摘要： 分布式入侵检测系统的模块间需要进行安全通信，但是目前存在的安全通信协议不能充分保证系统通信的安全性。为满足入侵检测系统中模块间通信可靠、机密、身份认证、数据完整及新鲜的需求，该文提出了一个基于TCP 协议的模块间传输安全(MTS)协议。MTS协议由握手子协议和密文传输子协议构成，前者用于协商会话密钥及通信双方的身份认证，后者则使用协商的会话密钥实现数据的安全传输。最后验证了MTS 协议的安全性，并在开放的分布式入侵检测系统(ODIDS)中实现了该协议。

关键词: 入侵检测系统；安全通信协议；协议设计；形式化验证；Murphi

Abstract: The current secure communication protocols can not completely meet the secure requirements of communication between modules in the distributed intrusion detection system, which is reliability, confidentiality, identify authentication, data integrity and freshness. The paper proposes the module transfer security (MTS) protocol based on TCP, which includes the handshake protocol and the cryptograph transfer protocol, the former provides identify authentication and negotiation about conversation key, and the latter guarantees data secure transmission. At last, it verifies the security of MTS protocol, and then implements it in ODIDS.

Key words: Intrusion detection system; Secure communication protocol; Protocol design; Formal verification; Murphi