In response to the challenges brought by the significant increase in data volume and the proprietary and closed nature of business protocols in the highly coordinated and interactive “source-network-load-storage” system of the new power grid, this study proposes a technology for analyzing abnormal behavior in bidirectional interactive protocols. A risk monitoring scheme for data flow is designed, incorporating both trigger detection and deep detection. The scheme proposes an improved cumulative sum algorithm (SSUM algorithm) for risk monitoring by real-time tracking of multidimensional sequences and their cumulative deviations based on statistical characteristics, achieving coarse-grained risk monitoring of the entire network flow. Then, time window features are introduced and the AdaBoost ensemble learning algorithm is used for fine-grained deep detection of abnormal traffic. Finally, the presence of data flow risk is determined. Experimental results show that the detection accuracy of the AdaBoost algorithm is better than that of other classification algorithms, reaching 97.7%. The joint monitoring scheme has the advantages of low cost and low false alarm rate.