The existing general IDS is not adequate for web protection because it does not consider the characteristic of web service. Owing to the openness of web service, access control for service is difficult. In addition, web service has the hierarchy of web components. Then web attacks can be detected in the various location of web components. It is necessary for web application specific IDS to protect web service. In this thesis, we proposed an approach to classify web attacks. This approach took web’s service structure and vulnerabilities into consideration. This approach helps to design and implement web application IDS following reasons. First the attack categorization through attack cause is useful to understand the characteristic of web attacks. Second the attack categorization through attack effect is useful to analyze web attack risk and can reflect priority and importance of web attack detection in web application IDS. Finally consideration of web attack categories with the point of detection technique and position is helpful to design web application IDS and answer a question on how and where to detect web attacks.