In　this　paper,　we　propose　IVMWAF,　a　framework　for　intelligent　analysis　of　multi-stage　web　attacks　which　uses　artificial　intelligence　and　visualization　approaches.　The　IVMWAF　framework　is　designed　to　provide　a　general　and　practical　forensic　process　for　investigating　multi-stage　web　attacks.　Using　IVMWAF,　digital　forensics　analysts　can　have　a　flexible　and　intuitive　understanding　of　the　overall　situation　of　complex　web　security　incidents.　Specifically,　in　order　to　extract　all　web　security　incident　related　anomalies,　we　first　propose　a　multi-level　anomaly　detection　method,　by　dividing　different　levels　based　on　different　stages　of　the　web　attack　chain.　We　also　design　methods　for　visualizing　and　making　human-computer　interactions　for　different　levels　of　anomaly　detection,　to　assist　analysts　in　comprehending　and　providing　feedback　on　the　decisions　made　by　intelligent　methods.　For　forensic　analysis　of　web　attack　incidents,　we　integrate　multi-level　anomaly　detection　and　visualization　for　correlation　analysis,　and　propose　a　method　for　constructing　multi-level　web　attack　scenarios.　Finally,　we　developed　a　prototype　system　and　validated　the　usability　and　superiority　of　the　proposed　IVMWAF　with　experimental　results　and　expert　evaluations　on　a　dataset　during　a　real　enterprise　security　incident.　©　2024　IEEE.