This paper proposes AgentFuzz, an agent-guided fuzzing framework that combines the reasoning capabilities of Large Language Models (LLMs) with session-aware coverage metrics to effectively test stateful protocol implementations. The approach introduces Session-Aware Coverage (SAC), a novel metric that tracks both code coverage and protocol state transitions to guide the fuzzing process. A multi-agent architecture is presented where specialized agents handle mutation strategy selection, state exploration, and session management.
Key findings
AgentFuzz combines LLMs with session-aware coverage metrics for effective testing of stateful protocol implementations.
Session-Aware Coverage (SAC) tracks both code coverage and protocol state transitions.
A multi-agent architecture balances exploration and exploitation through specialized agent roles.
Limitations & open questions
The paper outlines a comprehensive evaluation plan but does not yet present empirical results.