Improving the analysis of dependable systems by mapping fault trees into Bayesian networks

Bayesian Networks (BN) provide a robust probabilistic method of reasoning under uncertainty. They have been successfully applied in a variety of real-world tasks but they have received little attention in the area of dependability. The present paper is aimed at exploring the capabilities of the BN formalism in the analysis of dependable systems. To this end, the paper compares BN with one of the most popular techniques for dependability analysis of large, safety critical systems, namely Fault Trees (FT). The paper shows that any FT can be directly mapped into a BN and that basic inference techniques on the latter may be used to obtain classical parameters computed from the former (i.e. reliability of the Top Event or of any sub-system, criticality of components, etc). Moreover, by using BN, some additional power can be obtained, both at the modeling and at the analysis level. At the modeling level, several restrictive assumptions implicit in the FT methodology can be removed and various kinds of dependencies among components can be accommodated. At the analysis level, a general diagnostic analysis can be performed. The comparison of the two methodologies is carried out by means of a running example, taken from the literature, that consists of a redundant multiprocessor system.     

Bayesian-network-based safety risk assessment for steel construction projects

There are four primary accident types at steel building construction (SC) projects: falls (tumbles), object falls, object collapse, and electrocution. Several systematic safety risk assessment approaches, such as fault tree analysis (FTA) and failure mode and effect criticality analysis (FMECA), have been used to evaluate safety risks at SC projects. However, these traditional methods ineffectively address dependencies among safety factors at various levels that fail to provide early warnings to prevent occupational accidents. To overcome the limitations of traditional approaches, this study addresses the development of a safety risk-assessment model for SC projects by establishing the Bayesian networks (BN) based on fault tree (FT) transformation. The BN-based safety risk-assessment model was validated against the safety inspection records of six SC building projects and nine projects in which site accidents occurred. The ranks of posterior probabilities from the BN model were highly consistent with the accidents that occurred at each project site. The model accurately provides site safety-management abilities by calculating the probabilities of safety risks and further analyzing the causes of accidents based on their relationships in BNs. In practice, based on the analysis of accident risks and significant safety factors, proper preventive safety management strategies can be established to reduce the occurrence of accidents on SC sites.     

Construction of event-tree/fault-tree models from a Markov approach to dynamic system reliability

While the event-tree (ET)/fault-tree (FT) methodology is the most popular approach to probability risk assessment (PRA), concerns have been raised in the literature regarding its potential limitations in the reliability modeling of dynamic systems. Markov reliability models have the ability to capture the statistical dependencies between failure events that can arise in complex dynamic systems. A methodology is presented that combines Markov modeling with the cell-to-cell mapping technique (CCMT) to construct dynamic ETs/FTs and addresses the concerns with the traditional ET/FT methodology. The approach is demonstrated using a simple water level control system. It is also shown how the generated ETs/FTs can be incorporated into an existing PRA so that only the (sub)systems requiring dynamic methods need to be analyzed using this approach while still leveraging the static model of the rest of the system.     

Incorporating organizational factors into probabilistic safety assessment of nuclear power plants through canonical probabilistic models

The ω-factor approach is a method that explicitly incorporates organizational factors into Probabilistic safety assessment of nuclear power plants. Bayesian networks (BNs) are the underlying formalism used in this approach. They have a structural part formed by a graph whose nodes represent organizational variables, and a parametric part that consists of conditional probabilities, each of them quantifying organizational influences between one variable and its parents in the graph. The aim of this paper is twofold. First, we discuss some important limitations of current procedures in the ω-factor approach for either assessing conditional probabilities from experts or estimating them from data. We illustrate the discussion with an example that uses data from Licensee Events Reports of nuclear power plants for the estimation task. Second, we introduce significant improvements in the way BNs for the ω-factor approach can be constructed, so that parameter acquisition becomes easier and more intuitive. The improvements are based on the use of noisy-OR gates as model of multicausal interaction between each BN node and its parents.     

