Fos-R is a network traffic generator based on AI models. It does not require GPU and can generate in the order of Gbps of network traffic with a laptop.

Setup

Install Rust, preferably with rustup.rs.

Then, you can install Fos-R with:

$ cargo install fosr

Then, you can check the install with:

$ fosr

If you want Fos-R to use the network, you must execute it as root/administrator.

Generation modes

Two generation modes are available.

Create-pcap

In this mode, Fos-R output a pcap file generated with the AI models.

Usage: fosr create-pcap [OPTIONS] <--duration <DURATION>|--packets-count <PACKETS_COUNT>>

Options:
  -o, --outfile <OUTFILE>              Output pcap file for synthetic network packets [default: output.pcap]
      --minimum-threads                Use as few threads as possible
  -n, --packets-count <PACKETS_COUNT>  Minimum number of packets to generate. Generation is not deterministic.
  -d, --duration <DURATION>            Minimum pcap traffic duration described in human-friendly time, such as "15days 30min 5s". Generation is deterministic when used with --order-pcap.
  -t, --start-time <START_TIME>        Beginning time of the pcap in RFC3339 style ("2025-05-01 10:28:07") or a Unix timestamp. By default, use current time
      --order-pcap                     Reorder temporally the generated pcap. Must fit the entire dataset in RAM.
  -s, --seed <SEED>                    Seed for random number generation
  -u, --cpu-usage                      Show CPU usage per thread
  -p, --profile <PROFILE>              Path to the profile with the models and the configuration
  -h, --help                           Print help

Network injection

In this mode, Fos-R generates and play network traffic between different computers in the same network. Fos-R needs to be executed on each computer and provided a configuration file.

Usage: fosr inject [OPTIONS]

Options:
  -o, --outfile <OUTFILE>
          Output pcap file of generated packets
  -t, --taint
          Taint the packets to easily identify them
  -s, --seed <SEED>
          Seed for random number generation
  -u, --cpu-usage
          Show CPU usage per thread
  -f, --flow-per-second <FLOW_PER_SECOND>
          Overall number of flows to generate per second [default: 10]
  -p, --profile <PROFILE>
          Path to the profile with the models and the configuration
  -h, --help
          Print help

Roadmap

v0.2 - Q2 2025 - "Usability"

• Documentation and API
• User interface
• Performance and binary size

v0.3 - Q3 2025 - "Portability"

• Windows version
• WASM version (pcap creation only)

v0.4 - Q4 2025 - "Quality"

• Generation quality
• High quality default models

v0.5 - Q1 2026 - "Transferability"

• Concept drift mode
• Transfer learning

Technical description

The generation is organized in four stages.

Stage 0: timestamp generation

This steps selects the starting point of the next flow to generate.

Stage 1: netflow generation

This step in based on the FlowChronicle tool. Using as input the set of learned patterns,it generates new netflow records by first sampling patterns and then sampling non-fixed values inside these patterns.

Stage 2: intermediate representation generation

This step is based on the TADAM tool. Using the flows generated by stage 1, it creates a list of PacketsIR, where T is a transport protocol. Each PacketsIR corresponds to a flow between two IP addresses. This structure contains the original flow (generated by stage 1) with the metadata of the flow. There is also a vector packets_info that contains some information about the packet header: packet direction (forward or backward), payload size and type, timestamp, and TCP flags when the transport protocol is TCP.

Stage 3: packet generation

Stage 3 creates a list of complete packets by completing the information given by the output of stage 2.

Stage 4 (optional): send and receive packets on the network

Stage 4 relies on raw sockets to send and receive the packets generated by stage 3.