According to one or more embodiments, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can include establishing a wireless connection to a wireless network. The operations can further include receiving, via the wireless connection, data from a gateway device, that has been communicated via a network device of a publicly accessible network, wherein the data has been compared, by the gateway device, to a template of anomalous activity.

Methods and systems described in this disclosure for protecting one or more consumer accounts. In one implementation, the system includes a security device and a portable computing device. The portable computing device detects whether it is in proximity to the security device. When the portable computing device is in proximity to the security device, one or more consumer accounts associated with the portable computing device is permitted to be used in a transaction. When the portable computing device is not in proximity to the security device, one or more consumer accounts is prevented from being used in the transaction.

A mobile device collects received information and processes it. In some instances, the mobile device detects, based on the collected information, that a base station is likely not legitimate, i.e., it is likely a fake base station, and the mobile device bars communication with the base station for a time. In some embodiments, the mobile device determines, based on the received information, that the base station is a genuine base station. When the mobile device determines that the base station is a genuine base station or the mobile device does not determine that it is likely the base station is a fake base station, the mobile device allows or continues communication with the base station.

A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

A method for checking the association of radio nodes and objects to a radio environment with a radio node set having at least three radio nodes spaced apart from one another, each with a radio interface and its separate timer, wherein at least two radio nodes are reference radio nodes with known distances from one another and at least one radio node is a test radio node, the association of which with the radio environment of the reference radio node is checked. During a measuring process, signals are emitted and received by radio nodes of the radio node set, wherein at least two radio nodes of the radio node set operate as transceivers and at least one radio node exclusively operates as a transmitter or exclusively operates as a receiver or a transceiver.

A man-in-the-middle protection module can monitor data traffic exchanged between a source and destination nodes over a source-destination link via a network. The module can utilize a traffic probe packet to determine a packet delay associated with the data traffic. The module can store the packet delay and can determine that the packet delay is greater than a normal packet delay. If so, the module can determine that an attacker has compromised the source-destination link. The module can command a virtual machine associated with the source node to be decommissioned. The module can instruct a virtualization orchestrator to create a new source node. The data traffic can be rerouted to be exchanged between the new source node and the destination node over a new source-destination link via the network. The module can create and send fake data traffic towards the MitM attacker over the source-destination link via the network.

An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

A method and device for providing notification of improper access to secure data on a mobile device. The mobile device detects a request to record content displayed on a display of the mobile device. A determination is then made regarding whether the content that was displayed on the screen when the request to record was received is protected content. If the displayed content was protected, then a third party is notified that a security breach has been detected. A remedial action is also performed regarding the security breach. A device may receive protected content on a mobile device from a third party computer. A device may display the protected content and non-protected content on a display on the mobile device. A device may receive a request to record the protected content and the non-protected content currently displayed on the display on the mobile device. A device may determine whether the protected content is currently on the display on the mobile device. A device may notify the third party computer of the request to record the protected content. A device may take remedial action.

A method and device for providing notification of improper access to secure data on a mobile device. The mobile device detects a request to record content displayed on a display of the mobile device. A determination is then made regarding whether the content that was displayed on the screen when the request to record was received is protected content. If the displayed content was protected, then a third party is notified that a security breach has been detected. A remedial action is also performed regarding the security breach. A device may receive protected content on a mobile device from a third party computer. A device may display the protected content and non-protected content on a display on the mobile device. A device may receive a request to record the protected content and the non-protected content currently displayed on the display on the mobile device. A device may determine whether the protected content is currently on the display on the mobile device. A device may notify the third party computer of the request to record the protected content. A device may take remedial action.