Rare-Event Estimation for Dynamic Fault Trees

Rar e -Event Estima tion for Dyna mi c Fa ult T r e es SERGEY POR OTSKY Abstract . Arti cle describes the r esults of t he development an d using of Rare- Event Monte-Car lo Simulat ion Alg ori th ms for Dynamic Fault Tr ees Esti mat ion . For Fault Tr ees estim atio n usually anal ytical methods are used (Mini mal Cut sets, Markov Ch ai ns, etc.), but for complex models with Dy nami c Gates it i s necessary to use Monte-C arlo simul ation with comb inat ion of Import anc e S ampli ng method. Propose d a rti cle describes approach for t his p roblem solution according for specific features of Dy nami c Fault Tr ees. There a re assumed, th at failures are non- repai rable with gene ral dist ribution functions of t imes to failures (the re may be Exponenti al distr ibution , W e ibull, Normal and Log -Normal , etc.). Expessions for Importan ce Sampl ing Re-Calculation s are proposed and some num erica l resul ts are considered. 1. INTRODUCTION One of the imp ortant tasks of the Rel ia b il ity Estim ation is A nal y sis of the Fault T ree. Bui ld i ng and cal cu lati on of the Fau lt T r ee are consi dered i n the [1 - 3]. Usual l y ana ly ti ca l methods are used (Mi ni m a l Cut s ets, Markov Chai ns, etc.) , but som etim es, for comp lex mode ls, it is nece ssary to use Monte-Carlo si mu lat ion . A problem of Fault Tr ees cal cul ation is consi dered one of the most comp lex ones, si nce struct ure of such trees is characterize d by a consi derab le nu mb er of i nterconne ctions. Fau lt T r ees with Dy na mi c Gates are often used i n some spe ci fi c fi e lds of reli ab i l ity . Exam pl es of such gates are P A ND (Priority A ND), SEQ (Sequence En forci ng), SP A RE, etc. Clas si ca l Faul t T ree A na ly si s m ethods (Min i m al Cut Sets cal cul ation s) are appli ca bl e only for Sta tic Fau lt T r ees. Usi ng of anal y ti cal methods, based on Markov Cha in met hods, are restricted onl y for dy nam ic trees wit h very low scala bi l it y . For larg e Fau lt Tr ees ma y be used approxi m ate method, pr oposed on the SAE A RP 4761 [1] – to cal cul ate probabi l it y of requi red order of fai l ures and to use calcu lated va lu e as addit iona l event. Unfortun ately , this approach was develo ped only for P A ND gate and is n't appl ica bl e for other types of Dy na m ic Gates (S EQ, SP A RE, etc .). Mo reover, e ven for P A ND gate this appr oach get us only very and very approxi mat e estim ation s and hard appl ic ab le for Fault T rees, whi ch hav e Basi c Events with dif fe re nt Mean V a lue s of T i me to Fai lu re (MTTF). In genera l case the Monte Carlo method is used [4–6, 9–13] . Usua ll y rel iab i l it y estim ation has hig h require me nts for Probab ili ty – for exa mpl e, it has to be less than 10 -8 …10 -1 0 ; so, it wil l be rare event . Estim ation of rare- eve nt probabi li ty by mea ns of the direct Monte- Carlo m ethod is im poss ib l e, because it requires a lot of si mu la tio n cy cl es (at least 10 9 …10 1 1 ). Standard way to reduce computationa l ti me and to im pro ve the sim u lat ion accuracy is the V a ria nce Reduction techn iqu e (Importance Samp l in g) [7 - 9]. For rare -event esti mat ion the Im por tance Samp l in g method is used and most esse ntia l proble m on this method – how t o select appropriate refere