[](https://gitlab.inria.fr/pirat-public/Fos-R/-/commits/main)
[](https://gitlab.inria.fr/pirat-public/Fos-R/-/releases)
Fos-R is a network traffic generator based on AI models. It does not require GPU and can generate in the order of Gbps of network traffic with a laptop.
## Setup
Install Rust, preferably with [rustup.rs](https://rustup.rs/).
Then, you can install Fos-R with:
$ cargo install fosr
Then, you can check the install with:
$ fosr
If you want Fos-R to use the network, you must execute it as root/administrator.
# Generation modes
Two generation modes are available.
## Create-pcap
In this mode, Fos-R output a pcap file generated with the AI models.
```
Usage: fosr create-pcap [OPTIONS] <--duration <DURATION>|--packets-count <PACKETS_COUNT>>
Options:
-o, --outfile <OUTFILE> Output pcap file for synthetic network packets [default: output.pcap]
--minimum-threads Use as few threads as possible
-n, --packets-count <PACKETS_COUNT> Minimum number of packets to generate. Generation is not deterministic.
-d, --duration <DURATION> Minimum pcap traffic duration described in human-friendly time, such as "15days 30min 5s". Generation is deterministic when used with --order-pcap.
-t, --start-time <START_TIME> Beginning time of the pcap in RFC3339 style ("2025-05-01 10:28:07") or a Unix timestamp. By default, use current time
--order-pcap Reorder temporally the generated pcap. Must fit the entire dataset in RAM.
-s, --seed <SEED> Seed for random number generation
-u, --cpu-usage Show CPU usage per thread
-p, --profile <PROFILE> Path to the profile with the models and the configuration
-h, --help Print help
```
## Network injection
In this mode, Fos-R generates and play network traffic between different computers in the same network.
Fos-R needs to be executed on each computer and provided a configuration file.
```
Usage: fosr inject [OPTIONS]
Options:
-o, --outfile <OUTFILE>
Output pcap file of generated packets
-t, --taint
Taint the packets to easily identify them
-s, --seed <SEED>
Seed for random number generation
-u, --cpu-usage
Show CPU usage per thread
-f, --flow-per-second <FLOW_PER_SECOND>
Overall number of flows to generate per second [default: 10]
-p, --profile <PROFILE>
Path to the profile with the models and the configuration
-h, --help
Print help
```
# Roadmap
## v0.2 - Q2 2025 - "Usability"
- Documentation and API
- User interface
- Performance and binary size
## v0.3 - Q3 2025 - "Portability"
- Windows version
- WASM version (pcap creation only)
## v0.4 - Q4 2025 - "Quality"
- Generation quality
- High quality default models
## v0.5 - Q1 2026 - "Transferability"
- Concept drift mode
- Transfer learning
# Technical description
The generation is organized in four stages.
## Stage 0: timestamp generation
This steps selects the starting point of the next flow to generate.
## Stage 1: netflow generation
This step in based on the FlowChronicle tool. Using as input the set of learned patterns,it generates new netflow records by first sampling patterns and then sampling non-fixed values inside these patterns.
## Stage 2: intermediate representation generation
This step is based on the TADAM tool. Using the flows generated by stage 1, it creates a list of PacketsIR<T>, where T is a transport protocol. Each PacketsIR<T> corresponds to a flow between two IP addresses. This structure contains the original flow (generated by stage 1) with the metadata of the flow. There is also a vector packets_info that contains some information about the packet header: packet direction (forward or backward), payload size and type, timestamp, and TCP flags when the transport protocol is TCP.
## Stage 3: packet generation
Stage 3 creates a list of complete packets by completing the information given by the output of stage 2.
## Stage 4 (optional): send and receive packets on the network
Stage 4 relies on raw sockets to send and receive the packets generated by stage 3.