The integration of Information and Communications Technology (ICT) enables real-time communication for smart meters to participate in power system operations. However, Advanced Metering Infrastructures (AMI) are vulnerable to cyber attacks. Both utilities and power consumers may become victims of cyber intrusions. In this paper, a two-stage cyber intrusion protection system is proposed. At the first stage of intrusion detection, a Support Vector Machine (SVM) is used as a detection algorithm to discover suspicious behaviors inside a smart meter. At the second stage, the Temporal Failure Propagation Graph (TFPG) technique is used to generate attack routes for identifying attack events. Finally, the proposed pattern recognition algorithm is used to calculate the similarity between a detected abnormal event and pre-defined cyber attacks. A higher similarity value implies a higher chance that a smart meter is under attack. An AMI security test platform has been developed to: (1) Collect training/testing data for SVM, (2) Simulate and analyze cyber attack events, and (3) Validate the proposed cyber attack protection system. The test platform consists of Network-Simulator 3 (NS-3) software to simulate an AMI network environment and single board computers (SBCs) to emulate the IEEE 802.15.4 communication between a grid router and a smart meter.