# طراحی مبتنی بر ریسک سیستم فرآیند با استفاده از شبکه های بیزی زمان گسسته

کد مقاله | سال انتشار | مقاله انگلیسی | ترجمه فارسی | تعداد کلمات |
---|---|---|---|---|

29188 | 2013 | 13 صفحه PDF | سفارش دهید | 8862 کلمه |

**Publisher :** Elsevier - Science Direct (الزویر - ساینس دایرکت)

**Journal :** Reliability Engineering & System Safety, Volume 109, January 2013, Pages 5–17

#### چکیده انگلیسی

Temporal Bayesian networks have gained popularity as a robust technique to model dynamic systems in which the components' sequential dependency, as well as their functional dependency, cannot be ignored. In this regard, discrete-time Bayesian networks have been proposed as a viable alternative to solve dynamic fault trees without resort to Markov chains. This approach overcomes the drawbacks of Markov chains such as the state-space explosion and the error-prone conversion procedure from dynamic fault tree. It also benefits from the inherent advantages of Bayesian networks such as probability updating. However, effective mapping of the dynamic gates of dynamic fault trees into Bayesian networks while avoiding the consequent huge multi-dimensional probability tables has always been a matter of concern. In this paper, a new general formalism has been developed to model two important elements of dynamic fault tree, i.e., cold spare gate and sequential enforcing gate, with any arbitrary probability distribution functions. Also, an innovative Neutral Dependency algorithm has been introduced to model dynamic gates such as priority-AND gate, thus reducing the dimension of conditional probability tables by an order of magnitude. The second part of the paper is devoted to the application of discrete-time Bayesian networks in the risk assessment and safety analysis of complex process systems. It has been shown how dynamic techniques can effectively be applied for optimal allocation of safety systems to obtain maximum risk reduction.

