Many government branches report that internal networks are managed safely by separating them from the outside, but there is often a vulnerability that allows malicious codes to attack an internal network. Recently, the Ministry of National Defense of Korea announced that the internal network operated by the Korean military was attacked though hacking. It is difficult to detect cyber-attacks in real time within an internal network, which can be connected to an Internet of Everything (IoE). In this paper, we propose a fast attack detection system for the internal network that can be used by the government or public organizations. This system generates a tree to which the attack level is applied, notifies the user when the level is reached, and can block the system before an attack. Using this system, it is possible to protect the data and physical aspects by preventing the destruction of a system with large amounts of data, including important confidential or intellectual property. The proposed method offers a proper methodology for designing a malware protection system by categorizing the problem into a tree structure.