Advanced Metering Infrastructure (AMI) is an integral part of smart power grids. With advanced computing and communications, cybersecurity has emerged to be a critical issue for AMI networks, which demand confidentiality and integrity. Cyber attackers can employ unauthorized devices, also known as rogue nodes, to steal customers' private information, modify or create wrong data that can financially impact customers, utilities, and the electricity market. To detect rogue nodes in AMI networks, we propose and simulate two Intrusion Detection Systems (IDS). Their goal is to detect man-in-the-middle attacks (MiTM), where the rogue node steals information using Address Resolution Protocol (ARP) cache poisoning. A host-based simplistic IDS for the smart meters and a network-based IDS for the data concentrator, which has a larger computing power, were implemented to detect and stop such MiTM attacks. The proposed IDS system uses a Bayesian-based machine learning technique so that the IDS learns the behavior of the attack and detects future attacks.