Cyber-attacks detection in modern power systems is undoubtedly indispensable to enhance their resilience and guarantee the continuous production of electricity. As the number of attacks is very small compared to normal events, and attacks are unpredictable, it is not obvious to build a model for attacks. Here, only anomaly-free measurements are utilized to build a reference model for intrusion detection. Specifically, this study presents an unsupervised intrusion detection approach using the k-nearest neighbor algorithm and exponential smoothing monitoring scheme for uncovering attacks in modern power systems. Essentially, the k-nearest neighbor algorithm is implemented to compute the deviation between actual measurements and the faultless (training) data. Then, the exponential smoothing method is used to set up a detection decision-based kNN metric for anomaly detection. The proposed procedure has been tested to detect cyber-attacks in a two-line three-bus power transmission system. The proposed approach has been shown good detection performance.