The invention discloses an SMV (sampled measured value) network attack grading detection method applicable to a digital substation bay level. The method includes steps of packet decryption, packet filtering, packet analysis, MAC (media access control) address abnormity detection, specification-based intrusion detection and historical event based data detection and further includes a final step that final detection results are classified and written into normal event logs and alarm logs and stored after abnormality evident acquisition, abnormal evaluation index calculation is performed according to intrusion data, and alarm and intrusion data and abnormal evaluation indexes are sent to a master station or local alarm display is performed. The SMV network attack grading detection method applicable to the digital substation bay level has advantages that by arrangement of various indicators for abnormal states including MAC address abnormality, SMV bad data, data packet logic detection, data traffic threshold abnormality, primary failure similarity, network attack similarity, uploading SMV faking, uploading SMV tampering and the like, intrusion forms and possible intrusion positions can be determined conveniently and quickly, and dispatch side operation monitoring personnel can be informed conveniently and quickly.