Mining permission patterns for contrasting clean and malicious android applications

• A pattern mining algorithm is proposed to identify contrast permission patterns.
• We collected a new dataset with 1227 clean Android applications.
• We considered both required and used permission.
• Biclustering method has been employed to provide visualization.
• The permission patterns show big contrasts between clean apps and malware.

An Android application uses a permission system to regulate the access to system resources and users’ privacy-relevant information. Existing works have demonstrated several techniques to study the required permissions declared by the developers, but little attention has been paid towards used permissions. Besides, no specific permission combination is identified to be effective for malware detection. To fill these gaps, we have proposed a novel pattern mining algorithm to identify a set of contrast permission patterns that aim to detect the difference between clean and malicious applications. A benchmark malware dataset and a dataset of 1227 clean applications has been collected by us to evaluate the performance of the proposed algorithm. Valuable findings are obtained by analyzing the returned contrast permission patterns.