In recent years, Industrial Intrusion Detection Systems (IIDSs) are employed to improve the security of CPS. Among the state-of-the-art IIDSs, state based intrusion detection is a widely used approach. In such process aware IIDSs, normal states are extracted from historical process data or directly specified by control experts when the historical data is not (or rarely) available. In the second manner, experts try to determine the critical states of the process. However, having a large number of I/O, investigating all process states for determination of critical states is not practical. In this paper, the problem is resolved by proposing SysDetect (a Systematic approach to Critical State Determination) which employs a well-established and iterative data mining algorithm, i.e. Apriori. SysDetect guarantees that all candidate critical states are generated at each iteration. In addition, by identifying the critical states at each iteration using experts' opinions, number of generated candidates in the next iteration is significantly reduced. As a result, SysDetect in addition to provide a complete solution, guarantees that no redundant candidate is generated. Experimental results on a real settings indicate that SysDetect can be successfully applied to determine the critical states of industrial processes using experts' opinions. (C) 2015 Elsevier Ltd. All rights reserved.