The invention discloses a multi-dimensional webshell intrusion detection method and detection system based on an HTTP log. The method includes the following steps: acquiring HTTP log data; performingblacklist filtering on a visiting IP field in the HTTP log data, and if a visiting IP is in a blacklist, directly storing and reporting the IP; extracting access parameter characteristics and access behavior characteristics by using known HTTP normal access data and webshell intrusion data, and adopting an SVM classifier model to perform training according to the extracted access parameter characteristics and access behavior characteristics; and extracting the access parameter characteristics and the access behavior characteristics for real-time HTTP data, judging whether a webshell intrusionis encountered by using the trained SVM classifier model, and storing and reporting intrusion behaviors to facilitate subsequent processing. According to the detection method and detection system disclosed by the invention, whether a web page server encounters the webshell intrusion can be accurately judged according to HTTP access log data.