The security risks and threats that impact wired and wireless networks are now applicable to mobile telecommunication networks. Threat detection systems should be more intelligent because threats are becoming more dangerous. An intrusion detection system (IDS) is a potential network security solution for protecting the confidentiality, integrity, and availability of user data and information resources. A fast and effective IDS for mobile networks that does not violate the user's privacy or the network's QoS is required. This paper offers a set of flow-based features that can be utilized for mobile network traffic as a prerequisite for a privacy-aware and QoS-robust IDS. The principal component analysis (PCA) method was used for reduction of the features. Twelve features in six groups, which represent the user data in mobile traffic, were extracted and evaluated for IDSs. The evaluation process achieved a F-measure weighted average equal to 0.834, and the experimental time was equal to 12.9 seconds. The accomplished measurements have demonstrated the applicability of the proposed set of features.