This work addresses the challenge of cross-slice attack provenance in 6G network slicing, where accurate identification of causal chains propagated through shared infrastructure must occur within 100 milliseconds. Existing methods struggle to balance precision and latency due to spurious correlations induced by resource contention. To overcome this, we propose DA-GC, a novel framework that integrates resource-conditioned Granger causality analysis with an axiomatic Resource Contention Model (RCM) to systematically eliminate resource-mediated confounding effects. DA-GC further introduces, for the first time, a formal certification mechanism that ensures statistical validity and security of causal attribution while supporting differential privacy deployment. Evaluated on a 6G platform encompassing 15 slices and 1,100 attack scenarios, DA-GC achieves 89.2% accuracy within 87 ms—surpassing the strongest baseline by 7.9 percentage points and reducing latency by 2.7×—while demonstrating robust generalization across topologies and resilience to concept drift.

Cross-slice attack attribution in 6G networks requires identifying causal propagation chains through shared infrastructure in under 100 ms. Existing methods struggle to satisfy this strict SLA without sacrificing accuracy, because shared resource contention creates spurious correlations that are indistinguishable from genuine causal links under standard Granger tests. We propose DA-GC, a certified causal attribution framework that integrates resource-conditioned Granger causality with an axiomatically derived Resource Contention Model (RCM) to systematically block resource-mediated confounding. On a 15-slice production-emulation 6G testbed with 1,100 attack scenarios, DA-GC achieves 89.2% attribution accuracy at 87 ms. This represents a 7.9 percentage-point improvement over the strongest baseline at 2.7x lower latency, alongside demonstrated cross-topology generalization and concept-drift resilience. Crucially, DA-GC is backed by a comprehensive formal certification stack. We provide mathematically proven validity certificates for statistical soundness under serially dependent telemetry and piecewise-stationarity. Furthermore, we establish strict security bounds, including an adversarial utilization spoofing breakdown point of $δ^* \approx 0.95$, and define the minimum differential-privacy noise required for a provably private and robust deployment.