For your iOS device switch to TeamViewer.com. It is free for personal use, and close the VNC port porwarding on your router.
ssh is a wonderful tool, but it is not easy to setup and very picky about a lot of little details, that if not just right, ssh will not do what you ask, because it feels the setup is not secure. That is good, but a pain to get it right. Getting an ssh tunnel with VNC running over it from an iOS device is a function of the VNC client.
TeamViewer will be easier.
The probes are coming from bot networks. Thousands of compromised Windows systems that their oowners do not know are part if a bot network. The bit network scans the internet looking for IP addresses with well open standard ports (VNC, Windows RDC, AFP/CIFS/SMB file sharing, ssh, etc…), and when they find them, they pass the IP addresses to the other bots. Then they pound on the open ports.
Stealth mode on your router only works if you do not have any open ports that are responding to requests, such as your VNC port 5900. Also stealth mode is most useful when they do not know you exist. Now that they have found a responding IP address, they will have you on their list for awhile.
However, going to stealth after closing all open ports on your router, will mean it will have to do less work on each bot probe, as in stealth mode it does not need to respond, saving it some effort, that it can devote to your network traffic. But you need to get those ports closed. You can use the Shields Up service at <http://www.grc.com> To scan your router and verify if you have closed all ports and are in stealth mode.
If you do not switch to TeanViewer, then at least have your router forward a high numbered port of your choosing to port 5900 on your Mac, have the iOS device specify that port when making VNC connections. It is not as good as using TeamViewer, but better than having a well known port open on your router.