Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers

Research Article

Contrasting Permission Patterns between Clean and Malicious Android Applications

Download
370 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-04283-1_5,
        author={Veelasha Moonsamy and Jia Rong and Shaowu Liu and Gang Li and Lynn Batten},
        title={Contrasting Permission Patterns between Clean and Malicious Android Applications},
        proceedings={Security and Privacy in Communication Networks. 9th International ICST Conference, SecureComm 2013, Sydney, NSW, Australia, September 25-28, 2013, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2014},
        month={6},
        keywords={Android Permission Malware Detection Contrast Mining Permission Pattern},
        doi={10.1007/978-3-319-04283-1_5}
    }
    
  • Veelasha Moonsamy
    Jia Rong
    Shaowu Liu
    Gang Li
    Lynn Batten
    Year: 2014
    Contrasting Permission Patterns between Clean and Malicious Android Applications
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-04283-1_5
Veelasha Moonsamy1,*, Jia Rong1,*, Shaowu Liu1,*, Gang Li1,*, Lynn Batten1,*
  • 1: Deakin University
*Contact email: v.moonsamy@research.deakin.edu.au, jiarong@acm.org, swliu@deakin.edu.au, gang.li@deakin.edu.au, lynn.batten@deakin.edu.au

Abstract

The platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both and permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.