{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T05:50:59Z","timestamp":1767851459884,"version":"3.49.0"},"reference-count":35,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2011,9,30]],"date-time":"2011-09-30T00:00:00Z","timestamp":1317340800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2011,9,30]]},"abstract":"<jats:p>The increasing complexity of software systems along with expanding connectivity has necessitated the evolution of an integrated security framework adopting innovative techniques for secure software systems. This paper proposes a layered security architecture for threat management using a multi-agent system to meet the above objective. Layer- 1 of this framework is designed for elicitation of realistic and flawless security requirements. Layer-2 uses a Multi-Agent system planning for avoidance of threats optimally. In this mechanism autonomous agents interact and coordinate with each other to achieve the common goal of software security. An adaptive defense mechanism using Meta-Agents in multi-agent system in conjunction with fuzzy logic to counter the adaptive and compound threats is the responsibility of Layer-3. Guidelines proposed in this paper have augmented this security architecture as a two-fold defensive strategy to ensure that a hacker is not able to tamper data even if they penetrate the periphery defenses. These proactive steps can be implemented during the design and development phases of the software life cycle in an incremental way as per the budget and security requirements of a software project. A case study on internet banking is included in the paper to describe the proposed security framework.<\/jats:p>","DOI":"10.1145\/2020976.2020984","type":"journal-article","created":{"date-parts":[[2011,10,11]],"date-time":"2011-10-11T14:29:02Z","timestamp":1318343342000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Layered security architecture for threat management using multi-agent system"],"prefix":"10.1145","volume":"36","author":[{"given":"Vandana","family":"Gandotra","sequence":"first","affiliation":[{"name":"University of Delhi, Delhi-110007, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Archana","family":"Archana Singhal","sequence":"additional","affiliation":[{"name":"University of Delhi, Delhi-110007, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Punam","family":"Bedi","sequence":"additional","affiliation":[{"name":"University of Delhi, Delhi-110007, India"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,9,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04441-0_62"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.28945\/930"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/581339.581370"},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of Sixth International Conference on Signal Processing, IEEE, 1091--1095","author":"Changwen Q."},{"key":"e_1_2_1_5_1","unstructured":"Davis N. 2005. Secure Software Development Life Cycle Processes: A Technology Scouting Report {Report}. Software Engineering Institute Carnegie Mellon University Pittsburgh.  Davis N. 2005. Secure Software Development Life Cycle Processes: A Technology Scouting Report {Report}. Software Engineering Institute Carnegie Mellon University Pittsburgh."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of 12th Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ'06)","author":"Diallo M.H."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSEA.2009.65"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARTCom.2009.38"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of IEEE 2nd International Conference on Computer Engineering and Technology, 417--422","author":"Gandotra V."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180418"},{"key":"e_1_2_1_11_1","unstructured":"Howard M. and LeBlanc D. 2003. Writing Secure Code Microsoft Press.   Howard M. and LeBlanc D. 2003. Writing Secure Code Microsoft Press."},{"key":"e_1_2_1_12_1","volume-title":"Inner Produts. In Proceedings of EUROCRYPT, Turkey, 146--162","author":"Katz J."},{"key":"e_1_2_1_13_1","volume-title":"Modeling and Quantification of Security Attributes of Software System. In Proceedings of the International Conference on Dependable Systems and Networks","author":"Madan B.B.","year":"2002"},{"key":"e_1_2_1_14_1","volume-title":"International Journal of Man-Machine Studies","author":"Mamdani E.H.","year":"1976"},{"key":"e_1_2_1_15_1","volume-title":"Software Security: Building Security In","author":"McGraw G.","year":"2006"},{"key":"e_1_2_1_16_1","first-page":"122","article-title":"Approach to solving security Problems Using Meta-Agents in Multi Agent System. In 2nd International KMS Symposium on Agents and Multi-Agent Systems: Technologies and Applications","volume":"4953","author":"Moradian E.","year":"2008","journal-title":"LNAI"},{"key":"e_1_2_1_17_1","volume-title":"LNCS","volume":"2010","author":"Moradian E.","year":"2010"},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of symposium on Requirement Engineering for information Security (SREIS)","author":"Myagmar S."