Lib.rs

Network programming
#generator #networking #traffic #records #generate #stage #timestamp

app fosr

Fos-R (Forgery Of Security Records) is a synthetic network traffic generator

Owned by PFGimenez.

1 unstable release

new 0.1.0 Mar 7, 2025
0.0.1 Jan 8, 2025

#5 in #records

GPL-3.0 license

3MB
3K SLoC

Fos-R

Fos-R is a network traffic generator based on AI models. It does not require GPU and can generate in the order of Gbps of network traffic with a laptop.

Setup

You can install Fos-R with:

cargo install fosr

You need to install the pcap library. On Ubuntu/Debian, you can do:

apt install libpcap-dev

Then, you can check the install with:

fosr -V

Generation modes

Several generation modes are available.

Create-pcap

In this mode, Fos-R output a pcap file generated with the AI models.

Honeynet

In this mode, Fos-R generates and play network traffic between different computers in the same network. Fos-R needs to be executed on each computer and provided a configuration file.

Replay-pcap

(Not available yet)

In this mode, Fos-R replays a pcap file with raw sockets.

Roadmap

v0.1 - March 2025 - "MVP"

  • Create-pcap and honeynet modes
  • Linux only support
  • Basic default models

v0.2 - Q2 2025 - "Usability"

  • Documentation and API
  • User interface
  • Performance and binary size

v0.3 - Q3 2025 - "Portability"

  • Windows version
  • WASM version (pcap creation only)

v0.4 - Q4 2025 - "Quality"

  • Generation quality
  • High quality default models
  • Concept drift mode

Technical description

The generation is organized in four stages.

Stage 0: timestamp generation

This steps selects the starting point of the next flow to generate.

Stage 1: netflow generation

This step in based on the FlowChronicle tool. Using as input the set of learned patterns,it generates new netflow records by first sampling patterns and then sampling non-fixed values inside these patterns.

Stage 2: intermediate representation generation

This step is based on the TADAM tool. Using the flows generated by stage 1, it creates a list of PacketsIR, where T is a transport protocol. Each PacketsIR corresponds to a flow between two IP addresses. This structure contains the original flow (generated by stage 1) with the metadata of the flow. There is also a vector packets_info that contains some information about the packet header: packet direction (forward or backward), payload size and type, timestamp, and TCP flags when the transport protocol is TCP.

Stage 3: packet generation

Stage 3 creates a list of complete packets by completing the information given by the output of stage 2.

Stage 4 (optional): send and receive packets on the network

Stage 4 relies on raw sockets to send and receive the packets generated by stage 3.

Dependencies

~10–19MB
~284K SLoC