Abstract: Mitigation of bot networks in wireless networks and/or on mobile devices is provided. A botnet detection component is provided that inspects data traffic and data flows on the wireless network to identify mobile devices that are suspected of behaving as bots. A traffic profile of the suspected bot behavior can be generated and forwarded to the mobile devices that are suspected of behaving as bots. The mobile device can correlate data traffic on the device to the traffic profile in order to identify applications responsible for the suspected bot behavior, and remove the identified applications.

Abstract: Methods and apparatus to migrate a mobile device from a first virtual private mobile network to a second virtual private mobile network are disclosed. An example apparatus includes a processor and a memory including instructions that cause the processor to perform operations including determining, based on a set of latency routing rules, that a communication transmitted via the first virtual private mobile network is a latency sensitive communication. In response to determining the communication is a latency sensitive communication, the mobile device that originated the latency sensitive communication is identified. The mobile device is communicating via the first virtual private mobile network. Example operations also include migrating the mobile device from the first virtual private mobile network to the second virtual private mobile network wherein the second virtual private mobile network is configured to reduce the latency of the latency sensitive communication.

Abstract: Methods and apparatus to configure virtual private mobile networks are disclosed. Example methods include provisioning a virtual private mobile network within a wireless network, and, after provisioning the virtual private mobile network, determining whether a first communication from a user equipment matches a security event profile. When the first communication matches the profile, the example methods include transmitting, from the wireless network via a first base transceiver station, an instruction to cause the user equipment to be communicatively coupled to the virtual private mobile network. The example methods further include instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station and through the virtual private mobile network. In the example methods, the virtual private mobile network is isolated in a wireless spectrum from other portions of the network.

Abstract: Methods and apparatus to configure virtual private mobile networks with virtual private networks are disclosed. A disclosed example method includes logically provisioning, for a client, the virtual private mobile network to process wireless network communications associated with the client that correspond to a specified address space of the client, provisioning at least a portion of a server within a cloud computing data center to host resources for the client, and configuring at least a portion of an edge router of the cloud computing data center to transmit the wireless network communications between the portion of the server and the virtual private mobile network.

Abstract: Methods and apparatus to migrate a mobile device from a first virtual private mobile network to a second virtual private mobile network are disclosed. An example apparatus includes a processor and a memory including instructions that cause the processor to perform operations including determining, based on a set of latency routing rules, that a communication transmitted via the first virtual private mobile network is a latency sensitive communication. In response to determining the communication is a latency sensitive communication, the mobile device that originated the latency sensitive communication is identified. The mobile device is communicating via the first virtual private mobile network. Example operations also include migrating the mobile device from the first virtual private mobile network to the second virtual private mobile network wherein the second virtual private mobile network is configured to reduce the latency of the latency sensitive communication.

Abstract: Methods and apparatus to configure virtual private mobile networks are disclosed. Example methods include provisioning a virtual private mobile network within a wireless network, and, after provisioning the virtual private mobile network, determining whether a first communication from a user equipment matches a security event profile. When the first communication matches the profile, the example methods include transmitting, from the wireless network via a first base transceiver station, an instruction to cause the user equipment to be communicatively coupled to the virtual private mobile network. The example methods further include instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station and through the virtual private mobile network. In the example methods, the virtual private mobile network is isolated in a wireless spectrum from other portions of the network.

Abstract: Methods and apparatus to configure virtual private mobile networks for latency are disclosed. A disclosed example method includes provisioning logically a virtual private mobile network within a wireless network to reduce latency of a communication associated with a latency sensitive application, determining a mobile device is communicatively coupling to the wireless network via the latency sensitive application, and coupling the mobile device to the virtual private mobile network to reduce latency of the communication associated with the latency sensitive application.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: Methods and apparatus to configure virtual private mobile networks for security are disclosed. A disclosed example method includes identifying, in a wireless network, a communication from a user equipment that matches a security event profile, transmitting, from the wireless network, an instruction to enable the user equipment to be communicatively coupled to a virtual private mobile network, the virtual private mobile network being provisioned for security within the wireless network, and enabling the user equipment to transmit a second communication through the virtual private mobile network securely isolated from other portions of the wireless network.