Bayesian belief networks for system fault diagnostics

Fault diagnostic methods aim to recognize when faults exist on a system and to identify the failures that have caused the fault. The symptoms of the fault are obtained from readings from sensors located on the system. When the observed readings do not match those expected then a fault can exist. Using the detailed information provided by the sensors, a list of the failures (singly or in combinations) that could cause the symptoms can be deduced. In the last two decades, fault diagnosis has received growing attention due to the complexity of modern systems and the consequent need for more sophisticated techniques to identify the failures when they occur. Detecting the causes of a fault quickly and efficiently means reducing the costs associated with the system unavailability and, in certain cases, avoiding the risks of unsafe operating conditions. Bayesian belief networks (BBNs) are probabilistic models that were developed in artificial intelligence applications but are now applied in many fields. They are ideal for modelling the causal relations between faults and symptoms used in the detection process. The probabilities of events within the BBN can be updated following observations (evidence) about the system state. In this paper we investigate how BBNs can be applied to diagnose faults on a system. Initially Fault trees (FTs) are constructed to indicate how the component failures can combine to cause unexpected deviations in the variables monitored by the sensors. Converting FTs into BNs enables the creation of a model that represents the system with a single network, which is constituted by sub‐networks. The posterior probabilities of the components' failures give a measure of those components that have caused the symptoms observed. The method gives a procedure that can be generalized for any system where the causality structure can be developed relating the system component states to the sensor readings. The technique is demonstrated with a simple example system. Copyright © 2008 John Wiley & Sons, Ltd.     

Quantifying uncertainty under a predictive, epistemic approach to risk analysis

Risk analysis is a tool for investigating and reducing uncertainty related to outcomes of future activities. Probabilities are key elements in risk analysis, but confusion about interpretation and use of probabilities often weakens the message from the analyses. Under the predictive, epistemic approach to risk analysis, probabilities are used to express uncertainty related to future values of observable quantities like the number of fatalities or monetary loss in a period of time. The procedure for quantifying this uncertainty in terms of probabilities is, however, not obvious. Examples of topics from the literature relevant in this discussion are use of expert judgement, the effect of so-called heuristics and biases, application of historical data, dependency and updating of probabilities. The purpose of this paper is to discuss and give guidelines on how to quantify uncertainty in the perspective of these topics. Emphasis is on the use of models and assessment of uncertainties of similar quantities.     

基于贝叶斯网络的核电站应急电力系统安全评价

在故障树分析法(FTA)基础上提出了一种基于贝叶斯网络(BN)的核电站应急电力系统安全评价方法,比较了FTA和BN在建立安全评价模型和评价能力上的不同.该方法在应对众多影响因素上有很大优势,能进行更多有意义的分析:既能进行前向的预测推理,又能进行后向的诊断推理,可以找出影响故障的组合模式,从而能够找出系统的薄弱环节.同时采用基于Matlab的BNT软件包,大大简化了计算过程.通过对10MW高温气冷堆(HTR-10)应急电力系统的安全评价实例的分析,证明该方法是对传统的基于故障树分析的安全评价方法的有益改进.     

Probabilistic Modeling of QCA Circuits Using Bayesian Networks

To push the frontiers of quantum-dot cellar automata (QCA) based circuit design, it is necessary to have design and analysis tools at multiple levels of abstractions. To characterize the performance of QCA circuits it is not sufficient to specify just the binary discrete states (0 or 1) of the individual cells, but also the probabilities of observing these states. We present an efficient method based on graphical probabilistic models, called Bayesian networks (BNs), to model these steady-state cell state probabilities, given input states. The nodes of the BN are random variables, representing individual cells, and the links between them capture the dependencies among them. BNs are minimal, factored, representation of the overall joint probability of the cell states. The method is fast and its complexity is shown to be linear in terms of the number of cells. This BN model allows us to analyze clocked QCA circuits in terms of quantum- mechanical quantities, such as steady-state polarization and thermal ratios for each cell, without the need for full quantum-mechanical simulation, which is known to be very slow and is best postponed to the final stages of the design process. We can also estimate the most likely (or ground) state configuration for all the cells and the lowest energy configuration that results in output errors. We validate the model with steady-state probabilities computed by the Hartree-Fock self-consistent approximation (HT-SCA). Using full adder designs, we demonstrate the ability to compare and contrast QCA circuit designs with respect to the variation of the output state probabilities with temperature and input. We also show how weak spots in clocked QCA circuit designs can be found using our model by comparing the (most likely) ground-state configuration with the next most likely energy state configuration that results in output error     