nce probab il it y distri butio n. Unf ortunately , wel l- known appr oaches (e.g., [7 - 9]) for referen ce di strib ution sel ectio n (scal i ng, translatio n) are not appl ic ab le for Dy na m ic Fau lt T r ees anal y s is . Re ason is fol lo wi ng – cl ass ica l rare-event esti mat ion task all ows t o cal cul ate 1 Probabi lt y { S(x 1 ,…,x N ) > T } for very la rg e T , by mea ns of Importance Samp li ng met hod usi ng. It is assum es , that funct ion S "i s good in some sen se", e.g. it is com bi nat ion of Mi n, Max, Sum , etc. T y pical exam pl e of the "go od fun ction" S is shortest pa th cal cul atio n. For Fault T ree rare-event esti m ation the t ask is some another – to cal cul ate Probabi lty { H(x 1 ,…,x N ) < T }, where H is fai lure tim e of the fau lt tree TO P , x 1 ,…,x N are fa il ur e ti mes of the basi c events 1…N, and T i s m is sio n tim e. Certainl y , it i s possi bl e to transform this task for the cla ssi ca l task by me ans of esti mat ion of Probabi lt y { 1/H(x 1 ,…,x N ) > 1/T }, but in thi s form ul atio n the funct ion S(x 1 ,…,x N ) = 1/H(x 1 ,…,x N ) wi l l not be "good" as supposed for the cla ssi ca l task and so results of rare-event esti mati on wi l l be non-correct. Propo sed artic le descr ibe s approach for this problem soluti on according for speci f ic feat ures of Dyn am ic Fault T ree s. S ome si ng le aspects of this proble m are consid ered in di f f ere nt artic les, denoted for Fault Tr ee Monte Carlo si m ul ati on. For exam pl e [4 , 10] consi der usi ng of Monte Carlo si mu lat ion for Dy nam ic Faul t T re e A na ly si s, but they use dire ct si mu la tio n, so they are no t appl ic ab le for rare eve nt sim ul at ion. Artic le s [5, 9] propo se t o use Im por tance Samp l in g for estim ate T OP probab il ity of Fau lt T r ees. But suggested formu las don't al low take into account ord er of eve nts, so they are not appl ic ab le for dy na mi c fa ult trees. A rticl e [6] consid ers Im port ance Samp l in g usi ng for Dy nam i c Faul t T re es, but suggested formu la s (as on [5]) corr espond only for Sta tic Fau lt T r ee, beca use they don't ta ke into account order of events. 2. A LGORIT HM DESCRIPTION T a ble of m ai n def in it io ns is belo w : Lengt h of Sy sstem Li fe T Am ount of Basi c events N Index of Basi c Event ( i = 1…N) i Fai lure T im e of i- th Basic Event x i Am ount of Cy cl es to perform Mai n Sim ul at ion(f or defa ult = 100,000) K Index of Si mu lat ion Cy cl e ( j = 1…K) j Probabi l it y Dens ity Function (PDF) of i- th Basic Event Fai l ure T i m e f i (t) Cum ul ati ve distri butio n Funct ion (CDF ) of i-th Basi c Event Fail ur e T i m e F i (t) Ref erenc e Probabi l it y Dens ity Fun ction of i- th Basic Event Fai lu re T i m e g i (t) Ref erenc e Cum ulat iv e Di stri butio n fun ction of i- th Basic Event Fa il ure T i me G i (t) Probabi lit y of T OP F ail ur e P Am ount of Cy cl es to perform Preli m i na ry Sim u lati on (for defa ult = 1000) K_Pre li m Ref erenc e Parameter for Refer ence Pr obab il it y Densi ty fu nctio n g i (t) of i- th Basi c Event v i 2 Comm on (for al l Basi c Eve nts) Sec ondary Ref eren ce Param eter D Am ount of si mu l atio n cy cl es, for whic h TOP = Fai lur e Am Pos Upper Bound of A m Pos for Pre li m in ar y Si mu lat ion (for defau lt = 100) Am Pos_Up Down Bound of A