A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.