With the exponential use of mobile phones to handle sensitive information, the intrusion

systems development has also increased. Malicious software is constantly being developed
and the intrusion techniques are increasingly more sophisticated. Security protection systems
trying to counteract these intrusions are constantly being improved and updated. Being
Android one of the most popular operating systems, it became an intrusion’s methods
development target. Developed security solutions constantly monitor their host system and by
accessing a set of defined parameters they try to find potentially harmful changes. An
important topic when addressing malicious applications detection is the malware identification
and characterization. Usually, to separate the normal system behavior from the malicious
behavior, security systems employ machine learning or data mining techniques. However, with
the constant evolution of malicious applications, such techniques are still far from being
capable of completely responding to the market needs. This dissertation aim was to verify if
malicious behavior patterns definition is a viable way of addressing this challenge. As part of
the proposed research two data mining classification models were built and tested with the
collected data, and their performances were compared. the RapidMiner software was used for
the proposed model development and testing, and data was collected from the FlowDroid
application. To facilitate the understanding of the security potential of the Android framework,
research was done on the its architecture, overall structure, and security methods, including its
protection mechanisms and breaches. It was also done a study on models threats/attacks’
description, as well as, on the current existing applications for anti-mobile threats, analyzing
their strengths and weaknesses.