To address the insufficient real-time situational awareness of modern power grids under sophisticated cyber threats—particularly the challenge of detecting interactive, targeted false data injection attacks (FDIAs)—this paper proposes a Bayesian ensemble framework integrating snapshot-based state estimation with distance-aware time-series modeling. The method leverages multi-distribution priors derived from historical normal operation to jointly and robustly distinguish between stochastic measurement errors and malicious attacks via Bayesian inference, enabling both anomaly detection and localization. It maintains stable performance under dynamic topology changes, achieves sub-one-minute per-step computation on a 2383-bus system, reduces state estimation error by over 70% compared to baseline methods in FDIA scenarios, and exhibits near-linear scalability.

Power grids increasingly need real-time situational awareness under the ever-evolving cyberthreat landscape. Advances in snapshot-based system identification approaches have enabled accurately estimating states and topology from a snapshot of measurement data, under random bad data and topology errors. However, modern interactive, targeted false data can stay undetectable to these methods, and significantly compromise estimation accuracy. This work advances system identification that combines snapshot-based method with time-series model via Bayesian Integration, to advance cyber resiliency against both random and targeted false data. Using a distance-based time-series model, this work can leverage historical data of different distributions induced by changes in grid topology and other settings. The normal system behavior captured from historical data is integrated into system identification through a Bayesian treatment, to make solutions robust to targeted false data. We experiment on mixed random anomalies (bad data, topology error) and targeted false data injection attack (FDIA) to demonstrate our method's 1) cyber resilience: achieving over 70% reduction in estimation error under FDIA; 2) anomalous data identification: being able to alarm and locate anomalous data; 3) almost linear scalability: achieving comparable speed with the snapshot-based baseline, both taking <1min per time tick on the large 2,383-bus system using a laptop CPU.