The performance of most Web attack detection systems degrades in real-world scenarios over time due to changes in the network environment and the evolution of attack techniques, resulting in unstable detection results. Therefore, this study designs an E-TCEVT anomaly detection system based on extreme value theory for dynamic real-world network attacks. This system incorporates a hybrid language model that combines word-level and subword-level elements for effective feature extraction from Web logs. In the detection phase, an approach based on extreme value theory and ensemble learning is employed. By integrating multiple models trained at different time points the proposed method prevents catastrophic forgetting during model fine-tuning, thereby maintaining adaptability and performance across both new and old samples. Experiments on open-source and real-world datasets demonstrate that the proposed method achieves higher F1 scores compared to single-model fine-tuning updates; moreover, compared to traditional non-updating methods, the proposed method shows better performance in both recall and F1 scores.