Domain-Adapted Granger Causality for Real-Time Cross-Slice Attack Attribution in 6G Networks
Minh K. Quan, Pubudu N. Pathirana
TL;DR
This work tackles cross-slice attack attribution in 6G networks, where shared infrastructure creates confounding correlations that hinder causal attribution. It introduces a domain-adapted Granger causality framework that conditions on resource states and explicitly models resource contention, supported by theoretical guarantees and a real-time algorithm. Key contributions include formal problem formulation, a resource-aware extension to Granger causality with identifiable causal paths and FDR control, and extensive evaluation on a production-grade 6G testbed achieving $89.2\%$ accuracy with $<100\mathrm{ms}$ latency. The approach yields interpretable causal explanations for autonomous security orchestration, enabling timely and reliable attribution in complex, multi-slice environments.
Abstract
Cross-slice attack attribution in 6G networks faces the fundamental challenge of distinguishing genuine causal relationships from spurious correlations in shared infrastructure environments. We propose a theoretically-grounded domain-adapted Granger causality framework that integrates statistical causal inference with network-specific resource modeling for real-time attack attribution. Our approach addresses key limitations of existing methods by incorporating resource contention dynamics and providing formal statistical guarantees. Comprehensive evaluation on a production-grade 6G testbed with 1,100 empirically-validated attack scenarios demonstrates 89.2% attribution accuracy with sub-100ms response time, representing a statistically significant 10.1 percentage point improvement over state-of-the-art baselines. The framework provides interpretable causal explanations suitable for autonomous 6G security orchestration.