Article · Wikipedia archive · Last revised May 28, 2026

Inference attack

An inference attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.

Last revised
May 28, 2026
Read time
≈ 2 min
Length
532 w
Citations
12
Source
Wikipedia ↗

An inference attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database.1 A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence.2 This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it.3 The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.4

While inference attacks were originally discovered as a threat in statistical databases,5 today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices,6 has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location).7 Highly sensitive inferences can also be derived, for example, from eye tracking data,89 smart meter data1011 and voice recordings (e.g., smart speaker voice commands).12

References

References

  1. "Inference Attacks on Location Tracks" by John Krumm
  2. http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. ""Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001" (PDF). Archived from the original (PDF) on 2011-06-06. Retrieved 2007-10-23.
  4. ""Database Security Issues: Inference" by Mike Chapple". Archived from the original on 2007-10-13. Retrieved 2007-10-23.
  5. V. P. Lane (8 November 1985). Security of Computer Based Information Systems. Macmillan International Higher Education. pp. 11–. ISBN 978-1-349-18011-0.
  6. Bai, Xiaolong; Yin, Jie; Wang, Yu-Ping (2017). "Sensor Guardian: prevent privacy inference on Android sensors". EURASIP Journal on Information Security. 2017 (1). doi:10.1186/s13635-017-0061-8. ISSN 2510-523X.
  7. Kröger, Jacob Leon; Raschke, Philip (January 2019). "Privacy implications of accelerometer data: a review of possible inferences". Proceedings of the International Conference on Cryptography, Security and Privacy. ACM, New York. pp. 81–87. doi:10.1145/3309074.3309076.
  8. Liebling, Daniel J.; Preibusch, Sören (2014). "Privacy considerations for a pervasive eye tracking world". Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication. pp. 1169–1177. doi:10.1145/2638728.2641688. ISBN 9781450330473. S2CID 3663921.
  9. Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Müller, Florian (2020). "What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 226–241. doi:10.1007/978-3-030-42504-3_15. ISBN 978-3-030-42503-6. ISSN 1868-4238.
  10. Clement, Jana; Ploennigs, Joern; Kabitzsch, Klaus (2014). "Detecting Activities of Daily Living with Smart Meters". Ambient Assisted Living. Advanced Technologies and Societal Change. pp. 143–160. doi:10.1007/978-3-642-37988-8_10. ISBN 978-3-642-37987-1. ISSN 2191-6853.
  11. Sankar, Lalitha; Rajagopalan, S.R.; Mohajer, Soheil; Poor, H.V. (2013). "Smart Meter Privacy: A Theoretical Framework". IEEE Transactions on Smart Grid. 4 (2): 837–846. doi:10.1109/TSG.2012.2211046. ISSN 1949-3053. S2CID 13471323.
  12. Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Raschke, Philip (2020). "Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 242–258. doi:10.1007/978-3-030-42504-3_16. ISBN 978-3-030-42503-6. ISSN 1868-4238.