Traffic analysis tasks may be supported by dedicated computer software programs, including commercially available programs such as those offered by i2, Visual Analytics, Memex, Orion Scientific, Pacific Northwest National Labs, Genesis EW's GenCOM Suite and others. Advanced traffic analysis techniques may include various forms of social network analysis.
In a military context, traffic analysis is a basic part of signals intelligence, and can be a source of information about the intentions and actions of the enemy. Representative patterns include:
There is a close relationship between traffic analysis and cryptanalysis (commonly called codebreaking). Callsigns and addresses are frequently encrypted, requiring assistance in identifying them. Traffic volume can often be a sign of an addressee's importance, giving hints to pending objectives or movements to cryptanalysts.
Traffic-flow security is one aspect of communications security.
The Communications' Metadata Intelligence, or COMINT metadata is a term in COMINT referring to the concept of producing intelligence by analyzing only the technical metadata, hence, is a great practical example for traffic analysis in intelligence.
While traditionally information gathering in COMINT is derived from intercepting transmissions, tapping the target's communications and monitoring the content of conversations, the metadata intelligence is not based on content but on technical communicational data.
Non content COMINT is usually used to figure information about the user of a certain transmitter, such as locations, contacts, activity volume, routine and its exceptions.
For example, if a certain emitter is known as the radio transmitter of a certain unit, and by using DF (direction finding) tools, the position of the emitter is locatable; hence the changes of locations can be monitored. That way we're able to understand that this certain unit is moving from one point to another, without listening to any orders or reports. If we know that this unit reports back to a command on a certain pattern, and we know that another unit reports on the same pattern to the same command, than the two units are probably related, and that conclusion is based on the metadata of the two units' transmissions, and not on the content of their transmissions.
Using all, or as many of the metadata available is commonly use in order to build up an Electronic Order of Battle (EOB) – mapping different entities in the battlefield and their connections. Of course the EOB could be built by tapping all the conversations and trying to understand which unit is where, but using the metadata with an automatic analysis tool enables a much faster and accurate EOB build-up that alongside tapping builds a much better and complete picture.
Traffic analysis is also a concern in computer security. An attacker can gain important information by monitoring the frequency and timing of network packets. A timing attack on the SSH protocol used timing information to deduce information about passwords (Song et al, 2001). How? During interactive sessions, SSH transmits each key stroke as a message. The time between keystroke messages can be studied using hidden Markov models. The authors claim that it can recover the password fifty times faster than a brute force attack.
Onion routing systems are used to gain anonymity. Traffic analysis can be used to attack anonymous communication systems like the Tor anonymity network. Steven J. Murdoch and George Danezis from University of Cambridge presented research showing that traffic-analysis allows adversaries to infer which nodes relay the anonymous streams. This reduces the anonymity provided by Tor. They have shown that otherwise unrelated streams can be linked back to the same initiator.
Remailer systems can also be attacked via traffic analysis. If a message is observed going to a remailing server, and an identical-length (if now anonymized) message is seen exiting the server soon after, a traffic analyst may be able (automatically) connect the sender with the ultimate receiver. Variations of remailer operations exist that can make traffic analysis less effective.
It is difficult to defeat traffic analysis without both encrypting messages and masking the channel. When no actual messages are being sent, we can mask the channel by sending dummy traffic, similar to the encrypted traffic, thereby keeping the channel 100% busy. "It is very hard to hide information about the size or timing of messages. The known solutions require Alice to send a continuous stream of messages at the maximum bandwidth she will ever use...This might be acceptable for military applications, but it is not for most civilian applications." The military-versus-civilian problems applies in situations where the user is charged for the volume of information sent.
Even for Internet access, where there is not a per-packet charge, ISPs make statistical assumption that connections from user sites will not be busy 100% of the time. The user cannot simply increase the bandwidth of the link, since masking would fill that as well. If masking, which often can be built into end-to-end encryptors, becomes common practice, ISPs will have to change their traffic assumptions.
Web site traffic analysis goes wireless.(WebSideStory services)(Company Business and Marketing)(Internet/ Web/ Online Service Information)
Apr 03, 2000; WebSideStory, a San Diego provider of Web site traffic analysis, Monday will announce two services that support handheld...
Traffic Analysis Toolbox: FHWA releases new guidelines to help analysts improve modeling to reduce congestion and improve safety.
Mar 01, 2005; The Nation's roadways have become so overloaded with traffic that they can have an adverse affect on the quality of life for many...