This paper addresses the challenges of detecting cyber-attacks in Cyber-Physical Manufacturing Systems (CPMS) by proposing a Digital Twin (DT)-based framework. CPMS are vulnerable to cyber-attacks due to their integration of cyber and physical resources, which can cause harm to the manufacturing system, products, or workers. The paper focuses on two key challenges: distinguishing expected anomalies from cyber-attacks and identifying attacks during transient responses due to closed-loop controllers. The proposed DT framework leverages run-time data, models, and analytics to provide insights into the physical process. It includes multiple DTs for data collection and analysis, supporting flexible and modular anomaly and cyber-attack detection. The framework is demonstrated through an experimental case study on a 3D printer, showing its effectiveness, flexibility, and scalability. The paper also discusses the integration of existing cybersecurity methods and the potential for extending the framework to address various attack types and scenarios.This paper addresses the challenges of detecting cyber-attacks in Cyber-Physical Manufacturing Systems (CPMS) by proposing a Digital Twin (DT)-based framework. CPMS are vulnerable to cyber-attacks due to their integration of cyber and physical resources, which can cause harm to the manufacturing system, products, or workers. The paper focuses on two key challenges: distinguishing expected anomalies from cyber-attacks and identifying attacks during transient responses due to closed-loop controllers. The proposed DT framework leverages run-time data, models, and analytics to provide insights into the physical process. It includes multiple DTs for data collection and analysis, supporting flexible and modular anomaly and cyber-attack detection. The framework is demonstrated through an experimental case study on a 3D printer, showing its effectiveness, flexibility, and scalability. The paper also discusses the integration of existing cybersecurity methods and the potential for extending the framework to address various attack types and scenarios.