FedLAD: A Modular and Adaptive Testbed for Federated Log Anomaly Detection
Yihan Liao, Jacky Keung, Zhenyu Mao, Jingyu Zhang, Jialong Li
TL;DR
FedLAD presents a modular, self-adaptive testbed for federated log anomaly detection, addressing the lack of dedicated FL environments for LAD by decoupling models, datasets, and aggregation strategies. It integrates a MAP-based self-adaptation loop, self-monitoring, and auto-configuration to enable reproducible and scalable experimentation across IID and non-IID log data. The platform supports plug-and-play LAD architectures, benchmark datasets, and multiple FL aggregators, demonstrating concrete gains from adaptive control and comparable performance to centralized baselines with added privacy benefits. By providing end-to-end tooling, FedLAD accelerates reproducible research and rapid prototyping of privacy-preserving, scalable LAD in federated settings.
Abstract
Log-based anomaly detection (LAD) is critical for ensuring the reliability of large-scale distributed systems. However, most existing LAD approaches assume centralized training, which is often impractical due to privacy constraints and the decentralized nature of system logs. While federated learning (FL) offers a promising alternative, there is a lack of dedicated testbeds tailored to the needs of LAD in federated settings. To address this, we present FedLAD, a unified platform for training and evaluating LAD models under FL constraints. FedLAD supports plug-and-play integration of diverse LAD models, benchmark datasets, and aggregation strategies, while offering runtime support for validation logging (self-monitoring), parameter tuning (self-configuration), and adaptive strategy control (self-adaptation). By enabling reproducible and scalable experimentation, FedLAD bridges the gap between FL frameworks and LAD requirements, providing a solid foundation for future research. Project code is publicly available at: https://github.com/AA-cityu/FedLAD.