three functions: perception of dynamic conditions in the environment; action to affect conditions in the environment and reasoning to interpret perceptions, solve problems, draw inferences, and determine actions". [Hayes-Roth, 1995]

"An agent is anything that can be viewed as (a) Perceiving its environment, and (b) Acting upon that environment" [Russell and Norvig, 1995]

"A computer system that is situated in some environment and is capable of autonomous action in its environment to meet its design objectives." [Wooldridge, 1999]

An agent is a computational system that interacts with one or more counterparts or real-world systems with the following key features to varying degrees like enumerated in [Etzioni and Weld, 1995] and [Franklin and Graesser, 1996]:

Reactivity: the ability to sense and act.

Autonomy: goal Oriented, proactive and self-starting behaviour Collaborative work help in achieve a common goal.

Inferential capability: agent can act on abstract task specification using prior knowledge of general goals and preferred methods to achieve flexibility. Agent can go beyond the information given and understand the system.

Temporal continuity: agent should persistence and run continuous over long period.

Personality: the capability of manifesting the attributes of a "believable" character such as emotion.

Adaptability: agent should capable to learn and improve with experience. Agent should have ability to modify its behaviour over time.

Mobility: agent should capable to migrate in a self-directed way from one host plat-form to another(Or agents are capable enough for transport execution between machines.) .e.g., autonomous robots, and human assistants

Collaboration: Coordinate with other agents by sending and receiving messages using agent communication language and permit high degree of collaboration help in successful operations.

Veracity: agent can deceive other agent by messages or behaviour. So agent can be truthful or untruthful.

Disposition: it shows agent attitude whether agent is benevolent, self-restricted and malevolent.

[Nawana, 1996] represent agents Typology (Shown in Figure 2.5) which classify agents in seven types: Collaborative agents, Interface agents, Mobile agents, Information/Internet agents, Reactive agents, Hybrid agents and Smart Agents.

Figure 2.5: Agent- Typology based on Nwana’s (Nwana 1996)

White paper from IBM [Gilbert et al, 1995] described intelligent agents in the three dimensions of agency, intelligence, and mobility (Shown in Figure 2.6).

Figure 2.6: Scope of intelligent agents (Adapted from Gilbert et al. 1995)

Agent V/s Object

Object orientation added to the modular approach by maintaining its segments of code (or methods) as well as by gaining local control over the variables manipulated by methods. However in traditional OO, objects are considered passive because their methods are invoked only when some external entity.

Software agents have their own thread of control, localizing not only code and state but their invocation as well. Such agents can also have individual rules and goals [Sycara, 1998]. Major differences between objects and agents are:

Agents have high degree of autonomy than Objects.

Agents flexible in their behaviour

A multiagent system is inherently multi-threaded.

Agent Architecture

Agent architecture means building an agent, which requires a MAS environment, agent with predefined role and responsibility and proper planning of agent's action sequence considering only goal. Agent architecture defines key data structure, operations on data structure and control flow between operations. Pattie Maes(1991) defines agent architecture as "particular methodology for building [agents]. It specifies how… the agent can be decomposed into the construction of a set of component modules and how these modules should be made to interact. The total set of modules and their interactions has to provide an answer to the question of how the sensor data and the current internal state of the agent determine the actions… and future internal state of the agent. Architecture encompasses techniques and algorithms that support this methodology."

According to Lesile Kaelbling(1991) "Specific collection of software (or hardware) modules, typically designated by boxes with arrows indicating the data and control flow among the modules. A more abstract view of architecture is as a general methodology for designing particular modular decompositions for particular tasks."

Initially, all agents designed with in AI were symbolic reasoning agents. It proposes that agents use explicit logical reasoning in order to decide what to do.

Symbolic Reasoning Agent

Symbolic AI is traditional approach for building AI Systems. In this approach system’s behaviour has given by symbolic representation. We can define agent or agent architecture by explicitly representing symbolic model of the world and making decisions via symbolic reasoning. There are two basic problems:

Problem translation: real world into accurate, adequate symbolic description of the world.

Represent and Reasoning Problem: Problem of representing information symbolically and getting agents to manipulate and reason with it.

