Nuclear regulatory guidelines require all nuclear facilities to establish sufficient prevention and response capabilities against cyber-attacks. In this study, an integrated cyber-attack response process at NPPs is analyzed. The integrated response process includes a safety-response security analysis that enacts a safety response against unperceived damage, as well as against potential damage. To help operators conduct the safety-related security analysis, a security state estimation method is developed. A knowledgebased hidden Markov modeling method is developed to model a probabilistic transition process of a security state. The constructed HMMs can be updated online for optimized security state estimation. The developed security state estimation method can help operators conduct a cause analysis and security impact analysis. By integrating with the probabilistic safety assessment method, the developed method can also be applied to a functional impact analysis. A case study was conducted to prove the validity of the developed method using a hardware-in-the-loop system. (C) 2021 Elsevier Ltd. All rights reserved.