},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 10th IASTED International Conference on Software Engineering and Applications (SEA 2006","author":"Oladimeji E.","year":"2006"},{"key":"e_1_2_1_20_1","volume-title":"Observations on Security Requirements Engineering. Symposium on Requirements Engineering for Information Security.","author":"Olthoff K.G.","year":"2001"},{"key":"e_1_2_1_21_1","unstructured":"Paget F. 2008. Report on Financial Fraud and Internet Banking: Threats and Countermeasures {Report} McAfee http:\/\/www.mcafee.com\/us\/local_content\/reports\/6168rpt_fraud_0409.pdf 2008.  Paget F. 2008. Report on Financial Fraud and Internet Banking: Threats and Countermeasures {Report} McAfee http:\/\/www.mcafee.com\/us\/local_content\/reports\/6168rpt_fraud_0409.pdf 2008."},{"key":"e_1_2_1_22_1","volume-title":"University of Skovde","author":"Philiparning B.","year":"2008"},{"key":"e_1_2_1_23_1","unstructured":"Pressman R.S. 2005. Software Engineering A Practitioner's Approach McGraw Hill.   Pressman R.S. 2005. Software Engineering A Practitioner's Approach McGraw Hill."},{"key":"e_1_2_1_24_1","unstructured":"Runan M. 2001. Planning with Agents. Matrikelnummer: 1008277 (2001).  Runan M. 2001. Planning with Agents. Matrikelnummer: 1008277 (2001)."},{"key":"e_1_2_1_25_1","unstructured":"Swiderski F. and Synder W. 2005. Threat Modeling Microsoft Press.   Swiderski F. and Synder W. 2005. Threat Modeling Microsoft Press."},{"key":"e_1_2_1_26_1","unstructured":"Schneier B. 1999. Attack trees: Modeling security Threats. Dr. Dobb's Journal December 1999.  Schneier B. 1999. Attack trees: Modeling security Threats. Dr. Dobb's Journal December 1999."},{"key":"e_1_2_1_27_1","unstructured":"Schneier B. 2000. Secrets and lies: Digital security in a networked world. John Wiley & Sons.   Schneier B. 2000. Secrets and lies: Digital security in a networked world. John Wiley & Sons."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems","author":"Sindre G."},{"issue":"3","key":"e_1_2_1_29_1","first-page":"70","article-title":"Software Security Risk Analysis using Fuzzy Expert System. In Journal of INFOCOMP","volume":"7","author":"Sodiya A.S.","year":"2007","journal-title":"Journal of Computer Science, Brazil"},{"key":"e_1_2_1_30_1","unstructured":"Symantec Global Internet Security threat Report Trends for 2009 volume XV Published in April 2010.  Symantec Global Internet Security threat Report Trends for 2009 volume XV Published in April 2010."},{"key":"e_1_2_1_31_1","volume-title":"Division of Leaisure and Entertainment","author":"Glenn W.","year":"2007"},{"key":"e_1_2_1_32_1","volume-title":"Agent Based Software Engineering. IEEE Proc. Software Engineering\"","volume":"144","author":"Woolridge M.","year":"1997"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Witkowska J. 2006. The Quality of Obfuscation and Obfuscation Techniques. LNCS in Biometrics Computer Security Systems and artificial Intelligence applications Part II 175--182.  Witkowska J. 2006. The Quality of Obfuscation and Obfuscation Techniques. LNCS in Biometrics Computer Security Systems and artificial Intelligence applications Part II 175--182.","DOI":"10.1007\/978-0-387-36503-9_16"},{"key":"e_1_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Zadeh L.A. 1965. Fuzzy sets Information and Control 338--353.  Zadeh L.A. 1965. Fuzzy sets Information and Control 338--353.","DOI":"10.1016\/S0019-9958(65)90241-X"},{"key":"e_1_2_1_35_1","unstructured":"Zadeh L.A. Klir J.G. and Yuan B.B. 2009. Fuzzy Sets Fuzzy Logic and Fuzzy Systems: Selected Papers by Lofti A. Zadeh. Volume 6.  Zadeh L.A. Klir J.G. and Yuan B.B. 2009. Fuzzy Sets Fuzzy Logic and Fuzzy Systems: Selected Papers by Lofti A. Zadeh. Volume 6."}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2020976.2020984","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2020976.2020984","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:22Z","timestamp":1750240462000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2020976.2020984"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,9,30]]},"references-count":35,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2011,9,30]]}},"alternative-id":["10.1145\/2020976.2020984"],"URL":"https:\/\/doi.org\/10.1145\/2020976.2020984","relation":{},"ISSN":["0163-5948"],"issn-type":[{"value":"0163-5948","type":"print"}],"subject":[],"published":{"date-parts":[[2011,9,30]]},"assertion":[{"value":"2011-09-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}