#### مقدمه انگلیسی

Among several techniques available to quantify the occurrence probability of accident scenarios or to estimate the failure probability of systems in the context of quantitative risk assessment, probabilistic safety analysis and reliability engineering, the fault tree (FT) method is the most recognized and widely used. FT is a deductive, user-friendly methodology constructed intuitively, dissecting the system for further detail until the primary causes of the system's failure or unavailability are known. FT could also be analyzed using well-established algorithms such as binary decision diagrams or analytical methods such as minimal cut sets. However, conventional or static fault trees (SFTs) are characterized by limitations constraining their application in complex systems where, for instance, redundant failures, multi-state variables and/or sequential and functional dependencies are common. In recent years, Bayesian networks (BNs) have become popular for reliability and risk analysis of complex systems as a robust and viable alternative to most conventional methods such as reliability block diagrams [1], FT [2], [3] and [4] and event tree (ET) analysis [5]. BN is a probabilistic method for reasoning under uncertainty which factorizes the joint probability distribution of a set of variables by considering local dependencies, significantly reducing both the system complexity and the computational time [2], [3], [4], [6] and [7]. Most recently, Weber et al. [7] have given a statistical review of BN application and shown the appeal of Bayesian approaches in various areas of reliability, risk and maintenance engineering since 2000. Many authors have shown the parallels between FT and BN and have examined the extent to which the limitations of the former can be relaxed by relying on the later. Bobbio et al. [2] were the first to map FT into BN to incorporate multi-state variables and common cause failures by means of the leaking noisy-or model. They also performed a sequentially dependent failure analysis which was an example of functional dependency, i.e., without considering the temporal sequence of failures (like the performance of the functional dependency gate in dynamic fault trees). Similar efforts have been made by Langseth and Portinale [3] to account for coverage factors in redundant systems by means of the noisy-and model, and also by Khakzad et al. [4] to explicitly model functional uncertainty and expert opinion in the safety analysis of process systems. Dynamic fault tree (DFT) was introduced as an extension to SFT to model sequentially dependent failures in dynamic systems [8]. In a dynamic system, the failure sequence of events is as important as their combinations for the system to be unavailable or to fail. In other words, compared to SFT in which it only matters which components participate in a minimal cut set, in DFT the failure sequence of the participating components is also important [9]. DFT takes the sequential dependencies into account by using several dynamic gates such as a functional dependency gate (FDEP), cold spare gate (CSP), sequence enforcing gate (SEQ) [8] and priority-AND gate (PAND) [10]. Due to the sequential dependencies and dynamic behavior among the components of the system, DFT cannot be analyzed using conventional algorithms available for SFT. In this regard, DFT has traditionally been converted to the corresponding Markov chain model (MC) for which well-established and efficient solving techniques have been developed. Nevertheless, converting DFT into MC is an error-prone and cumbersome exercise [8]. Moreover, the state space of the MC (i.e., the set of its nodes) grows exponentially with the number of components of the corresponding DFT, making the MC very large and intractable. Indeed, for a MC equivalent to a DFT with m binary-state components (i.e., work/fail) for which k out of m components are sequentially dependent, the number of states is proportional to the product of 2m (the number of state combinations) and k! (the possible number of sequence combinations) [6]. This problem is frequently encountered in Markov processes and is referred to as the state space explosion. It should be noted that even a relatively simple DFT can result in a complicated and time-consuming MC, particularly in the presence of dynamic gates cascade [6], [8], [9] and [11]. Also, MC has been mentioned to have limitations in modeling dependencies among components with non-exponential failure time distributions [11]. As an example, consider a parallel system consisting of three pumps A, B and C of different failure rates, in which B is planned to only operate as a standby to A. In other words, not only all three pumps have to fail for the system to fail, but also A must fail before B. Fig. 1 illustrates the SFT (left), the DFT (middle) and the equivalent MC (right) for the failure analysis of the system. As the SFT cannot capture sequential failures, it ignores the sequential dependence between A and B, approximating the system failure using an AND gate. On the other hand, the DFT employs a cascade of SEQ gate and AND gate to model the dynamic behavior. The DFT is then conventionally converted to the MC to be solved. Assuming a mission time of t=100 h and the failure rates 0.3E-03, 0.5E-03 and 0.7E-03 for A, B and C, respectively, the failure probability of the system is calculated as 9.76E-05 and 4.94E-05 using SFT and DFT (MC), respectively. This example demonstrates how the failure probability and also the consequently envisaged risk in dynamic systems can be overestimated (here by a factor of two) if dependency conditions are ignored or simplified through using static techniques. Full-size image (40 K) Fig. 1. SFT (left), DFT (middle) and MC (right) models for a three-component parallel system in which A must fail before B . The dashed parts in the MC are not accounted for in the system failure due to the representation of improper failure sequences. λλ is the failure rate of components. Figure options Considering the abovementioned problems encountered in converting DFT into MC, temporal Bayesian networks (TBNs) have alternatively been proposed to explicitly incorporate time in the modeling of sequential dependencies without resort to MC. Accordingly, two different approaches have been adopted: instant-based (time-sliced) approach and interval-based (event-based) approach [12]. In the first approach, the time line is divided into a finite number of time instants (e.g., ti−1,ti,ti+1ti−1,ti,ti+1), and identical BN structures are generated for each time instant, connected to each other by means of temporal arcs (e.g., [13] and [14]). In the second approach, the time line is partitioned into a finite number of time intervals (e.g., ]ti−1,ti],]ti,ti+1]]ti−1,ti],]ti,ti+1]), and only one BN is generated, each node of which has a finite number of states equal to the number of time intervals [6], [11] and [12] (see Section 2.2). Fig. 2 illustrates how a CSP gate is converted into interval-based and instant-based (here, a 2-time-slice) BN structures. Full-size image (25 K) Fig. 2. Converting a CSP gate into interval-based (middle) and instant-based (right) BN structures. Figure options Following the instant-based approach, Montani et al. [13] developed the RADYBAN software tool for reliability analysis of dynamic systems by converting DFT into a 2-time-slice BN. They also introduced the probability dependency gate (PDEP) as a probabilistic case of FDEP proposed by Dugan et al. [8]. Their work was further developed by Portinale et al. [14], enabling the modeling of repairable systems by introducing the repair box gate. The instant-based approach has been criticized for either being too general or resulting in unnecessarily large networks due to repeating the same structure for each time instance [6]. However, 2TBN as an instant-based approach models any time horizon using only 2 slices, effectively addressing the foregoing drawback [13] and [14]. Considering the interval-based approach, Boudali and Dugan [6] and [9] suggested a discrete-time BN (DTBN). Although being straightforward and consistent with the majority of conventional inference algorithms, DTBN could potentially result in huge and intractable conditional probability tables (CPTs) in particular for large number of time intervals [11] and [12] (see Section 3). It is worth noting that the problem is still much easier to manipulate than the state space explosion problem in MC. It also requires numerical simulation for non-exponential distribution functions [11]. To address the foregoing issues, Boudali and Dugan [12] presented a continuous-time BN (CTBN) in which parametric functions were substituted for multi-dimensional CPTs, resulting in lesser computational time and required memory capacity. Recently, Marquez et al. [11] developed a hybrid BN to incorporate both discrete and continuous variables. They also used a dynamic time discretization as opposed to the static time discretization employed by Boudali and Dugan [6] and [9]. In accordance with the interval-based approach, this paper aims to extend the DTBN methodology developed by Boudali and Dugan [6] such that it could be applied to a broader range of probabilistic distribution functions. In this regard, a new general formalism is developed for the CSP gate for which input variables can have any arbitrary (not necessarily exponential) failure distributions. The formalism is also applicable for the SEQ gate as a special case of the CSP gate. The paper proceeds by introducing an innovative algorithm, named Neutral Dependency, which reduces the dimension of multi-dimensional CPTs by an order of magnitude. The paper shows how the algorithm could efficiently be used to populate the CPTs of PAND gates and also static gates such as AND and OR. In each step, the results are compared with those obtained from both analytical methods such as MC and conventional methods in the literature. In Section 2, after a brief review of the fundamentals of BN, the modeling framework of DTBN is recapitulated. Section 3 presents the new approach developed in this study to model CSP gates and SEQ gates in DTBN. The approach is shown to not only replicate the results in the literature but also be in better agreement with MC analysis. Section 4 is dedicated to the introduction of the neutral dependency algorithm, where this algorithm is efficiently used to reduce the dimension of CPTs. In Section 5, a practical application of DTBN in the risk analysis of dynamic systems is presented while the conclusions from this work are discussed in Section 6.