m_Po s for Preli m i nar y Sim ul ati on (for defau lt = 10) Am Pos_Dn Itera tion Counter for step- by -step Prel im in ar y Si mu lat ion IC Current Upper Bound of D val ue D_Up Current Down Bound of D val ue D_Dn A Faul t T ree i s a Directed A cy cl i c Graph in whic h the lea ves are basi c e vents and the other ele me nts are gates. Usi ng Boolean A l geb ra Laws, usua l ly any static Fault Tr ee ma y be represent ed by mea ns of two ty pes of gates: AND gat e whic h fa il s i f al l in puts fa il ; OR gate whi ch fa il s if a t lea st one of its in puts fai ls. Other, more compl ex gates (e .g., "K out of M" gate, name d as V o ting gate), ma y be expre ssed as com bi na tion of AND gates and OR gates. A ssu me , that in puts for some gate are characterize d by the fai l ure time s of z 1 ,…,z q – there ma y be Bas ic Event s or out puts of some inter me diate gates; le t us y is fa il ur e tim e of gate ou tput . D uri ng Fault T ree Monte-Carlo si m ula tio n we use fol lo wi ng form ul as:  For ga te OR : y = mi n{ z 1 ,…,z q } (1)  For ga te A ND : y = max { z 1 ,…,z q } (2) On the static Faul t T re e the va lue of " TO P = Fai lure" real ly depend s only of Boolea n states of the Basic Events (Tr ue V e rsus Fal se), i.e . real ly don't depend on fa i lu re ti mes of Basi c Events, rather on conditio n, when this fai lure was – bef ore of after tim e T . Dy na mi c Faul t T ree s extends sta tic Fau lt T rees wit h the fol low in g dy na m ic gates:  Priorit y A ND gate ( P A ND ) gate is a gate whi ch fa i ls when al l its i nput s fai l from le ft to rig ht in order. For this gate y = z q , i f z 1  z 2  …  z q ; el se y = In fi n ite. (3)  Sequence Enforci ng gate( SEQ ), for whic h y = z 1 + z 2 +…+z q (4)  SP A RE gate, for whi ch y = z 1 , if z 2 < a*z 1 el se y = (1- a)*z 1 + z 2 . In this form ula "a" param eter is the do rma ncy factor of the second in put. (5) Consi der Fau lt T r ee with Basic Events, for whi ch the fai lure s are non-repai rabl e with Probabi l it y Dens ity Function (PDF) f i (t) and Cumu lat ive Distr ibut ion Fun ction (CDF) F i ( t ) ; the cor respondin g probab il ity , that fai lu re of Basi c Ev ent i wi l l be be fore tim e T , is p i = F i (T). Our task is to esti mate the probabi l it y of "T OP = Fa ilu re" : P = Probabi li ty {TOP = Fai lur e}. For very sma l l val ue s of p i this rare eve nt estim ation needs a very la rg e nu mb er of s im ul at ions. Importance Samp li ng approach get us possi bi l it y to deal with new probabi l it ie s q i ins tead of real val ue s p i and so the ma i n proble m is to sele ct op tim al va lues for q i val ues [5, 6, 9]. The se approaches are 3 appl ic ab le onl y for Static Fault T ree s, i.e. " TO P = Failure " is inde pen dent of di f f er ent fa il ur es ti me s of Bas ic Events – im portant only , these tim es les s or more than tim e T . For Dy na mi c Faul t T ree s the Important Samp li ng shou ld use va lu es of PDF fu nct ions f i (t) in stead of probabi lit y va lue s p i . Def in e g i (t) and G i (t) – new (re ference) probab il ity dens ity and cum ulat iv e d istrib ution funct ion s for fa il ure tim e of Basic Event i. V a lue of P wi ll be fo ll owi ng :                              N 1 i j i N 1 i j i K 1 j j i i t g t f t I K 1 P , where K – A mou nt of sim u lat ion cy cle s, j – ind ex