A showcase of ÉTS researchers’ publications and other contributions

Deep-layer clustering to identify permission usage patterns of Android app categories


Downloads per month over past year

Namrud, Zakeya, Kpodjedo, Sègla, Bali, Ahmed and Talhi, Chamseddine. 2022. « Deep-layer clustering to identify permission usage patterns of Android app categories ». IEEE Access, vol. 10. pp. 24240-24254.
Compte des citations dans Scopus : 6.

[thumbnail of Talhi-C-2022-24100.pdf]
Talhi-C-2022-24100.pdf - Published Version
Use licence: Creative Commons CC BY.

Download (5MB) | Preview


With the increasing usage of smartphones in banks, medical services and m-commerce, and the uploading of applications from unofficial sources, security has become a major concern for smartphone users. Malicious apps can steal passwords, leak details, and generally cause havoc with users’ accounts. Current anti-virus programs rely on static signatures that need to be changed periodically and cannot identify zero-day malware. The Android permission system is the central security mechanism that regulates the execution of application tasks. Although recent advances in research have provided various approaches and detection methods for finding malware apps, the available literature lacks a full analysis of this subject. We fill this gap by: 1) Systematically and automatically building a large dataset of malware and benign apps, which we have made available to the community. Our dataset has around 16K apps and 118 features. 2) We offer a novel approach for automatically identifying permission usage patterns, which are groupings of permissions that developers frequently utilise together. The approach combines SOM and K-means clustering algorithms to classify permissions according to app usage categories. The results demonstrate that the proposed methodology is able to detect most of the consistent and coherent permission usage patterns across a wide variety of application categories. To assess our strategy, we add the identified patterns as features to our dataset and then apply an SVM classifier for malware detection. Our results indicate that the identified patterns improve the performance of the classifier.

Item Type: Peer reviewed article published in a journal
Talhi, Chamseddine
Affiliation: Génie logiciel et des technologies de l'information
Date Deposited: 22 Mar 2022 20:39
Last Modified: 23 Jun 2022 13:14

Actions (login required)

View Item View Item