Peters,LudgerKhalaf,MahmoudWaedt,KarlSchindler,JosefBelaidi,SiwarDemmler, DanielKrupka, DanielFederrath, Hannes2022-09-282022-09-282022978-3-88579-720-3https://dl.gi.de/handle/20.500.12116/39487This paper aims to enhance cyber security within Electrical Power Systems (EPS) of power plants by extending and using an updated plant simulator. In this paper, we assume a sophisticated attacker, as part of an Advanced Persistent Threat (APT), who gradually damages or manipulates primary assets (in the sense of ISO/IEC 27005:2018, e. g. main cooling water pumps, feedwater pumps, safety valves, and circuit breakers). Accordingly, we assume that the attack agent performs gradual manipulations at the application level. Detecting and predicting a potential anomaly is designed and implemented based on machine learning of expected behavior. The paper will include examples of attacks executed over an extended time period by gradually manipulating combinations of analog and binary signal values or set-points. Challenges related to the training of the detection algorithms, avoidance of false positives, and concise reporting to non-security domain experts will also be addressed.enDigitial TwinMachine Learning (ML)Deep LearningCyber SecurityIIoTCyber- Physical System (CPS)Security ControlsIndustrial Automation and Control System (IACS)Electrical Power System (EPS)Model-based Integrity Monitoring of Industrial Automation And Control Systems10.18420/inf2022_1321617-5468