How do traffic‑correlation attacks work in practice and what academic research documents their feasibility?

1. What traffic‑correlation attacks actually do: matching shapes, not content

At their core these attacks correlate timing, packet counts, and byte volumes observed at two network points — for example a user’s link into an anonymity network and the network exit to a destination — to infer that the two ends belong to the same session; the attacker uses statistical similarity rather than payload inspection, meaning encryption and relays do not stop the technique ^{[7] [1] [8]}.

2. Passive correlation versus active watermarking and perturbation

Academic work distinguishes passive schemes that simply measure and correlate natural traffic signatures (timing, size, burst patterns) from active approaches that inject identifiable perturbations or watermarks into traffic to amplify correlation; both have been implemented in experiments and shown effective under different threat models ^{[7] [9] [2]}.

3. What an attacker needs in practice: visibility and scale

Feasibility hinges on the adversary’s visibility: access to router NetFlow logs or multiple observation points dramatically raises success rates, and recent reports discuss attackers that gather distributed netflow data or control many routers to match flows without seeing every packet on both sides ^{[4] [10] [7]}. Papers also stress targeted attacks are easier than broad surveillance because base-rate fallacies make precision low when true positives are rare ^{[4] [6]}.

4. Techniques: statistics, signal processing and machine learning

Early work used correlation coefficients and wavelet/time‑rate analyses to match flows; more recent studies show denoising, contrastive learning, and deep models (DeepCorr, DeepCoFFEA, FlowTracker) substantially improve matching under noisy conditions, but also require retraining and can degrade over time or under countermeasures ^{[2] [3] [9] [10]}.

5. Empirical demonstrations and experimental setups

Controlled experiments — from planetlab clients, Cisco NetFlow traces, to multi‑proxy research setups — repeatedly show attackers can identify victim flows among many candidates when they can observe both ends or inject patterns via a colluding server, though experimental design (single‑proxy vs multi‑proxy collection) affects measured success rates and safety constraints for users limit how far researchers probe real networks ^{[7] [5] [6]}.

6. Defenses, tradeoffs and unresolved measurement gaps

Defenses studied include padding, timing obfuscation, dummy traffic, RegulaTor and DeTorrent-style AI-based countermeasures; all impose latency, bandwidth, or deployability costs and the community lacks comprehensive empirical tradeoff curves showing protection versus overhead — a gap explicitly called out by Tor developers and researchers ^{[4] [6] [11]}. Counterarguments note that some defenses meaningfully reduce some attacks but attackers adapt (retraining, different features), and base-rate limits still constrain large-scale deanonymization ^{[4] [6]}.

7. Implications and honest limits of current research

The literature consistently demonstrates that traffic‑correlation is a credible threat when adversaries can observe or influence both ends, and modern ML methods make correlation more robust, but practical success across the wild depends on attacker positioning, scale, and the rarity of targets; importantly, several sources warn that more empirical data is needed to quantify real‑world effectiveness and defense cost/benefit tradeoffs ^{[2] [4] [5]}.