[WEBINAR] Better to Ask Permission? Best Practices for Privacy and Security


Definition - What does Inference mean?

Inference is a database system technique used to attack databases where malicious users infer sensitive information from complex databases at a high level. In basic terms, inference is a data mining technique used to find information hidden from normal users.

An inference attack may endanger the integrity of an entire database. The more complex the database is, the greater the security implemented in association with it should be. If inference problems are not solved efficiently, sensitive information may be leaked to outsiders.

Techopedia explains Inference

Two inference vulnerabilities that appear in databases are data association and data aggregation. When two values taken together are classified at a higher level than one of every value involved, this becomes a data association. When a set of information is classified at a higher level than the individual level of data, it is a clear case of data aggregation. The sensitive data leaked through inference involves bound data, where an attacker finds out a range of data holding expected data or negative data, which is obtained as a result of certain innocent queries. An attacker might try to access sensitive information through a direct attack, indirect attack or tracking.

A wide variety of inference channels have been discovered in databases. One way of inference is querying the database based on sensitive information. In this method, the user queries the database sequentially and from the series of outputs received, infers patterns in the database and information lurking behind the usual displayed data. A series of queries by a normal user may reveal some information that can easily be guessed. Statistical data may also fall prey to inference. In a statistical database, aggregate statistics on a group of people are made public, while individual information is hidden. The threat against statistical database security is that queries can be shelled out on aggregate statistics over a period of time and arithmetic operations may be performed that enable the attackers to hack individual member information.

Inference detection can be achieved through the semantic inference model, security violation detection and knowledge acquisition. The semantic inference model combines dependency, data schema and semantic knowledge. It represents all possible relations between attributes of data sources. Security violation detection combines a request log with a new query request and checks if the request is allowed as per the prespecified set of instructions. Based on the analysis, it decides whether the query has to be answered.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.