Abstract: Today’s Web application customization technology is widely used.Anomaly detection in early warning and real-time blocking the attack site of application-level program is a very suitable method．However,anomaly detection techniques are easier to detect problems of false positives and false negatives．The use of an integrated system can solve the problem．This integrated system includs the anomaly detection system based anomaly detection system,the Web and a database．Anomaly detection system and the SQL query of a Web serial structure of the anomaly detection system will be able to improve the efficiency of the detection system．The algorithm was evaluated for its applicability on several existing Web application．It is showed that the algorithm is feasible and effective to reduce false positives and false negatives.

Key words: Anomaly detection,SQL queries,Web applications