Deductive Reasoning Agent

How can an agent decide what to do using theorem proving? Basic idea is to use logic to encode a theory stating the best action to perform in any given situation. Let

 be this theory (typically a set of rules)

 be a logical database that describes the current state of the world

Ac be the set of actions the agent can perform

 | mean that  can be proved from  using 

Use 3 domain predicates to solve problem:

In(x, y) agent is at (x, y)

Dirt(x, y) there is dirt at (x, y)

Facing (d) the agent is facing direction d

Possible actions: Ac = {turn, forward, suck}

Rules  are used for

Practical Reasoning Agent

[Bratman, 1990] defines Practical Reasoning as "Practical reasoning is a matter of weighing conflicting considerations for and against competing options, where the relevant considerations are provided by what the agent desires/values/cares about and what the agent believes."

Theoretical reasoning can be distinguished by practical reasoning through beliefs. For example, if "All men are mortal" and "Ramesh is a man" than "Ramesh is mortal" such process of concluding on the basis of beliefs. The process of going somewhere by taxi instead of bus is practical reasoning. Human practical reasoning consists of basic two activities. First, deliberation deciding what state of affairs we want to achieve. Second, means ends reasoning

deciding how to achieve these states of affairs [Wooldridge, 2008].

Communication ACL (Agent Communication Language)

Communication derived from Latin word communis means "to share". Communication is the process of express information through the exchange of thoughts or information by speech, message, signal and visual. Agents have some basic property like interoperability and autonomy. To achieve those agent should talk each other to decide for information to be retrieve and what physical action to take. In such a way Agent Communication Language (ACL) help to exchange information. Agent Communication Language is playing pivotal role in MAS for purpose of communication between heterogeneous agents.

Tools for Multiagent System Development

Various studies have been carried out on multiagent development on the basis of that We can divided them in three main categories:

Rapid Prototype: in this category following tools used for example AgentTool, INGENIAS Development Kit (IDK), JACK, DCaseLP.

Agent-Based Platform: in this category platforms for develop complex MAS. For example, a JADE, Agent Factory, Zeus.

Agent-Based Simulation: in this category some environments for design and develop agent simulations, where agents interact with each other. For examples are NetLogo, Repast, Mason and Swarm.

MAS Applications

Applications of MAS ranging from manufacturing to process control, air traffic control and information management. Earliest MAS application is distributed vehicle monitoring system in 1996. After that various applications of MAS in various fields like manufacturing, software development and financial portfolio management are developed. Some practical application of multiagent Systems are:

Electronic commerce: B2B, InfoFlow, eCRM

Organizational structure agents: Supply-chain ops

Industrial manufacturing and production: manufacturing cells

Automatic meeting scheduling

Personal agents: emails

Investigation of complex social phenomena such as evolution of roles, norms, and organizational structures

Network and system management agents: E.g., The telecommunications companies

Real-time monitoring and control of networks: ATM

Modeling and control of transportation systems: Delivery

Information retrieval: online search

Electronic entertainment: eDog

Decision and logistic support agents: Military and Utility Companies

Interest matching agents: Commercial sites like Amazon.com

User assistance agents: E.g., MS office assistant

Ontology Based Multi Agent System (OBMAS)

In this age of information vast amount of information is available on the web. People are using search engines like Google to search information but due to huge amount of information they need lots of time to understand and find useful information. For example you are a researcher if you want to find journals of a topic but search is showing thousands of journals. Now you need sort them one by one this consume lots of time. In such area of information we need search engine s which search information not only basis of keywords, but also on meaning. Semantic web is extension of current web in which information is available in well-defined manner so that machine can automate, integrate and reuse it across various applications. Semantic web emphasizes on well-defined meaning of information, machine usable information and cooperate through data integration and reuse.

Ontology Based Multi Agent System is a comprehensive approach for developing agent system with capturing knowledge in form of concepts. Generally agents are autonomous, social, proactive and mobile in dynamic, non-deterministic and continuous real world environment. Agents are intelligent software help in decision making While ontology is defined as "A formal specification of shared conceptualization of a domain" [Borst, 1997]. Ontology captures implicit and explicit knowledge. Such knowledge is share, reuse and consume by autonomous agents. Basically Ontologies used for Communication (between human, computational systems), Computational inference (for internally representing and manipulating plans and planning information, for analyze internal structures, algorithm, inputs and outputs of implemented system in conceptual terms) and for reuse knowledge [Gruninger and J. Lee, 2002]. Ontology provides a knowledge structure for agent system. A MAS is a net of loosely coupled computational autonomous entities, known as an agent who perform activities using resources of system and interact with other agent using set of rules (interaction protocol). Agent must be able to find information and understand meaning of information. Also or performing interaction agent need common understanding of terms used in communication this can be achieve through ontology. Software agent needs this information in encoded formal language so that agents apply automated reasoning and determine accurate meaning. Ontology allows to agent annotate their information. The annotation provides background knowledge and meaning of information. OBMAS can be applicable in various fields like manufacturing, software development and financial portfolio management.

