The traditional malware detection system of smart grid mainly detects known malware based on feature database, which is not applicable for detecting unknown malware variants. Although the machine learning based detection methods can detect unknown malware variants, but the accuracy and robustness of the existing methods need to be further improved, which is not enough to meet the actual needs of smart grid. Therefore, this paper proposes an ensemble learning based unknown malware variants detection method, which uses multi-source data and multiple machine learning methods to construct several single detection models respectively, and designs a hybrid detection model based on logistic. Compared with the traditional single detection models, the accuracy and robustness of the hybrid detection model are significantly improved.