ABSTRACT Highly notable cyber-attacks, such as Stuxnet [1] and the Maroochy attack [3], have targeted critical infrastructure to affect physical processes to cause harm. This work presents a payload analysis-based Intrusion Prevention System (IPS) to detect similar attacks by predicting what harm the attacks could cause to the physical process. The IPS developed is called the Embedded Process Prediction Intrusion Prevention System (EPPIPS). EPPIPS examines incoming command packets and ladder logic programs that are destined for a Programmable Logic Controller (PLC) that interacts with a physical process. If EPPIPS predicts these packets or programs to be harmful, EPPIPS can potentially prevent or limit the harm. EPPIPS resides inside the PLC itself as a proxy process between the actual PLC process and the network. The purpose of this approach is to serve as the innermost layer of defense relative to the PLC for cyber-attacks in a defense in depth strategy. The metrics used when evaluating the results in this work included latency and the accuracy of the predictions.