The advanced metering infrastructure (AMI) that facilitates the monitoring of consumers’ power consumption is vulnerable to various cyberattacks. Among these attacks, distributed denial of service (DDoS) poses a significant threat, disrupting timely and reliable access to network information. Although many research works addressed attack detection through thresholds, majority of the works do not consider low- and high-rate DDoS attacks with optimized thresholds. Hence, the proposal aims to implement an intrusion detection and prevention system in a real-time AMI testbed. The testbed is set up using lamp load, resistive loads, sensors, AtMega controller, and Raspberry Pi as smart meter (SM), data concentrator (DC), and a server. Various intensities of transmission control protocol (TCP)-synchronize (SYN) attacks are emulated and the packets are captured using Wireshark. A combination of Gini impurity and total variation distance (TVD) methods is utilized for suspicious activity detection through optimized dynamic thresholds. The proposal introduces an optimal deviation parameter in dynamic thresholds and ensures its optimality by examining the existence of Nash equilibrium in a two-player noncooperative game. Subsequently, the anomalous traffic is forwarded to the honeypot, where packets are logged and the respective attack connections are identified and blocked permanently. The proposed detection system is compared with its counterparts for accuracy, true positive rate (TPR), false positive rate (FPR), time, and computational complexity, and it is evident that the proposed game theoretic approach outperforms, showcasing its supremacy.