Search for a command to run...
The growing integration of renewable generation, battery storage, power-electronic converters, and fast EV charging is transforming distribution grids into tightly coupled cyber–physical energy networks. Such multi-device coordinated control, however, significantly enlarges the attack surface and exposes the system to false data injection, command spoofing, and coordinated load manipulation. This work presents a unified cybersecurity framework that combines temporal graph neural networks, lightweight edge autoencoders, and digital-twin–based validation for detecting cyberattacks in distributed energy control systems. A high-fidelity dataset is constructed using 420 h of real telemetry and hardware-in-the-loop digital-twin trajectories, covering 18 devices and 22 features per node across PV inverters, storage units, and EV chargers. The proposed temporal GNN captures network-level dependencies and non-stationary control dynamics, while edge autoencoders detect device-local anomalies; a global–local fusion module aggregates both for robust decision making. Experimental results show that the proposed method achieves 0.97 AUC, 0.96 F1-score, and the lowest false-alarm rate and detection latency among baseline IDS, GNN, and CPS-model–based detectors. Digital-twin replay further verifies that early detection mitigates DC-bus voltage excursions and SoC oscillations under multi-point coordinated attacks. The results demonstrate that the presented approach provides an effective, scalable, and practical cyber–physical defense solution for next-generation distributed energy infrastructures. • a PWSC-specific multi-layer vulnerability and attack-path modeling framework. • an adaptive intrusion detection system that fuses temporal GNNs with edge-deployable autoencoders for cyber–physical monitoring.