Abstract: Mitigation of bot networks in wireless networks and/or on mobile devices is provided. A botnet detection component is provided that inspects data traffic and data flows on the wireless network to identify mobile devices that are suspected of behaving as bots. A traffic profile of the suspected bot behavior can be generated and forwarded to the mobile devices that are suspected of behaving as bots. The mobile device can correlate data traffic on the device to the traffic profile in order to identify applications responsible for the suspected bot behavior, and remove the identified applications.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: Mitigation of bot networks in wireless networks and/or on mobile devices is provided. A botnet detection component is provided that inspects data traffic and data flows on the wireless network to identify mobile devices that are suspected of behaving as bots. A traffic profile of the suspected bot behavior can be generated and forwarded to the mobile devices that are suspected of behaving as bots. The mobile device can correlate data traffic on the device to the traffic profile in order to identify applications responsible for the suspected bot behavior, and remove the identified applications.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: A system for transferring data between devices with user via a short range wireless communication system is disclosed. The system may include a first device configured to activate an intuitive interface on the first device having a system for proximity based ad-hoc data sharing between the first device with an intuitive interface and at least a second device with an intuitive interface. Once, the first device is determined to be within range of a second device with proximity based ad-hoc data sharing, data may be received by the intuitive interface on the first device and data may be sent from the intuitive interface on the first device to an intuitive interface on the second device using an intuitive interface on the first device without relying on an external communication network. The data may be transferred with a single click to the receiving device in a paste-to format.

Abstract: Mitigation of malicious software in wireless networks and/or on mobile devices is provided. A mobile malicious software mitigation component is provided that obtains an internet protocol address that is exhibiting malicious software behavior, a profile of the malicious software behavior, and a time of the malicious software behavior. The malicious software mitigation component can determine an identity of a mobile device that was assigned the internet protocol address during the time it was exhibiting malicious software behavior, and transmit the profile to the mobile device. In addition, the malicious software mitigation component determine if the duration of the assignment of the internet protocol address to the mobile device is sufficient for positive identification.

Abstract: A method, computer-readable medium, and system for analyzing backbone traffic to determine compromised hosts from among hosts on a network are provided. The backbone traffic includes data flows. Each of the data flows is analyzed to determine peer-to-peer data flows from among the data flows. Each of the peer-to-peer data flows is one of the data flows having a source address and a destination address that are each unassociated with a domain name. The peer-to-peer data flows are analyzed to determine the compromised hosts from among the hosts. Each of the compromised hosts is interconnected with another of the compromised hosts via at least one of the peer-to-peer data flows.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: Methods and apparatus to configure virtual private mobile networks with virtual private networks are disclosed. A disclosed example method includes logically provisioning, for a client, the virtual private mobile network to process wireless network communications associated with the client that correspond to a specified address space of the client, provisioning at least a portion of a server within a cloud computing data center to host resources for the client, and configuring at least a portion of an edge router of the cloud computing data center to transmit the wireless network communications between the portion of the server and the virtual private mobile network.

Abstract: Methods and apparatus to configure virtual private mobile networks for security are disclosed. A disclosed example method includes identifying, in a wireless network, a communication from a user equipment that matches a security event profile, transmitting, from the wireless network, an instruction to enable the user equipment to be communicatively coupled to a virtual private mobile network, the virtual private mobile network being provisioned for security within the wireless network, and enabling the user equipment to transmit a second communication through the virtual private mobile network securely isolated from other portions of the wireless network.

Abstract: A method, computer-readable medium, and system for analyzing backbone traffic to determine compromised hosts from among hosts on a network are provided. The backbone traffic includes data flows. Each of the data flows is analyzed to determine peer-to-peer data flows from among the data flows. Each of the peer-to-peer data flows is one of the data flows having a source address and a destination address that are each unassociated with a domain name. The peer-to-peer data flows are analyzed to determine the compromised hosts from among the hosts. Each of the compromised hosts is interconnected with another of the compromised hosts via at least one of the peer-to-peer data flows.