Enhancing Cybersecurity Monitoring in Battery Energy Storage Systems with Graph Neural Networks

Battery energy storage systems (BESSs) play a vital role in contemporary smart grids, but their increasing digitalisation exposes them to sophisticated cyberattacks. Existing anomaly detection approaches typically treat sensor measurements as flat feature vectors, overlooking the intrinsic relational structure of cyber-physical systems. This work introduces an enhanced Graph Neural Network (GNN) autoencoder for unsupervised BESS anomaly detection that integrates multiscale graph construction, multi-head graph attention, manifold regularisation via latent compactness and graph smoothness, contrastive embedding shaping, and an ensemble anomaly scoring mechanism. A comprehensive evaluation across seven BESS and firmware cyberattack datasets demonstrates that the proposed method achieves near-perfect Receiver Operating Characteristic (ROC) and Precision-Recall Area Under the Curve (PR AUC) (up to 1.00 on several datasets), outperforming classical one-class models such as Isolation Forest, One-Class Support Vector Machine (One-Class SVM), and Local Outlier Factor on the most challenging scenarios. These results illustrate the strong potential of graph-informed representation learning for cybersecurity monitoring in distributed energy resource infrastructures.