A recent report states that 63 percent of documented vulnerabilities exist in Web applications. Hence, Web applications represent an ideal platform for malicious attackers to target. This paper presents an anomaly intrusion detection system (AIWAS) to help system administrators protect their Web applications from these attacks. AIWAS maps each user’s input into an Instance Model (IM). The IM, which contains attackable features of the input, allows machine learning algorithms to classify the input as either benign or malicious. AIWAS then prevents malicious inputs from reaching the protected Web applications. A case study demonstrates the effectiveness of AIWAS against actual attacks.