Contrasting permission patterns between clean and malicious android applications

Veelasha Moonsamy, Jia Rong, Shaowu Liu, Gang Li, Lynn Batten

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

8 Citations (Scopus)


The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both required and used permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.

Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks - 9th International ICST Conference, SecureComm 2013, Revised Selected Papers
EditorsTanveer Zia, Morley Mao, Albert Zomaya, Vijay Varadharajan
PublisherSpringer-Verlag London Ltd.
Number of pages17
ISBN (Print)9783319042824
Publication statusPublished - 1 Jan 2013
Externally publishedYes
EventInternational Conference on Security and Privacy for Communication Networks2013 - Sydney, Australia
Duration: 25 Sept 201328 Sept 2013
Conference number: 9th (Proceedings)

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume127 LNICST
ISSN (Print)1867-8211


ConferenceInternational Conference on Security and Privacy for Communication Networks2013
Abbreviated titleSecureComm 2013
Internet address


  • Android permission
  • Contrast mining
  • Malware detection
  • Permission pattern

Cite this