Chapter 3

Multi Agent System Tools and Standards

. Agent Oriented Programming

Agent-Oriented Programming (AOP) introduces by Yoav shoham in 1989. AOP is a new software paradigm that describes new concepts for programming which is based on cognitive and social view. This concept is influence by Artificial intelligence and Distributed system. AOP is specialized element of Object Oriented Programming (OOP). AOP model has collection of components called agents, which refer to as an entity that function continuously and autonomously. Generally agent has some basic characteristics like autonomy, proactivity and an ability to communicate. Autonomy means agents can independently perform complex task, proactivity means agents can perform a given task without an explicit input from other user. Ability of communicate means agents can interact with other entities for achieve goals. The state of an agent describe beliefs, decisions, capabilities, and obligations, such state of an agent is known as its mental state. Mental state of agents is represented through standard epistemic logics. Agent-oriented applications are peer to peer. In last few years agent technology become popular with significant degree of exploitation in commercial applications. Nowadays Multi-agent systems are being used in wide variety of applications from comparatively small systems for to open, complex and large systems for industrial applications. Examples process control, manufacturing, logistics and network management [shoham, 1993]. Three primary components of AOP systems are:

Restricted Formal Language, which describe mental state such as belief and commitment.

Interpreted Programming Language, for defining and programming agents commands such as REQUEST and INFORM.

Agentifier, which converts neutral devices into programmable agents.

3.2. Agent Oriented Programming versus Object Oriented Programming

E:\Master Thesis\Diagrams\AOP_Vs_OOP.png

Table 3.1: Comparison between Agent Oriented Programming and Object Oriented Programming

Agent Based Modeling and Simulation

Agent-based modelling and simulation method involve agents. Agents are autonomous, social, proactive, adaptable, Independent and mobile in nature. Agents have ability to learn, understand and analyse complicated environment. A system or environment of set of agents is generally known as Multi-Agent System (MAS), which able to solve complex, dynamic and social problems. Agent Based Model is able to solve scientific problem in various domain like Life Science, Social Science, GIS and Gaming Simulation. ABM helps in performing simulation on real life’s complex models, which illustrate complex structure in simple manner. Simulation is imitation of real life entities, where experiment performed using random numbers and behaviour of system on given input value is analysed. According to Shannon "The process of designing a model of a real system and conducting experiments with this model for the purpose either of understanding the behaviour of the system and/or of evaluating various strategies (within the limits imposed by a criterion or a set of criteria) for the operation of the system". Various software tools for Agents Based Modelling and Simulation are available such as NetLogo, and RePast. Researcher, student and teachers from different background like life science, social science and management wants a tool which is user friendly and helps them to develop agent based model and simulation. For help such people I am presenting a comparison between two popular Agent Based Modelling and simulation environment NetLogo and RePast.

NetLogo

NetLogo is a Programmable Agent Modeling environment for simulate a natural and social phenomenon which is open source and cross platform product. It was developed by Uri Wilensky in 1999 at Centre for Connected Learning and Computer Based Modelling at Northwester University (USA). NetLogo is dialect of Logo Language, extending concepts and constructs introduced in StarLogo and MacStarLogo [StarLogo, 2008], with effective, simple, easy to use and user friendly visualization tool.

E:\Master Thesis\Diagrams\NetLogoAll.gif

Figure 3.1: NetLogo IDE Snapshot

RePast

RePast(Recursive Porous Agent Simulation Toolkit) is an open-source and object oriented software Environment for developing agent-based simulations using Java as programming language. RePast originally developed by the Social Science Research Computing at the University of Chicago. Later, developed by the RePast Organization for Architectureand Development (ROAD) and Argonne National Laboratory.RePast provides an abstaract, user friendly, flexible, scalable and interoperable GUI environment for Agent Based Simulation of social science applications and represent simulation result through tables, charts and graphs. Repast integrates GIS data directly into simulation.

C:\Users\Avinash Navlani\Downloads\simulation.png

Figure 3.2: RePast IDE Snapshot

3.4. NetLogo versus RePast

E:\Master Thesis\Diagrams\Netlogo.png

Table 3.2: Comparison between NetLogo and RePast

3.5 FIPA (Foundation of Intelligent Physical Agent)

FIPA is an international non-profit association of companies for produce standard specifications of agent technologies in 1996. Today various distinct agent platforms, framework and projects have been available, which based upon the FIPA specifications. FIPA MAS models helpful in developing or modeling heterogeneous distributed computing services. FIPA comprises specification for Agent Communication, services, interaction and their development. FIPA has the following set of principles:

Agent technologies, which provide a new paradigm to solve old and new problems.

