An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. [1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. [2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. [3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level. [4]
While inference attacks were originally discovered as a threat in statistical databases, [5] today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices, [6] has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location). [7] Highly sensitive inferences can also be derived, for example, from eye tracking data, [8] [9] smart meter data [10] [11] and voice recordings (e.g., smart speaker voice commands). [12]