Cross-Flow Correlations Survive Synthesis: Measuring Source-Level Privacy Leakage in Synthetic Network Traces

Synthetic network data generators (SynNetGens) are increasingly used to share realistic traffic traces without exposing sensitive raw data. While substantial effort has gone into improving fidelity, privacy is either assumed to be a built-in property of synthesis or addressed through differential privacy at the packet or flow level. This paper uncovers a fundamental privacy vulnerability: SynNetGens preserve cross-flow behavioral correlations that expose source-level membership, allowing an attacker to determine whether traffic of specific user, or service was included in the training data. This leakage arises from a mismatch in abstraction: existing SynNetGens operate and are protected at the packet or flow level, while sensitive information is encoded in correlations across flows from the same source. To demonstrate that this vulnerability is exploitable in practice, we develop TraceBleed, the first source-level membership inference attack against black-box SynNetGens. Our evaluation spans five datasets and six SynNetGens, revealing that: (i) every generator leaks source-level information on at least some datasets; (ii) flow- or packet-level differential privacy fails to protect source privacy unless fidelity is degraded to unusable levels; and (iii) releasing 10X more synthetic data amplifies leakage by 130% on average. To support ongoing research in this area, we will maintain a public privacy-fidelity leaderboard so practitioners can choose generators that fit their needs and researchers can benchmark new designs faithfully.