Abstract: A method for identification of malicious activity based on analysis of a travel path of a mobile device through multiple geographic areas includes receiving at least three location data associated with the mobile communication device, the first location data comprising indication of the geographic area of the mobile subscriber and a receipt timestamp; determining the actual travel time of the mobile subscriber from the first geographic area and the third geographic area based on a difference between timestamps of the first location data and the third location data; determining a minimum transition time for the subscriber of the mobile device to move from the first geographic area to the third geographic area; and identifying a malicious activity based on comparison of the actual travel time and the minimum transition time wherein actual travel time is less than minimum transition time between the first geographic area and the third geographic area.

Abstract: A system for securing control plane traffic in a sliced communication network that is adapted to run a plurality of network functions includes a plurality of security guards, each placed at an edge of an internal security zone, wherein the internal security zone is formed by grouping one or more network functions. Each security guard is configured to receive an incoming message from a requestor external to corresponding internal security zone and validate the extracted information against each other, and against a service specification policy for the communication network, and against threat intelligence analytics data. Each security guard is configured to compute one or more risk scores indicating risk perception or incidence of attack for its associated internal security zone and to initiate one or more attack preventive measures if a computed risk score exceeds a predetermined threshold. such as modifying or correcting or dropping the incoming message.

Abstract: A method of detecting an unauthorised communication from a network node in a telecommunication network is disclosed, and a network node implementing the method. Network messages are received in the telecommunication network, and statistical patterns inherent to a sequence of received network messages are generated from a plurality of identifier values associated with a legitimate network node, wherein each identifier value has been encoded by the legitimate network node in a respective network message. An identifier value encoded in a subsequently-received network message of a signalling network node is then compared with one or more of the statistical patterns and one or more unsuccessful comparisons cause the signalling network node to be detected as an unauthorised network node.

Abstract: A method for identification of malicious activity based on analysis of a travel path of a mobile device through multiple geographic areas includes receiving at least three location data associated with the mobile communication device, the first location data comprising indication of the geographic area of the mobile subscriber and a receipt timestamp; determining the actual travel time of the mobile subscriber from the first geographic area and the third geographic area based on a difference between timestamps of the first location data and the third location data; determining a minimum transition time for the subscriber of the mobile device to move from the first geographic area to the third geographic area; and identifying a malicious activity based on comparison of the actual travel time and the minimum transition time wherein actual travel time is less than minimum transition time between the first geographic area and the third geographic area.

Abstract: The invention provides a system and method for filtering unsolicited network messaging in a network comprising at least one remote messaging device, at least one data routing device and at least one remote destination device. The invention provides a means for determining a probability of the network message being unsolicited; and means for translating a first network address into a second network address associated with unsolicited network messaging when the probability determining means indicates a high probability of unsolicited network messaging. In a further embodiment there is provided a means for translating the first network address into the at least one second network address associated with legitimate network messaging, when the probability determining means indicates a low probability of unsolicited network messaging.