Modern distribution power system has become a typical cyber-physical system (CPS), where reliable automation control process is heavily depending on the accurate measurement data. However, the cyber-attacks on CPS may manipulate the measurement data and mislead the control system to make incorrect operational decisions. Two types of cyber-attacks (e.g., transient cyber-attacks and steady cyberattacks) as well as their attack templates are modeled in this paper. To effectively and accurately detect these false data injections, a multivariate Gaussian based anomaly detection method is proposed. The correlation features of comprehensive measurement data captured by micro-phasor measurement units (µPMU) are developed to train multivariate Gaussian models for the anomaly detection of transient and steady cyberattacks, respectively. A k-means clustering method is introduced to reduce the number of µPMUs and select the placement of µPMUs. Numerical simulations on the IEEE 34 bus system show that the proposed method can effectively detect the false data injections on measurement sensors of distribution systems. INDEX TERMS Cyber-physical system, cyber-attack, anomaly detection, distribution grid, machine learning. I. INTRODUCTION Information technology plays a critical role in the automatic control of modern distribution power systems, which consist of a large number of computation systems, local sensors, and communication networks. With the increasing and deep interaction between physical flow and cyber flow, the modern distribution system becomes a typical cyber-physical system (CPS) [1], [2]. The core of CPS in power grids is to achieve high-sensitivity awareness and real-time automation of physical processes through the integration and coordination of 3C (Computation, Communication, and Control) technology [3]-[5]. The integration of cyber networks and physical systems has significantly enhanced the efficiency and reliability of distribution system operations. However, the strong interdependence between cyber networks and physical power grids can bring more potential risks through complex communication links, which are significantly vulnerable to cyber security threats [6]. In addition, both the privatization of energy industries and the standardization of The associate editor coordinating the review of this article and approving it for publication was Mingjian Cui.