I. Introduction
Critical Infrastructures such as water supplies, telecommunications, transportation systems, and power grids heavily rely on Industrial Control Systems (ICS). The increased connectivity opens the door not only for efficiency improvement, but also for malicious actors, such as advanced persistent threats (APT) [1] , [2] . APTs present unique features compared to the attacks happened in general information technology (IT) infrastructures ; adversaries can remain undetected for a extended period until they launch attacks leading to irreversible damage.