With rapid advancement of the science and technologies, computers and networks have become indispensable to government and enterprise's operations as well as people's daily life. For various kinds of purposes, hackers attack servers and/or computers on the networks. Generally speaking, attacks from the hackers may be divided into two categories, including destroying attacks and intrusion attacks. The destroying attacks aim at destroying the attacked targets so that the attacked targets fail to operate normally. The intrusion attacks aim at acquiring some authorities of the attacked targets so as to control the attacked targets to execute specific operations. The intrusion attacks are usually performed in the loopholes of servers, application software, or network communication protocols.
To prevent the computers on the network from being attacked by hackers, some conventional technologies adopt the filtering rules designed by experts. Specifically, the administrator uses a predetermined filtering list to filter the accessing apparatuses so as to maintain the information security. The filtering list may include Internet Protocol (IP) addresses to be filtered or feature values of program codes of malicious software. Nevertheless, the filtering list cannot be updated in real time and, hence, there is still a window that the maintenance of information security is vulnerable. Some conventional technologies adopt the mechanism of dynamic real-time scanning (e.g., scanning webpage contents), which shortens the window that the maintenance of information security is vulnerable but consumes a lot of computing resources. Accordingly, a technology capable of detecting node attacks to maintain the information security is still needed in the art.