Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication.
Traffic analysis has historically been a vital technique in cryptanalysis, especially when the attempted crack depends on successfully seeding a known-plaintext attack, which often requires an inspired guess based on how specific the operational context might likely influence what an adversary communicates, which may be sufficient to establish a short crib.
In a military context, traffic analysis is a basic part of signals intelligence, and can be a source of information about the intentions and actions of the target.
Traffic-flow security is the use of measures that conceal the presence and properties of valid messages on a network to prevent traffic analysis.
Non-content COMINT is usually used to deduce information about the user of a certain transmitter, such as locations, contacts, activity volume, routine and its exceptions.
Adam Back, Ulf Möeller and Anton Stiglic present traffic analysis attacks against anonymity providing systems.
[9] Steven J. Murdoch and George Danezis from University of Cambridge presented[10] research showing that traffic-analysis allows adversaries to infer which nodes relay the anonymous streams.
Traffic analysis involves intercepting and scrutinizing cybersecurity threats to gather valuable insights about anonymous data flowing through the exit node.
Even for Internet access, where there is not a per-packet charge, ISPs make statistical assumption that connections from user sites will not be busy 100% of the time.