Wikipedia

Inference attack

An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.[1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence.[2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.[3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.[4]

While inference attacks were originally discovered as a threat in statistical databases,[5] today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices,[6] has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location).[7] Highly sensitive inferences can also be derived, for example, from eye tracking data,[8][9] smart meter data[10][11] and voice recordings (e.g., smart speaker voice commands).[12]

References

edit
  1. ^ "Inference Attacks on Location Tracks" by John Krumm
  2. ^ http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. ^ "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
  4. ^ ""Database Security Issues: Inference" by Mike Chapple". Archived from the original on 2007-10-13. Retrieved 2007-10-23.
  5. ^ V. P. Lane (8 November 1985). Security of Computer Based Information Systems. Macmillan International Higher Education. pp. 11–. ISBN 978-1-349-18011-0.
  6. ^ Bai, Xiaolong; Yin, Jie; Wang, Yu-Ping (2017). "Sensor Guardian: prevent privacy inference on Android sensors". EURASIP Journal on Information Security. 2017 (1). doi:10.1186/s13635-017-0061-8. ISSN 2510-523X.
  7. ^ Kröger, Jacob Leon; Raschke, Philip (January 2019). "Privacy implications of accelerometer data: a review of possible inferences". Proceedings of the International Conference on Cryptography, Security and Privacy. ACM, New York. pp. 81–87. doi:10.1145/3309074.3309076.81-87&rft.pub=ACM, New York&rft.date=2019-01&rft_id=info:doi/10.1145/3309074.3309076&rft.aulast=Kröger&rft.aufirst=Jacob Leon&rft.au=Raschke, Philip&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
  8. ^ Liebling, Daniel J.; Preibusch, Sören (2014). "Privacy considerations for a pervasive eye tracking world". Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication. pp. 1169–1177. doi:10.1145/2638728.2641688. ISBN 9781450330473. S2CID 3663921.1169-1177&rft.date=2014&rft_id=https://api.semanticscholar.org/CorpusID:3663921#id-name=S2CID&rft_id=info:doi/10.1145/2638728.2641688&rft.isbn=9781450330473&rft.aulast=Liebling&rft.aufirst=Daniel J.&rft.au=Preibusch, Sören&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
  9. ^ Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Müller, Florian (2020). "What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 226–241. doi:10.1007/978-3-030-42504-3_15. ISBN 978-3-030-42503-6. ISSN 1868-4238.226-241&rft.date=2020&rft.issn=1868-4238&rft_id=info:doi/10.1007/978-3-030-42504-3_15&rft.isbn=978-3-030-42503-6&rft.aulast=Kröger&rft.aufirst=Jacob Leon&rft.au=Lutz, Otto Hans-Martin&rft.au=Müller, Florian&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
  10. ^ Clement, Jana; Ploennigs, Joern; Kabitzsch, Klaus (2014). "Detecting Activities of Daily Living with Smart Meters". Ambient Assisted Living. Advanced Technologies and Societal Change. pp. 143–160. doi:10.1007/978-3-642-37988-8_10. ISBN 978-3-642-37987-1. ISSN 2191-6853.143-160&rft.date=2014&rft.issn=2191-6853&rft_id=info:doi/10.1007/978-3-642-37988-8_10&rft.isbn=978-3-642-37987-1&rft.aulast=Clement&rft.aufirst=Jana&rft.au=Ploennigs, Joern&rft.au=Kabitzsch, Klaus&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
  11. ^ Sankar, Lalitha; Rajagopalan, S.R.; Mohajer, Soheil; Poor, H.V. (2013). "Smart Meter Privacy: A Theoretical Framework". IEEE Transactions on Smart Grid. 4 (2): 837–846. doi:10.1109/TSG.2012.2211046. ISSN 1949-3053. S2CID 13471323.837-846&rft.date=2013&rft_id=https://api.semanticscholar.org/CorpusID:13471323#id-name=S2CID&rft.issn=1949-3053&rft_id=info:doi/10.1109/TSG.2012.2211046&rft.aulast=Sankar&rft.aufirst=Lalitha&rft.au=Rajagopalan, S.R.&rft.au=Mohajer, Soheil&rft.au=Poor, H.V.&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
  12. ^ Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Raschke, Philip (2020). "Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 242–258. doi:10.1007/978-3-030-42504-3_16. ISBN 978-3-030-42503-6. ISSN 1868-4238.242-258&rft.date=2020&rft.issn=1868-4238&rft_id=info:doi/10.1007/978-3-030-42504-3_16&rft.isbn=978-3-030-42503-6&rft.aulast=Kröger&rft.aufirst=Jacob Leon&rft.au=Lutz, Otto Hans-Martin&rft.au=Raschke, Philip&rfr_id=info:sid/en.wikipedia.org:Inference attack" class="Z3988">
Retrieved from "https://en.wikipedia.org/w/index.php?title=Inference_attack&oldid=1244358516"