Software vulnerability analysis has become a hot topic recently. However, the traditional methods for analyzing software vulnerability have higher false positive rate. In this paper, adaptive K function is defined, and SVAAKSC (Software vulnerability analysis method based on adaptive-K sequence clustering) is presented. The collected objects in software vulnerability sequence database SVSD are pretreated to equal length vectors. Moreover, according to adaptive-K based sequence clustering algorithm, all software vulnerabilities in SVSD are clustered into K clustering. Afterwards, by matching the similarities between detected vulnerability from software and each clustering center, whether the detected vulnerability is a real software vulnerability can be judged. Finally, the corresponding analysis report is obtained. The experimental results and analysis show that SVAAKSC has lower false positive rate and better analysis time.

DOI : http://dx.doi.org/10.11591/telkomnika.v12i6.4610