In　this　article,　we　propose　a　web　back-end　database　leakage　incident　reconstruction　framework　(WeB-DLIR)　over　unlabeled　logs,　designed　to　improve　the　intelligence　and　automation　of　reconstructing　web　back-end　database　leakage　incidents　triggered　by　web-based　attacks　in　unannotated　logging　environments.　Using　WeB-DLIR,　analysts　can　reduce　the　manual　workload　of　tracing　and　responding　to　data　leakage　incidents.　Specifically,　we　first　design　web　front-end　and　back-end　anomaly　identification　methods　based　on　neural　network　models　with　a　pruning　strategy　and　fine-grained　grouping　clustering　analysis,　respectively,　for　completely　identifying　web-related　abnormal　events　in　unlabeled　logs.　To　remove　redundant　abnormal　events　and　reduce　subsequent　inspection　work　for　false　alarm　cases,　we　then　propose　an　anomaly　detection　result　decision　fusion　method　(DFADR).　Moreover,　to　visualize　the　attack　chain　reflected　by　abnormal　events,　based　on　the　decision　fusion　results,　we　propose　an　attack　graph　modeling　method　that　can　reflect　the　basic　process　of　data　leakage　from　multiple　perspectives.　Finally,　based　on　the　modeling　results,　the　topology　of　the　data　leakage　scenario　reconstruction　can　be　completed　by　further　auditing　the　relevant　logs.　Experimental　results　using　real-world　datasets　show　that　the　proposed　WeB-DLIR　is　efficient　and　feasible　for　practical　applications.