This work addresses infrastructure-level traffic analysis attacks against low-latency anonymous networks such as Tor, where adversaries exploit side-channel information from encrypted communications to perform traffic correlation. The paper proposes NATA, a novel algorithm that, for the first time, integrates active bandwidth watermarking with state-space learning to enable non-intrusive traffic correlation without endpoint compromise or packet modification. Specifically, NATA injects controllable bandwidth perturbations at upstream relays and observes them passively at exit relays. To achieve this, the authors design the BM-Net framework, which combines masked self-supervised pretraining with task-specific fine-tuning to efficiently learn traffic representations. Experimental results on real-world Tor traffic demonstrate a 99.65% F1 score for perturbation detection and a 97.5% macro F1 score for fine-grained modulation classification, with exit observation probabilities further evaluated through simulation.

Low-latency anonymity networks such as Tor remain vulnerable to infrastructure-level traffic analysis that exploits side-channel information observable from encrypted communications. We introduce NATA, a non-invasive active traffic-correlation analysis algorithm that injects distinguishable throughput patterns into traffic flows through controlled bandwidth perturbations. Unlike passive correlation methods, NATA does not require endpoint compromise, Tor-browser modification, or packet-payload decryption or modification. It can be carried out by an adversary that controls an upstream network gateway and observes traffic at adversary-controlled exit relays. To identify perturbed flows under substantial network variability, we develop BM-Net (Bandwidth Modulation Network), a selective state-space learning framework adapted for bandwidth-modulation detection. Given the limited availability of high-fidelity ground truth on real-world cross-continental Tor paths, BM-Net adopts a data-efficient learning strategy that separates self-supervised representation learning from supervised task-specific classification. It first learns reusable traffic representations through masked pre-training on serialized traffic traces, and then adapts these representations to binary perturbation detection and fine-grained modulation classification using task-specific labeled data. Through real Tor traffic measurements, BM-Net achieves a 99.65% binary detection F1 score and a 97.5% macro-F1 score for fine-grained modulation classification under our evaluated settings. In addition, tornettools-based scaled simulations are used to estimate exit-observation probability under bandwidth-weighted relay selection. These results suggest that active bandwidth perturbation can serve as an infrastructure-level side channel for traffic correlation under a clearly defined adversary model.