of si mu l ati on cy cle (j = 1…K) N – A m ount of Basi c Event s, i – inde x of Basic Event (i = 1…N) t j = ( t j1 ,…t ji ,……,t jN ) - vecto r of Basi c Event fai lu re time s for si m ul atio n cy c le num ber j with refer ence vector probabi l it y dens ity functi on g (t), j = 1…K I( t j ) – in di cator funct ion for si m ul ati on nu mb er j, I (t j )=1, if S( t j ) < T ; o therwise , I (t j )=0. S( t) – fun ctio n to calc ul ate T OP accordin g Fau lt T r ee struct ure for vector t of Basi c Event fa il ur e tim es However , the Fault Tr ee rare-event esti mat ion t echn iqu e, based on these expr essio ns, cann ot alwa y s guarantee the success fu l results. For exam pl e, above form ul a for T OP probabi l it y P doesn't get us correct solut ion eve n for si m ple st cas e – expone ntia l PDF fun ctio n f i (t) for al l Basi c Eve nt fa il ur e ti mes and si m pl est static gate OR . Such a situ ation is ty pica l for a Fau lt T r ees, in whic h some gates are OR and some gates are P A ND. T o get correc t solutio n, it is nece ssary to to modi fy Importance Sam pl i ng expres sion . If for some Basi c Ev ent i the fa il ure tim e wi l l be more than tim e T , it isn 't sig ni f i ca nt for ev ent "TOP = Fai lur e" – in what concrete tim e was fai lu re of the Bas ic Event i. It is understood , that Dyn am ic Fault T ree shou ld reall y use concrete val ues of Basi c Event fai l ure tim es, there are not enough to use only Boolean va lu es (l ess than T or more than T) – but only for val ues les s than T ! It has bee n pr oposed and proven, that for gates OR, A ND, P A ND, SEQ and SP A RE: If the fa il ur e tim e y of the gate ou tput is le ss tha n tim r T , then it i nde pend ent of concrete val ue s x i of gate in puts, for whic h x i  T – sig ni f ic a nt are only concrete va lues x i , for whi ch x i < T and boolean val ues (fal se) for whi ch x i  T . Thi s stateme nt all ows m odi fy in g the equation for Probabi li ty{ TO P = Fai lur e}:                              N 1 i j i N 1 i j i K 1 j j i i t if mo d _ g t if mo d _ f t I K 1 P , where (6) 4 f_m odi f i (t j i ) = f i (t j i ), if t j i 0, Importance Samp l ing isn 't require d and it is necessa ry si mp l y to continue si mu la tion up K si mu l atio n cy cl es. If A mPos [IC=1] = = 0, it is nece ssary t o choi ce v i val ues. Follo win g ma in sche ma to defi ne optim al val ues of v i is propo sed: If A m Pos_Dn  AmPo s  AmPo s_Up, the current va lues v i are s el ected as optim al else it is nece ssary t o cha nge va lue of D according receiv ed va lues of A mPos on previ ous si mu la tio n steps, to incr em ent Itera tion Counter ( IC) and to repeat Monte- Carlo si mu la tio n of the Fau lt T r ee with ne w v i val ues (due to new D va lue , according formu las (9)…(11 )) and sa me samp le siz e of K_P rel im si mu la tion cy cle s. For defau lt the "tuned" val ue s are settled as: K_Prel i m = 1000, A m Pos_Dn = 10, A mPo s_Up = 100. Detail s of propo sed pr ocedure of D chan gi ng, based on me thod of seca nts, are presented on fig . 1. Aft er the optima l va lues of the refer ence param eters v i are ca lcul ated, it is perform ed the fi na l Monte- Carlo s im ul at ion of eval uated Dy nam ic Fai lt T r ee with amount K of si mu la tio n cy cl es (usual ly it is enough to use K = 100,000 ). Calc ul atio n of the val ue of P is perform ed accordi ng form ul as (6)…(8) . 