Abstract: A method of detecting an unauthorised communication from a network node in a telecommunication network is disclosed, and a network node implementing the method. Network messages are received in the telecommunication network, and statistical patterns inherent to a sequence of received network messages are generated from a plurality of identifier values associated with a legitimate network node, wherein each identifier value has been encoded by the legitimate network node in a respective network message. An identifier value encoded in a subsequently-received network message of a signalling network node is then compared with one or more of the statistical patterns and one or more unsuccessful comparisons cause the signalling network node to be detected as an unauthorised network node.

Abstract: A method for identification of malicious activity based on analysis of a travel path of a mobile device through multiple geographic areas includes receiving at least three location data associated with the mobile communication device, the first location data comprising indication of the geographic area of the mobile subscriber and a receipt timestamp; determining the actual travel time of the mobile subscriber from the first geographic area and the third geographic area based on a difference between timestamps of the first location data and the third location data; determining a minimum transition time for the subscriber of the mobile device to move from the first geographic area to the third geographic area; and identifying a malicious activity based on comparison of the actual travel time and the minimum transition time wherein actual travel time is less than minimum transition time between the first geographic area and the third geographic area.

Abstract: A method for identification of malicious activity based on analysis of a travel path of a mobile device through multiple geographic areas includes receiving at least three location data associated with the mobile communication device, the first location data comprising indication of the geographic area of the mobile subscriber and a receipt timestamp; determining the actual travel time of the mobile subscriber from the first geographic area and the third geographic area based on a difference between timestamps of the first location data and the third location data; determining a minimum transition time for the subscriber of the mobile device to move from the first geographic area to the third geographic area; and identifying a malicious activity based on comparison of the actual travel time and the minimum transition time wherein actual travel time is less than minimum transition time between the first geographic area and the third geographic area.

Abstract: A method for identification of malicious activity based on analysis of a travel path of a mobile device through multiple geographic areas includes receiving at least three location data associated with the mobile communication device, the first location data comprising indication of the geographic area of the mobile subscriber and a receipt timestamp; determining the actual travel time of the mobile subscriber from the first geographic area and the third geographic area based on a difference between timestamps of the first location data and the third location data; determining a minimum transition time for the subscriber of the mobile device to move from the first geographic area to the third geographic area; and identifying a malicious activity based on comparison of the actual travel time and the minimum transition time wherein actual travel time is less than minimum transition time between the first geographic area and the third geographic area.

Abstract: A method of detecting an unauthorised communication from a network node in a telecommunication network is disclosed, and a network node implementing the method. Network messages are received in the telecommunication network, and statistical patterns inherent to a sequence of received network messages are generated from a plurality of identifier values associated with a legitimate network node, wherein each identifier value has been encoded by the legitimate network node in a respective network message. An identifier value encoded in a subsequently-received network message of a signalling network node is then compared with one or more of the statistical patterns and one or more unsuccessful comparisons cause the signalling network node to be detected as an unauthorised network node.

Abstract: The invention provides a security system and method for use in a communications network, said network comprising means to allow a plurality of devices to communicate over the network wherein at least one device is a machine to machine (M2M) operated device and at least one other device is a human operated device, said security system comprising: means to capture data traffic originating from the plurality of devices on the network; means for analysing the data traffic; and means for identifying at least one of the M2M operated devices on the network wherein the system is configured to dynamically adapt to different data traffic patterns on the network.

Abstract: The invention provides a security system and method for use in a communications network, said network comprising means to allow a plurality of devices to communicate over the network wherein at least one device is a machine to machine (M2M) operated device and at least one other device is a human operated device, said security system comprising: means to capture data traffic originating from the plurality of devices on the network; means for analysing the data traffic; and means for identifying at least one of the M2M operated devices on the network wherein the system is configured to dynamically adapt to different data traffic patterns on the network.

Abstract: The invention provides a system and method for filtering unsolicited network messaging in a network comprising at least one remote messaging device, at least one data routing device and at least one remote destination device. The invention provides a means for determining a probability of the network message being unsolicited; and means for translating a first network address into a second network address associated with unsolicited network messaging when the probability determining means indicates a high probability of unsolicited network messaging. In a further embodiment there is provided a means for translating the first network address into the at least one second network address associated with legitimate network messaging, when the probability determining means indicates a low probability of unsolicited network messaging.