This work addresses the limited generalization of existing root cause analysis methods in dynamic, complex networks, which often rely on static rules or local topology and struggle to accurately trace customer-impacting root causes. To overcome this, the paper introduces counterfactual reasoning into large-scale network root cause analysis for the first time, modeling failures as temporal graph processes. By integrating self-supervised learning, graph neural networks, and counterfactual simulation, the approach ranks candidate root causes and generates interpretable causal hypotheses that seamlessly inform operational mitigation strategies. Evaluation on 31 expert-annotated incidents demonstrates a 16.1% improvement in root cause ranking accuracy over rule-based baselines within critical decision windows, with each inference requiring only seconds of GPU time.

Can a learned model capture how faults propagate through a large-scale network and use this knowledge to causally attribute customer impact to its underlying root cause? Existing root cause analysis techniques often rely on static rules, correlation heuristics, or topology-local reasoning, which struggle to generalize in dynamic environments where faults propagate across complex physical and logical dependencies. We present NetCause, a self-supervised learning-based framework that models network incidents as graph-temporal processes and uses counterfactual simulation to rank candidate root causes. This approach produces an interpretable ranking of root cause hypotheses and integrates naturally with operator-defined mitigation and remediation actions. We train the model on over 1,500 incidents collected over six months from a leading cloud provider's production network and evaluate it on 31 expert-labeled incidents. NetCause consistently improves root cause ranking quality in the regime most relevant to operational decision-making, achieving a 16.1% accuracy improvement over a rule-based heuristic baseline. While training is computationally intensive, inference is lightweight, requiring only seconds of GPU runtime per incident (well below typical telemetry collection latencies).