6 7 IC = 1, D = 1, D_Dn = 1, D_Up = Inf in it e A m Po s ? > A mPos _Up < A mPos_ Dn  Am Pos_Up and  Am Pos_Dn D_Dn = D D_Up=D D_Up=I n f Fi n ish Y e s No D = 2*D_Dn D = (D_Dn + D_Up)/2 IC = IC + 1 Monte-Carlo Si mu lat ion of K_Prel i m cy c les with updated v i refere nce param eters FIG. 1. Schem ati c fl owch art to sel ect op tim al valu es of referen ce param eter . 3. NUMERICAL EX AMPLE Consi der Fau lt T r ee with foll ow in g para meters: T = 1, N = 4, F i (t) = 1 - exp(-T/u i )) , where u i = 1000*i , i = 1…N. Struc ture of the Fault Tr ee is fol low in g: TO P = (BE 1 AND BE 2 AND BE 3 ) P A ND (BE 2 AND BE 3 AND BE 4 ) , where BE i i s Basi c Eve nt wit h in dex i. It is seen, that this Fau lt T r ee has strong overlap between two parts – each of the part containts 3 BEs, and 2 BEs of them are com mon for tw o parts. T o sel ect optima l va lue of the Secondary Refere nce Parameter D it was perfor med the Monte-Carlo si mu la tion of 1000 cy cle s (i.e. K_Prel im = 1000). T a ble bel ow il lust rates pr oposed method exp la in i ng a quick way of f in di ng the optim al val ue s of refe rence parameters. INPUT OUTPUT IC D_Dn D_Up D Am Pos 1 1 Inf 1 0 (< A m Pos_Dn) 2 1 Inf 2.0 - final 51 (  A m Pos_D n &  A m Pos_Up) Based on D = 2.0 we have cal cul ated refere nce param eters v i accordi ng expr essio ns           T D u v i i ) log( 1 / 1 Fi na l Monte-Carlo si mu la tio n was perform ed wit h K = 100,000 cyc le s accordin g refer ence param eters v i , i = 1…N. Fi na l Results after Importance Samp li ng usin g (i .e after re-calc ulat ion s) are fol low in g: P(TO P) = 3.2e- 14, STD = 4.9e-16, so Conf id enc e Interva l for T OP probab il ity is [3.0e- 14…3.4e-14] with Confi de nce Leve l of 0.999 8 It was al so a ttempted t o perform dir ect Monte-Carlo sim u lat ion (i.e. without Importance Sam l in g and re-cal cul ation s) of the anal y s ed Fau lt T ree. Results after perform i ng of the 1,000, 000,000 cy cl es were "zero", i.e. no TO P events were observe d. So, although for comp arison with prop osed al gorithm it was used of 10,000 tim es more Am ount of Cy s les, results of direct sim u lat ion are negat ive. 4. CONCLUSION S In thi s artic le we have introduced a new a lgorithm for calcu lat ion of the Dy na m ic Fault Tr ees. A gen eral purpose Importance Samp l in g met hodology i s used for this algor ithm deve lopm ent. Mai n goal was to estim ate rare-event Probabi li ty of the {TOP = Fa i lure } in an Dy na m ic Fau lt T r ee hav ing a pl ural ity of Basi c Eve nts. It was assum ed, that for each of theBasi c Eve nts, the fai l ure s are non-repai rabl e and fa il ur e tim es are according general di stib utio n fun ction (Exponentia l, W e ib u ll , Normal , Log-N orma l, etc.). Dyn am ic Fault T ree may inc l ude both Static gates (AND, OR and bas ed of them composed gates as "K out of M", etc.) and Dyn am i c gates (P A ND, SEQ , SP A RE, etc.). T he met hod bei ng perform ed by the fol low in g steps: a) based on the PDF and CDF for each of the Basic Events, it is constr ucted a mod if ie d, m i xe d Contin ious-D iscr ete, refe rence PDF . b) based on this modi f ie d ref eren ce PDF perform ing step -by -step preli m i na ry Monte-Carlo sim u lat ion of Dy na mi c Fault T ree until l c ondit ion s of o ptim al