An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.
While inference attacks were originally discovered as a threat in statistical databases, today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices, has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location). Highly sensitive inferences can also be derived, for example, from eye tracking data, smart meter data and voice recordings (e.g., smart speaker voice commands).
- "Inference Attacks on Location Tracks" by John Krumm
- http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
- "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
- "Database Security Issues: Inference" by Mike Chapple
- V. P. Lane (8 November 1985). Security of Computer Based Information Systems. Macmillan International Higher Education. pp. 11–. ISBN 978-1-349-18011-0.
- Bai, Xiaolong; Yin, Jie; Wang, Yu-Ping (2017). "Sensor Guardian: prevent privacy inference on Android sensors". EURASIP Journal on Information Security. 2017 (1). doi:10.1186/s13635-017-0061-8. ISSN 2510-523X.
- Kröger, Jacob Leon; Raschke, Philip (January 2019). "Privacy implications of accelerometer data: a review of possible inferences". Proceedings of the International Conference on Cryptography, Security and Privacy. ACM, New York. pp. 81–87. doi:10.1145/3309074.3309076.
- Liebling, Daniel J.; Preibusch, Sören (2014). "Privacy considerations for a pervasive eye tracking world": 1169–1177. doi:10.1145/2638728.2641688. Cite journal requires
- Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Müller, Florian (2020). "What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking". 576: 226–241. doi:10.1007/978-3-030-42504-3_15. ISSN 1868-4238. Cite journal requires
- Clement, Jana; Ploennigs, Joern; Kabitzsch, Klaus (2014). "Detecting Activities of Daily Living with Smart Meters": 143–160. doi:10.1007/978-3-642-37988-8_10. ISSN 2191-6853. Cite journal requires
- Sankar, Lalitha; Rajagopalan, S.R.; Mohajer, Soheil; Poor, H.V. (2013). "Smart Meter Privacy: A Theoretical Framework". IEEE Transactions on Smart Grid. 4 (2): 837–846. doi:10.1109/TSG.2012.2211046. ISSN 1949-3053.
- Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Raschke, Philip (2020). "Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference". 576: 242–258. doi:10.1007/978-3-030-42504-3_16. ISSN 1868-4238. Cite journal requires