Inference attack

From Wikipedia, the free encyclopedia

An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.[1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. [2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.[3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.[4]

[edit] Countermeasures

Computer security inference control is the attempt to prevent users to infer classified information from rightfully accessible chunks of information with lower classification. Computer security professionals install protocols into databases to prevent inference attacks by software but to date there is no software or hardware, such as an anti-inference engine, that delivers this countermeasure against a human inference engine. [5]

[edit] References

  1. ^ "Inference Attacks on Location Tracks" by John Krumm
  2. ^ http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. ^ "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
  4. ^ "Database Security Issues: Inference" by Mike Chapple
  5. ^ "Computer Security Inference Control" by Halim. M. Khelalfa (1997)