Achievement of the goals of smart grid such as resilience, high power quality, and consumer participation strongly depends on the security of this system. Along with the security measures that should be built into the smart grid from the beginning, appropriate Intrusion Detection Systems (IDSs) should also be designed. Home area network (HAN) is one of the most vulnerable subsystems within the smart grid, mostly because of its physically insecure environment. In this paper, we present a layered specification-based IDS for HAN. Considering that ZigBee is the dominant technology in future HAN, our IDS is designed to target ZigBee technology; specifically we address the physical and medium access control (MAC) layers. In our IDS the normal behavior of the network is defined through selected specifications that we extract from the IEEE 802.15.4 standard. Deviations from the defined normal behavior can be a sign of some malicious activities. We further investigate the physical and MAC layer attacks in ZigBee networks and evaluate the performance of our proposed IDS against them. Our IDS provides a good detection capability against known attacks, and since this is an IDS based on anomalous event detection, we expect the same for unknown attacks.