Jump to content

Inference attack: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Adding short description: "Data mining technique" (Shortdesc helper)
SALtepi7 (talk | contribs)
19 edits
No edit summary
Line 2: Line 2:
An '''Inference Attack''' is a [[data mining]] technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.<ref>[http://research.microsoft.com/~jckrumm/Publications%202007/inference%20attack%20refined02%20distribute.pdf "Inference Attacks on Location Tracks" by John Krumm]</ref> A subject's sensitive [[information]] can be considered as leaked if an adversary can infer its real value with a high confidence.<ref>http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against
An '''Inference Attack''' is a [[data mining]] technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.<ref>[http://research.microsoft.com/~jckrumm/Publications%202007/inference%20attack%20refined02%20distribute.pdf "Inference Attacks on Location Tracks" by John Krumm]</ref> A subject's sensitive [[information]] can be considered as leaked if an adversary can infer its real value with a high confidence.<ref>http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against
Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang</ref> This is an example of breached [[information security]]. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.<ref>[http://andromeda.rutgers.edu/~gshafer/raman.pdf "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001]</ref> The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.<ref>[http://databases.about.com/od/security/l/aainference.htm "Database Security Issues: Inference" by Mike Chapple]</ref>
Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang</ref> This is an example of breached [[information security]]. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.<ref>[http://andromeda.rutgers.edu/~gshafer/raman.pdf "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001]</ref> The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.<ref>[http://databases.about.com/od/security/l/aainference.htm "Database Security Issues: Inference" by Mike Chapple]</ref>

While inference attacks were originally discovered as a threat in statistical databases,<ref name="Lane1985">{{cite book|author=V. P. Lane|title=Security of Computer Based Information Systems|url=https://books.google.com/books?id=dkJdDwAAQBAJ&pg=PR11|date=8 November 1985|publisher=Macmillan International Higher Education|isbn=978-1-349-18011-0|pages=11–}}</ref> today they also pose a major privacy threat in the domain of [[mobile]] and [[Internet of Things|IoT]] sensor data. Data from [[accelerometers]], which can be accessed by third-party apps without user permission in many mobile devices,<ref name="BaiYin2017">{{cite journal|last1=Bai|first1=Xiaolong|last2=Yin|first2=Jie|last3=Wang|first3=Yu-Ping|title=Sensor Guardian: prevent privacy inference on Android sensors|journal=EURASIP Journal on Information Security|volume=2017|issue=1|year=2017|issn=2510-523X|doi=10.1186/s13635-017-0061-8}}</ref> has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location).<ref name=“Kröger2019">{{cite conference |title=Privacy implications of accelerometer data: a review of possible inferences |last1=Kröger |first1=Jacob Leon |last2=Raschke |first2=Philip |date=January 2019 |publisher=ACM, New York |book-title=Proceedings of the International Conference on Cryptography, Security and Privacy |pages=81–87 |doi=10.1145/3309074.3309076}}</ref>
Highly sensitive inferences can also be derived, for example, from [[eye tracking]] data<ref name="LieblingPreibusch2014">{{cite journal|last1=Liebling|first1=Daniel J.|last2=Preibusch|first2=Sören|title=Privacy considerations for a pervasive eye tracking world|year=2014|pages=1169–1177|doi=10.1145/2638728.2641688}}</ref><ref name="KrögerLutz2020">{{cite journal|last1=Kröger|first1=Jacob Leon|last2=Lutz|first2=Otto Hans-Martin|last3=Müller|first3=Florian|title=What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking|volume=576|year=2020|pages=226–241|issn=1868-4238|doi=10.1007/978-3-030-42504-3_15}}</ref>, [[smart meter]] data<ref name="ClementPloennigs2014">{{cite journal|last1=Clement|first1=Jana|last2=Ploennigs|first2=Joern|last3=Kabitzsch|first3=Klaus|title=Detecting Activities of Daily Living with Smart Meters|year=2014|pages=143–160|issn=2191-6853|doi=10.1007/978-3-642-37988-8_10}}</ref><ref name="SankarRajagopalan2013">{{cite journal|last1=Sankar|first1=Lalitha|last2=Rajagopalan|first2=S.R.|last3=Mohajer|first3=Soheil|last4=Poor|first4=H.V.|title=Smart Meter Privacy: A Theoretical Framework|journal=IEEE Transactions on Smart Grid|volume=4|issue=2|year=2013|pages=837–846|issn=1949-3053|doi=10.1109/TSG.2012.2211046}}</ref> and voice recordings (e.g., [[smart speaker]] voice commands).<ref name="KrögerLutz2020">{{cite journal|last1=Kröger|first1=Jacob Leon|last2=Lutz|first2=Otto Hans-Martin|last3=Raschke|first3=Philip|title=Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference|volume=576|year=2020|pages=242–258|issn=1868-4238|doi=10.1007/978-3-030-42504-3_16}}</ref>


==References==
==References==

Revision as of 19:04, 8 April 2021

An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.[1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence.[2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.[3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.[4]

While inference attacks were originally discovered as a threat in statistical databases,[5] today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices,[6] has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location).[7] Highly sensitive inferences can also be derived, for example, from eye tracking data[8][9], smart meter data[10][11] and voice recordings (e.g., smart speaker voice commands).[9]

References

  1. ^ "Inference Attacks on Location Tracks" by John Krumm
  2. ^ http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. ^ "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
  4. ^ "Database Security Issues: Inference" by Mike Chapple
  5. ^ V. P. Lane (8 November 1985). Security of Computer Based Information Systems. Macmillan International Higher Education. pp. 11–. ISBN 978-1-349-18011-0.
  6. ^ Bai, Xiaolong; Yin, Jie; Wang, Yu-Ping (2017). "Sensor Guardian: prevent privacy inference on Android sensors". EURASIP Journal on Information Security. 2017 (1). doi:10.1186/s13635-017-0061-8. ISSN 2510-523X.{{cite journal}}: CS1 maint: unflagged free DOI (link)
  7. ^ Kröger, Jacob Leon; Raschke, Philip (January 2019). "Privacy implications of accelerometer data: a review of possible inferences". Proceedings of the International Conference on Cryptography, Security and Privacy. ACM, New York. pp. 81–87. doi:10.1145/3309074.3309076.
  8. ^ Liebling, Daniel J.; Preibusch, Sören (2014). "Privacy considerations for a pervasive eye tracking world": 1169–1177. doi:10.1145/2638728.2641688. {{cite journal}}: Cite journal requires |journal= (help)
  9. ^ a b Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Müller, Florian (2020). "What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking". 576: 226–241. doi:10.1007/978-3-030-42504-3_15. ISSN 1868-4238. {{cite journal}}: Cite journal requires |journal= (help) Cite error: The named reference "KrögerLutz2020" was defined multiple times with different content (see the help page).
  10. ^ Clement, Jana; Ploennigs, Joern; Kabitzsch, Klaus (2014). "Detecting Activities of Daily Living with Smart Meters": 143–160. doi:10.1007/978-3-642-37988-8_10. ISSN 2191-6853. {{cite journal}}: Cite journal requires |journal= (help)
  11. ^ Sankar, Lalitha; Rajagopalan, S.R.; Mohajer, Soheil; Poor, H.V. (2013). "Smart Meter Privacy: A Theoretical Framework". IEEE Transactions on Smart Grid. 4 (2): 837–846. doi:10.1109/TSG.2012.2211046. ISSN 1949-3053.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Inference_attack&oldid=1016727456"