The present invention discloses a hacking detection method, including: deploying a plurality of trap IP addresses in a trap IP address list; collecting access logs from a plurality of network devices to create a connection record list, wherein the connection record list includes a plurality of connection records; and comparing the trap IP address list and the connection record list to obtain a suspicious source list. The suspicious source list includes a plurality of suspicious source IP addresses. The suspicious source IP addresses match a portion of the trap IP addresses in the trap IP address list.