AI-Driven Self-Protection in 6G Networks: Autonomous Intrusion Detection and Vulnerability Isolation

Abstract

Sixth-Generation (6G) networks require autonomous and ultra-low-latency protection against rapidly evolving threats. We present a hierarchical self-protection framework that integrates edge streaming detectors with a federated learning layer and a Service Level Agreement (SLA)-aware policy engine for graduated isolation at both slice and device granularity. The framework introduces: (i) an intent-driven threat-to-playbook compiler aligned with the MITRE Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework for Telecom, (ii) adaptive score fusion guided by service context, and (iii) a reproducible pipeline that supports privacy-preserving training. Evaluated on an emulated Open Radio Access Network (O-RAN) testbed and documented synthetic traces, the system maintains end-to-end detection-to-action delays in 5-10 milliseconds while outperforming competitive baselines in F1 score. The configuration files and seeds are released to ensure complete reproducibility. The measured detection-to-action time T_det→act achieves a median of 5.6 milliseconds (95th percentile 9.8 milliseconds) at traffic speeds up to 12,000 flows per second. A two-hour shadow-mode pilot on mirrored Multi-access Edge Computing (MEC) traffic further validates sub-10-millisecond 95th-percentile action loops under real operational load.