Comment by alasdair_
If I don't know the whole chain (or I don't use a timing attack with a known guard and exit node) then I don't see how I'd know who sent the packet in the first place. The person in the chain would connect to a random tor guard node, which would connect to another random node which would connect to my evil exit node. My evil exit node would only know which random TOR node the connection came from but that's not enough to tell who the original person was.
Say there are only 2 sites on Tor. Site 'A' is plain text and has no pages over 1KB. You know this because it's public and you can go look at it. Site 'B' hosts memes which are mostly .GIFs that are 1MB+. You know this because it's also a public site.
If I was browsing one of those sites for an hour and you were my guard, do you think you could make a good guess which site I'm visiting?
I'm asking why that concept doesn't scale up. Why wouldn't it work with machine learning tools that are used to detect anomalous patterns in corporate networks if you reverse them to detect expected patterns.