Bayesian networks for maritime traffic accident prevention: Benefits and challenges

Bayesian networks are quantitative modeling tools whose applications to the maritime traffic safety context are becoming more popular. This paper discusses the utilization of Bayesian networks in maritime safety modeling. Based on literature and the author's own experiences, the paper studies what Bayesian networks can offer to maritime accident prevention and safety modeling and discusses a few challenges in their application to this context. It is argued that the capability of representing rather complex, not necessarily causal but uncertain relationships makes Bayesian networks an attractive modeling tool for the maritime safety and accidents. Furthermore, as the maritime accident and safety data is still rather scarce and has some quality problems, the possibility to combine data with expert knowledge and the easy way of updating the model after acquiring more evidence further enhance their feasibility. However, eliciting the probabilities from the maritime experts might be challenging and the model validation can be tricky. It is concluded that with the utilization of several data sources, Bayesian updating, dynamic modeling, and hidden nodes for latent variables, Bayesian networks are rather well-suited tools for the maritime safety management and decision-making.     

Investigations of Human and Organizational Factors in hazardous vapor accidents

This paper presents a model to assess the contribution of Human and Organizational Factor (HOF) to accidents. The proposed model is made up of two phases. The first phase is the qualitative analysis of HOF responsible for accidents, which utilizes Human Factors Analysis and Classification System (HFACS) to seek out latent HOFs. The hierarchy of HOFs identified in the first phase provides inputs for the analysis in the second phase, which is a quantitative analysis using Bayesian Network (BN). BN enhances the ability of HFACS by allowing investigators or domain experts to measure the degree of relationships among the HOFs. In order to estimate the conditional probabilities of BN, fuzzy analytical hierarchy process and decomposition method are applied in the model. Case studies show that the model is capable of seeking out critical latent human and organizational errors and carrying out quantitative analysis of accidents. Thereafter, corresponding safety prevention measures are derived.     

Probabilistic reasoning based on dynamic causality trees/diagrams

The techniques of artificial intelligence have been widely used in many areas, including reliability engineering and system safety, e.g. the expert systems for fault diagnoses of complex engineering systems. Uncertainties are an important issue to be addressed in these techniques. This paper presents a methodology dealing with the probabilistic reasoning under uncertainty in artificial intelligence systems. This methodology is based on the newly defined causality trees/diagrams that can be either singly or multiply connected; moreover, it can include causality loops. Two new kinds of events, basic events and linkage events, are introduced. Their probabilities of occurrence are easily obtained from subjective belief or statistics, and are independent of each other. Thus, they are modular and deliverable as a part of knowledge. Also, the causality trees/diagrams can include on-line dynamical information. Two equivalent belief updating approaches are presented which operate regardless of whether the target system is singly connected, multiply connected or causally looped.Two examples are given to illustrate and prove this methodology.     

Dot chart analysis as a means to develop a fault tree: application to a catalytic hydrogenation unit

This paper describes the application of dot chart analysis to a semicontinuous catalytic hydrogenation unit. Dot chart tables have been used as a basis for developing the recursive operability analysis and the fault trees (FTs), whose aim is to determine the safety of both the unit and its operators. The unit is formed of two reactors in parallel: the transfer of operations from one reactor to the other when its catalyst is exhausted is performed by means of the isolation systems installed for this purpose on the inlet and outlet lines. FTs assessed the expected number of leak at 3×10⁻³ occurrences per mission time. The study clearly showed that the operations could be regarded as safe, since, with minor modification to control system and operative procedure, these leaks would be of pressurised nitrogen and hence without consequences for the unit and its operators.     

