- Inference attack
An Inference Attack is a
data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. [ [http://research.microsoft.com/~jckrumm/Publications%202007/inference%20attack%20refined02%20distribute.pdf "Inference Attacks on Location Tracks" by John Krumm] ] A subject's sensitiveinformation can be considered as leaked if an adversary can infer its real value with a high confidence. [http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information AgainstInference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang] This is an example of breachedinformation security . An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. [ [http://andromeda.rutgers.edu/~gshafer/raman.pdf "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001] ] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level. [ [http://databases.about.com/od/security/l/aainference.htm "Database Security Issues: Inference" by Mike Chapple] ]Countermeasures
Computer security inference control is the attempt to prevent users to infer classified information from rightfully accessible chunks of information with lower classification. Computer security professionals install protocols into databases to prevent inference attacks by software but to date there is no software or hardware, such as an anti-inference engine, that delivers this countermeasure against a human
inference engine . [ [http://www.unesco.org/webworld/public_domain/tunis97/com_54/com_54.html "Computer Security Inference Control" by Halim. M. Khelalfa (1997)] ]References
Wikimedia Foundation. 2010.