In telecommunications network security systems and methods there are two known security models: intrusion prevention and intrusion detection. Intrusion prevention is typically active, while intrusion detection is passive, e.g. is used for reporting. There are several kinds of intrusion prevention systems, including network based and host based.
Intrusion detection systems constantly monitor the communications that flow in the network, which they protect and intercept or drop suspicious network traffic, as well as issue an alert to the network administrator. The process of intercepting or dropping suspicious traffic ensures the security of the network.
With mobile communication device computing, including smart-phones, tablets etc., becoming more popular, and public wireless networks becoming more common, the issue of security for mobile devices is becoming a greater concern. Currently, for mobile devices, no intrusion detection or prevention system is available.
The reason behind this lack of solutions for mobile devices is the fact that the intrusion detection and prevention systems are very resource intensive—i.e. they require intensive calculations from the CPU in order to perform the packet inspection process as well as the complex processing of application level protocols. This also drains the battery of the mobile devices, further complicating the matter.
In addition, attackers are constantly improving their attacks and techniques, constantly evolving, with the security industry in a constant race to catch up. One of the new types of attacks that are becoming common is using a hotspot to steal user information, user accounts, personal information etc., from unaware users who are connected to the same network as the attacker. The user whose information is being stolen, is completely unaware of this information theft.
For example, an enterprise user (hereinafter, the user) is in a mobile network with his mobile device connected to the Internet. A router and other devices may be connected to the network. Someone on the same network may try to attack his mobile device through the network. As both devices get network data, the attacking device can see the user's device. The attacker may have a mobile device or a computer in the same network. The attacker tries to do something malicious by sending the user a packet of network data. The user's device needs to interpret the network data in order to understand that there was an attack.
Thus, it would be advantageous to provide intrusion detection and/or prevention system for mobile devices.