Bayesian network approach to change propagation analysis

The prediction of change propagation is one of the important issues in engineering change management. The aim of this article is to explore the capability of Bayesian network (BN), which is an emerging tool for a wide range of risk management, in modeling and analysis of change propagation. To this end, we compare the BN with change prediction method (CPM), which is the most established probabilistic methods for predicting change propagation. This paper shows that a CPM-based model can be converted into an equivalent BN, and the probabilistic inference technique on the latter results in the same change prediction result obtained from the former. Then, this paper shows that several improvements can be obtained at various levels using the BN. At the modeling level, complex relationship between components such as combined effect of simultaneous changes or multistate relationship can be naturally represented with the BN. At the analysis level, various change propagation scenarios can be analyzed using probabilistic inference on the BN. Finally, BN provides a robust framework for learning change propagation probabilities from empirical data. The case study is conducted to show the feasibility of the model.     

Development of systems reliability analysis code SECOM-2 for seismic PSA

An integrated code system SECOM-2, developed at the Japan Atomic Energy Research Institute (JAERI), has the following functions for systems reliability analysis in seismic probabilistic safety assessments (PSAs): (1) calculation of component failure probability, (2) extraction of minimal cut sets (MCSs) from a given fault tree (FT), (3) calculation of frequencies of accident sequences and core damage, (4) importance analysis with several measures with consideration of unique parameters of seismic PSAs, (5) sensitivity analysis, and (6) uncertainty analysis. This paper summarizes the special features of SECOM-2 to perform the analyses mentioned above. At JAERI, using an integrated FT which represents seismically induced core damage due to all initiating events as a system model to calculate core damage frequency of a nuclear power plant, SECOM-2 can calculate conditional point estimate probabilities of system failures, losses of safety functions, and core damage as a function of earthquake motions. The point estimate is computed by a method which gives an exact numerical solution using the Boolean arithmetic model method. As for consideration of correlation of component failure, which has been an important issue in seismic PSAs, a new technique based on direct FT quantification by a Monte Carlo simulation is being added to SECOM-2. Adding this technique, the core damage frequency can be calculated not only with the upper bound approximation based on MCSs but also with a near exact solution taking into account the correlation among all components. This paper also presents the preliminary results of a seismic PSA of a generic BWR plant in Japan performed at JAERI to demonstrate the functions of the SECOM-2 code.     

Dynamic fault tree analysis using Monte Carlo simulation in probabilistic safety assessment

Traditional fault tree (FT) analysis is widely used for reliability and safety assessment of complex and critical engineering systems. The behavior of components of complex systems and their interactions such as sequence- and functional-dependent failures, spares and dynamic redundancy management, and priority of failure events cannot be adequately captured by traditional FTs. Dynamic fault tree (DFT) extend traditional FT by defining additional gates called dynamic gates to model these complex interactions. Markov models are used in solving dynamic gates. However, state space becomes too large for calculation with Markov models when the number of gate inputs increases. In addition, Markov model is applicable for only exponential failure and repair distributions. Modeling test and maintenance information on spare components is also very difficult. To address these difficulties, Monte Carlo simulation-based approach is used in this work to solve dynamic gates. The approach is first applied to a problem available in the literature which is having non-repairable components. The obtained results are in good agreement with those in literature. The approach is later applied to a simplified scheme of electrical power supply system of nuclear power plant (NPP), which is a complex repairable system having tested and maintained spares. The results obtained using this approach are in good agreement with those obtained using analytical approach. In addition to point estimates of reliability measures, failure time, and repair time distributions are also obtained from simulation. Finally a case study on reactor regulation system (RRS) of NPP is carried out to demonstrate the application of simulation-based DFT approach to large-scale problems.     