Some agent technologies have reached at maturity level.

Some agent technologies require standardization.

The standardization is not primary concern, but infrastructure and language required interoperations are.

3.5.1. Communication as Actions Model

FIPA model introduces agent communication through an Agent Communication Language (FIPA-ACL). ACL defines communication using function or action, which Known as Communicative Act or CA. There are various types of communication that shows agent communication e.g. agent can use of Meta-conceptual for knowledge sharing and use of directives and assertive for communicate in distributed environment. it includes various types of action or functions like Directives, Mediate, Referential or assertive function, Phatic function, Temporal functions, commissive, Meta Linguistic function and Expressive functions. CA has some belief and interaction mechanism for agents. In which Agent has own mental attitudes like goal or objective, beliefs, and intention.

E:\Master Thesis\Diagrams\communication.png

Figure 3.3: Mental Attitude of sender during sending message to receiver

3.5.2. FIPA Sub-Layers

FIPA communication separated into several sub-layers within the application layer of the classical OSI or TCP/IP stack. These layers are as follows:

• Sub-layer 1 (Transport): lowest application sub-layer protocol, which defines message transport protocols for IIOP, WAP and HTTP.

• Sub-layer 2 (Encoding): send simple byte-encoded messages by using higher-level data structures including XML, String and Bit-Efficient.

• Sub-layer 3 (Messaging): In FIPA, message structure is independent of encoding to encourage flexibility.

• Sub-layer 4 (Ontology): Ontologies specify knowledge for specific domain.

• Sub-layer 5 (Content expression): FIPA has defined guidelines for the use of general logical formulas and predicates, and algebraic for combining operations.

• Sub-layer 6 (Communicative act): classify message in terms of the action.

• Sub-layer 7 (Interaction protocol or IP): FIPA defines several interaction protocols for exchange sequences such as request, which describes one party making a request to another.

3.5.3. Service Model

FIPA Model’s services comprises by those components, which generate, consume and transform ACL messages. In general service comprises two components Abstract Architecture Model and Agent Management or Agent Platform Model. Abstract Architecture Model; specify abstract services during exchange of messages between different agents. This includes transport interoperability, support for ACL representations, various content languages and multiple directory service. Agent Management or Agent Platform Model; it is a logical

E:\Master Thesis\Diagrams\Agent Management Reference Model.png

Figure 3.4: Agent Management Reference Model

component which has agent Identifier(AID) for every agent and two basic data structures Directory Facilitator(DF) and Agent Management System(AMS).

3.5.4. FIPA Tools

Application developers use FIPA specifications enabled agent toolkits for application software development. Such toolkits help developers to develop application easily, efficiently and in minimum time. There are various FIPA agent toolkits have been developed that use sets of FIPA specifications e.g. JADE (Bellifemine, 1999), FIPA-OS (Poslad, 2000) and ZEUS (Nwana, 1999), JAS (Java Agent Services), KAoS agent toolkit (Bradshaw, 2004). These toolkits provide APIs for FIPA ACL messages, agent management, abstract agent architecture, Multi-layered support, Diagnostics and visualization tools [FIPA, 2012].

Agent Development Framework

Recently in last few years Agent Technology widely using in various industrial applications. During adopting AOP there are various issues such as how agents communicate. For the sake of convenience for in agent application development developers needs core infrastructure. It is easy to build MAS Application on top of an agent-oriented middleware. This is how developers can focus on production of business logic. There are various agent development frameworks such as JADE, Agent Factory, Zeus, and BEE-GENT. In this project I am using JADE (Java Agent Development Environment) framework because JADE is a java based, rich graphic tool, completely distributed middleware system and provide flexible infrastructure for easy extension with add-on modules.

3.7. BEE-GENT versus JADE

E:\Master Thesis\Diagrams\Untitled.png

Table 3.3: Comparison between BEE-GENT and JADE

JADE (Java Agent Development Environment)

JADE platform introduced by Tele-com Italia in 1998 for validate the early FIPA specifications. Initially JADE was used by FIPA community but features grew far beyond the FIPA specifications, also its usage by developer. JADE contributed in widespread diffusion of the FIPA specifications. Programmers can implement according to the specifications without the need to study them. JADE went open source in 2000, which was distributed by Telecom Italia under LGPL (Library Gnu Public License). JADE extended with LEAP (Lightweight Extensible Agent Platform). This extension provides Java Micro Edition and Wireless Network environment. JADE has leading feature of ability to run application on J2ME-CLDC and -CDC platforms [Bellifemine, 2007]. JADE Provide following ready use functionalities:

Fully FIPA specifications compiled.

