An Inference Attack
is a data mining
technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. A subject's sensitive information
can be considered as leaked if an adversary can infer its real value with a high confidence. This is an example of breached information security
. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level.
Computer security inference control is the attempt to prevent users to infer classified information from rightfully accessible chunks of information with lower classification. Computer security professionals install protocols into databases to prevent inference attacks by software but to date there is no software or hardware, such as an anti-inference engine, that delivers this countermeasure against a human inference engine.