#### نتیجه گیری انگلیسی

The present study has improved the power of DTBN in dependability analysis of dynamic complex systems. In this regard, a new approach has been proposed for dynamic gates such as a CSP gate, which does not necessitate the use of exponential distribution functions for input variables. The approach was also shown to be successful in SEQ gate modeling. A comparison between this study and the existing techniques in the literature demonstrates that the present study not only replicates the results of the previous works, but it also is in better agreement with analytical techniques such as MC. Further, a new algorithm called neutral dependency was introduced to model dynamic gates such as a PAND gate and static gates such as an AND/OR gate. Using this algorithm, the conditional probability table of a gate is decomposed into two tables, both of which are smaller in size than the original table (usually by an order of magnitude). This way, the problem of large and intractable multi-dimensional tables for which DTBN has been criticized is addressed. However, since the CPT of the dependent node is changed through neutral dependency algorithm, the respective posterior probabilities may not reflect the actual behavior of the node. Thus, the algorithm may be used to reduce the size of CPTs only if probability updating is not intended, and the DTBN is applied as an alternative to MC to calculate the failure probability (or reliability) of a system. This paper has also shown the application of the proposed approach in the risk assessment and safety analysis of process systems. It has been demonstrated that DTBN can be used as a safety evaluation tool to optimally allocate safety systems in process facilities. DTBN can be employed in the design phase of process systems to identify the best arrangement of safety systems to reduce the envisaged risk. It could also be used as an inductive tool to analyze system failure in light of new observations. It may be concluded that using temporal BN in the risk analysis of dependable systems not only avoids problems such as the state-space explosion and the error-prone conversion procedure which are common in MC analysis, but also enables the analyst to perform probability updating. It is of great importance in the real-time design, monitoring, and evaluation of safety systems. This is not feasible with continuous-time approaches such as MC. DTBN is relatively simple to construct and can be solved using standard inference algorithms provided in most Bayesian software. It also offers the analyst the opportunity to obtain failure probability distributions rather than single values for the whole time mission.