refe rence parameters sel ectio n wi ll be sat isf y i ed ; c) sel ectio n of the optima l prim ar y refe rence parameter for each of the Bas ic Event s by me ans of the optim izat ion under some one commo n (for al l Basi c Eve nts) secondar y re ferenc e parame ter D. d) based on this optima l va lue of the secondary ref erenc e param eter D an d corresponding prim ar y re fere nce parameters for each of the Bas ic E vents, perform ing ful l Monte-Carlo sim ul at ion of the Dy nam i c Fa ult T ree and corresponding Importance Samp l in g re-calcu lati on. The si m ula tio n ha ve gote accurate enough an swers an d is abl e to calcu late the unav ai la b i l ity for sy stem s wh ic h cannot be ana ly ti ca ll y ana ly zed. Refere nces [1] SAE, Th e Engi neer in g Socie ty for Ad va nci n g Mobil i ty Land Sea A ir and Space Internationa l, A erospace Recom m ende d Practice. Guidelines and Methods for Conducting the Sa fety Ass essme nt Pro ces s on Civil Airbor ne Systems and Equipment . ARP4761 (Dec. 1996). [2] L. Saint is, E. Hugues, C. Bès, M. Mongeau. Computing In- Service A ir craft Reliability. International Journal of Reliability . Qual ity and Safet y Engi neer in g, V o lum e: 16, Issue: 2 (2009) pp. 91-11 6 [3] Fau lt T r ee Handbook with A erospace A ppl i cati ons. NAS A H eadquarters . W a sh in gton, DC 20546. A ugust, 2002 9 [4] K. Dugra Rao, V . Gopika, V . V . S. Sany asi Rao, H. S. Kushwa ha, A. K. V e rm a, A Sriv i dy a. Dynami c fault tre e analysis using Monte Carlo simulation in pro babilistic safety assessme nt . Rel ia bi li ty Engi nee ri ng and Sy stem Safety , vol . 94, No 4, 2009, pp. 872-883. [5] C. H. Jun a nd S. M. Ross. System re liability by simulation: random hazar d s versu s importance sampling . Probabil ity in the Engi nee rin g and Infor mat ion Scie nce , vol. 6, 1992, pp. 299- 309. [6] O. Y e vk i n. An Impro ved Monte Carlo Met hod in Fault Tr ee Analysis. 2010 Proceedin gs of the A nn ual Reli a bi l it y and Mai nta in ab il i ty Sy m posiu m ( RAMS 2010) [7] R. Y . Rub in stei n. Optimization of Computer simulation Models with Rare Events . European Jou rna l of Operat ions Rese arch , 99, 89-11 2, 1997. [8] A. Ri dder and R. Y . Rubi nste in. Minimum Cro ss-Entro py Methods for Rare Event Simulation . Sim u lat ion V o l. 83, pp. 769-784, 2007. [9] D.P . Kroese and K. P . Hui. Applications o f the Cro ss-Entro py Method in Reliability . Computational Intel l ige nc e i n Rel ia bi li ty Engi nee rin g., pp. 37- 82, 2006 [10] H. Boudali, A .P . Ni j me i je r , M. I. A . Stoelin ga. DFTSim: a simulation tool for extended dynamic fault tre es . Pro ceedin gs of the 2009 Spring Sim ulat ion Mult icon fere nce. San Diego, Cal i forn ia [1 1 ] J. B. Dugan, S. J. Bavuso, M. A . Boy d. Dynamic fault tree models for fault tolerant compute r systems " . IEEE T ransactions on Rel iab il ity , 1992, vol. 41, No 3, pp. 363- 377. [12] R. Gulati and J.B. Dugan. A Modular Appr oac h f or Analyzing Static and Dynamic Fault T r ee s . 1997 Proceedin gs of the A nnu al Reli ab i l it y and Mai nta ina bi li ty Sy m posiu m, Phi l ade lp hi a (RAMS 1997) , pp. 57- 63. [13] J. B. Dugan, K. J. Sul li van , D. Coppit. Developing a low- cost, high- quality softwar e tool f or dynamic f ault tr ee analysi s . T ra nsact ions on Rel ia bi li ty , Decem ber 1999, pp.49-59. 10