Fully distributed systems of agents, each agent running as a separate thread on different remote machines and has ability of communication.

Efficient asynchronous messaging through location-transparent API. here messages are automatically transformed from one agent to another using FIPA compliant syntaxes, encodings and protocols.

It Implements both white pages and yellow pages services.

It provides mobility to agents.

It provides set of graphical tools support debugging and monitoring. These all functionalities are multi-threaded, multi-process, multi-machine systems on a single platform.

An extensible kernel for extend platform functionality.

It provides ontologies and content languages.

It also provide interaction protocols library.

It Integrate various Web-based technologies such as JSP, servlets, applets and Web service technology on single platform.

It also supports J2ME platform and wireless environment.

It provides In-Process Interface for launching or controlling a platform and its distributed components from an external application.

JADE Architecture

JADE (Java Agent Development Framework) provides a java framework based on FIPA standard specifications for building Multiagent systems. JADE supports JDK 1.4 and higher versions. JADE has ability to support J2ME Applications. JADE Architecture composed of containers that are distributed over the network. Containers are the Java process that provides the JADE run-time and all other services needed for hosting and executing agents. There is a special container, called the main container; where all other containers register themselves. Main Container has two special agents namely Agent Management System (AMS) and Directory Facilitator (DF) that provide white pages and yellow pages service respectively. AMS supervises entire platform and DF is used by agents to register their services or search for other available services. Main container also manages different tables like Container Table (CT), Global Agent Descriptor Table (GADT) and Local Agent Descriptor Table (LADT). Container Table (CT), which is the registry of the object references and addresses of all container of system. Global Agent Descriptor Table (GADT), which is the registry of all agents present in the platform. Every other container manages their LADT and cache of GADT. Each agent assigned an Agent Identifier (AID). AID contains agent name and its addresses

E:\Master Thesis\Diagrams\jade-architecture.png

Figure 3.5: JADE Architecture.

JADE Packages

JADE platform has hierarchy of java packages and sub-packages. Each package has classes and interfaces which implements basic functionality. The main packages of JADE platform are:

jade.core, implements the kernel of JADE, distributed run-time environment that supports the entire platform and its tools.

jade.content, its sub-packages contain the collection of classes that help programmers in creating and manipulating complex content expressions according to a given content language and ontology.

jade.domain, contains the implementation of the AMS and DF agents, according to FIPA standards.

jade.gui, contains some general-purpose ready to use Java components for building Swing-based GUIs for JADE agents.

jade.imtp, contains the JADE IMTP (Internal Message Transport Protocol) implementations.

jade.lang.acl, contains support for the FIPA Agent Communication Language (ACL).

jade.mtp, contains two basic sub-packages with an implementation based upon the HTTP protocol and one based upon the IIOP protocol.

Message Transport Service

JADE provide interoperability between different platforms through implementation of all the standard Message Transport Protocols (MTPs) defined by FIPA. JADE implements MTP with transport protocol like HTTP, IMTP (Internal Message Transport Protocol), RMI (Remote Method Invocation) and a standard encoding of the message envelope. Message Transport service of JADE is shown in figure.

E:\Master Thesis\Diagrams\Messaging Architecture.png

Figure 3.6: JADE massage transport service

JADE Implementation

An agent is created by defining a class that extends jade.core.Agent class. The agent is initialized with setup() method. All the operations that an agent performs must be carried out within behaviors. A behavior is a task carried out by an agent. It is created as an object of a class that extends jade.core.behaviors.Behavior class. The behavior can added to the agent by using addBehavior() method. Each behavior class must implement two abstract methods viz., action() and done(). Each behavior has a member variable called myAgent that points to the agent that is executing the behavior. Behavior can be aborted bycalling removeBehavior() method.

E:\Master Thesis\Diagrams\JADE.gif

Figure 3.7: JADE Remote Agent Management GUI

Agent can send and receive messages by creating an object of ACLMessage class. Then use methods like addReceiver(), setLanguage(), setOntology(), setCon-tent() etc. to set the values of the respective fields. Finally use send() method to send the message. To receive message, use receive() method. Agent can perform migration and cloning by using methods doMove() and doClone(). Destination location needs to pass through arguments.