Automated fault tree synthesis by semantic network modeling, rulebased development and recursive 3-value procedure

A concept of flow is introduced to represent any material, information, energy, activity, or phenomenon which can move or propagate along flow paths to cause events specific to the system to be analyzed. A graphical equipment library is given to represent typical types of ‘generation rate’ and ‘aperture’ controllers. The system is modeled by a semantic network with labeled arrows showing effect to cause (backward) relationships between flow and equipment nodes. A correspondence between the equipment library and the system components is established, and the semantic network is constructed by integrating network fragments in the library. Fixed and/or free boundary conditions can be specified explicitly for flow or equipment nodes. Forward-chaining event development rules locally trace the labeled arrows, while a 3-value procedure guides the FT generation by recursive rule applications. The rules are obtained from tables and equipment definitions. The 3-value logic is used to truncate FTs according to the boundary conditions. Different FTs are generated for different top events and boundary conditions, given a semantic network model. FT modules and their hierarchies can be identified by examining network theoretic properties of flow nodes. The proposed approach is demonstrated for a relay system, a hypothetical swimming pool reactor and a chemical reactor.     

Bayesian Network Resource for Meta‐Analysis: Cellular Toxicity of Quantum Dots

A web‐based resource for meta‐analysis of nanomaterials toxicity is developed whereby the utility of Bayesian networks (BNs) is illustrated for exploring the cellular toxicity of Cd‐containing quantum dots (QDs). BN models are developed based on a dataset compiled from 517 publications comprising 3028 cell viability data samples and 837 IC₅₀ values. BN QD toxicity (BN‐QDTox) models are developed using both continuous (i.e., numerical) and categorical attributes. Using these models, the most relevant attributes identified for correlating IC₅₀ are: QD diameter, exposure time, surface ligand, shell, assay type, surface modification, and surface charge, with the addition of QD concentration for the cell viability analysis. Data exploration via BN models further enables identification of possible association rules for QDs cellular toxicity. The BN models as web‐based applications can be used for rapid intelligent query of the available body of evidence for a given nanomaterial and can be readily updated as the body of knowledge expands.     

Integrating several formalisms in order to increase Fault Trees' modeling power

The Fault Tree (FT) is a widespread model in the field of Reliability, but its modeling power is very limited. Therefore, several FT extensions have been proposed in the literature, each introducing particular modeling primitives, but in a separate way. In this paper, we integrate the primitives coming from three relevant FT extensions (parametric, dynamic, and repairable FT), into the formalism called generalized FT (GFT). We define each primitive in such a way that it can be combined with any other one. This allows to compactly represent redundancies and symmetries of the system structure, set several kinds of dependency among the events, and model repair processes, in the same model. The paper provides also the analysis process for GFT models, based on the modular approach. In particular, we provide the conditions to detect modules, considering the presence of all the primitives. Besides modules, we exploit the parametric form also at the solution level, with the aim of reducing the cost of analysis.     

Introducing a heuristic approach to enhance the reliability of system safety assessment

Probabilistic risk assessment techniques are the important tools which can considerably improve the safety performance of the studied system and reduce the risk to an acceptable level. Typically, decision‐making process is an important part of risk assessment methods that accordingly bring the ambiguity inside. Decision makers as experts commonly express their subjective opinions about the occurrence of the root events in order to obtain the probability of the undesired event. Subsequently, the critical root events are identified, and possible intervention is performed to reduce the probability of the critical events. However, the serious point is the viability of the obtained probabilities and priority ranking of the critical events. In this study, a heuristic optimization model of linear mathematical programming using triangular intuitionistic fuzzy number (TrIFN) is proposed to obtain the feasible, optimum, and reliable results compared with available methods. The Spearman correlation is performed to examine the reliability and behavior of the proposed model. In order to show the effectiveness of the proposed approach, it is applied on a real case study. The application of the model confirms its robustness to prioritize critical root events over the conventional one.