Fault Diagnosis of Interconnected

Cyber-Physical Systems

Marios M. Polycarpou

Professor, IEEE Fellow, IFAC Fellow

Director, KIOS Research and Innovation Center of Excellence
Dept. Electrical and Computer Engineering
University of Cyprus

7th oCPS PhD School on Cyber-Physical Systems

Lucca, Italy, 14th June 2017
 Presentation Outline

 Motivation for fault diagnosis

 Interconnected cyber-physical systems

 Foundations of fault diagnosis

 Sensor fault diagnosis

 Application example: Smart Buildings

 Concluding Remarks
 The Smart Revolution
 Smart Phones
 Smart Cars
 Smart Grids
 Smart Buildings
 Smart Cities
 Smart Camera Networks
 Smart Water Networks
 The Smart Revolution
 Smart Phones
 Smart Cars
 Smart Grids
 Smart Buildings
 Smart Cities
 Smart Camera Networks
 Smart Water Networks

 Smart-X
 Characteristics of Smart-X

HARDWARE SOFTWARE
 Sensing & actuation  Data management
devices  Decision making
 Embedded computing algorithms
 Wide area  Learning algorithms
connectivity  Optimization and
control
 Smart-X vs Smart-ready-X

 Digital advances provide the ICT infrastructure

not the INTELLIGENCE (so far)
 Infrastructure will be further enhanced via the IoT
 Smart-X vs. Smart-ready-X
 Smart-X vs Smart-ready-X

 Digital advances provide the ICT infrastructure

not the INTELLIGENCE (so far)
 Infrastructure will be further enhanced via the IoT
 Smart-X vs. Smart-ready-X

 Control systems and machine learning are

at the heart of transforming Smart-ready-X to
Smart-X
 Control Systems in the Smart-X Era

 More proactive, more planning ahead

 More discrete-event, more event-triggered
 More machine learning, handling of larger
volume of data, more heterogeneous data
 Handling of more uncertainty, fault tolerance
 Handling of human-machine interaction
 Fragility
The technological trend is towards:
 more complex and large-scale systems
 more interconnected systems
 more automation and autonomy

However if the data is faulty/inconsistent/missing, this

may lead to:
 wrong decisions or escalation to a catastrophic failure
 fault propagation from one subsystem to another
 Unreliable and untrustworthy automation procedures
 Fragility
The technological trend is towards:
 more complex and large-scale systems
 more interconnected systems more
 more automation and autonomy
FRAGILE

However if the data is faulty/inconsistent/missing, this

may lead to:
 wrong decisions or escalation to a catastrophic failure
 fault propagation from one subsystem to another
 Unreliable and untrustworthy automation procedures
 Fragility of Interconnected Systems

Fragility is a crucial issue in an interconnected

cyber-physical-social world
Fault Monitoring and Fault Tolerance are necessary
components of Smart-X architectures

Black Swan Theory – Nassim Nicholas Taleb

metaphor that describes an event that comes as a surprise,
has a major effect, and is often inappropriately rationalized
after the fact with the benefit of hindsight (extreme outliers)
Monitoring and Control

Fault
Monitoring
and Diagnosis

d f

u y
System
 Monitoring and Control

d f
r y
Controller
u System
 Monitoring and Control
Control Algorithm

Supervisory
Algorithm

Fault
Monitoring
Fault and Diagnosis
Accommodation

d f
r y
Controller
u System
 Fault Scenarios

 System/Process Faults
FD
 Actuator Faults FA

 Sensor Faults
C P
 Communication Faults
 Controller Faults
 Environment Faults
 Malicious Attacks (cyber-security)
 Fault Diagnosis Steps

 fault detection
 fault isolation
 fault identification and risk assessment
 fault accommodation
 Key Challenges for Fault Diagnosis
 distinguish between faults and modeling uncertainty or
measurement noise
 exploit spatial and temporal correlations between variables
 handle multiple faults
 isolate faults in a large-scale system (needle in a haystack)
 prevent “small” faults from escalating into a major failure
 accommodate the fault – what to do in the presence of
information about a fault?

 Design smart SOFTWARE to handle faulty HARDWARE

 Key Books on Fault Diagnosis
 J. Gertler. Fault Detection and Diagnosis in Engineering
Systems. CRC Press, 1998.
 J. Chen and R. J. Patton. Robust Model-based Fault Diagnosis
for Dynamic Systems. Kluwer Academic Publishers, 1999.
 R. Isermann. Fault-Diagnosis Systems: An Introduction from
Fault Detection to Fault Tolerance. Springer Verlag, 2006.
 S. X. Ding. Model-based Fault Diagnosis Techniques: Design
Schemes, Algorithms, and Tools. Springer-Verlag London,
2008.
 M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki.
Diagnosis and Fault-Tolerant Control. Springer-Verlag Berlin
Heidelberg, 2016.
 Interconnected CPS
 N interconnected CPS. 
 I‐th CPS: described by the pair   ,  
(I ) (I )

  ( I ) : physical part of the I‐th CPS,
  ( I ) : cyber part of the I‐th CPS.
Interconnected CPS – Single Agent
 Interconnected CPS

Objective: Detect and isolate multiple faults that may 
occur in one or more CPS 
 Problem Formulation

where:
state vector
input vector

Nominal state dynamics

Modeling uncertainty
Change in the system due to fault

Time profile of the fault

Interconnection dynamics
 Modeling Uncertainty

The modeling uncertainty  includes external disturbances as

well as modeling errors.

where for each i = 1, …., n, the bounding function

is known, integrable and bounded for all (x, u) in some compact
region of interest

The handling of the modeling uncertainty is a key design issue in fault

diagnosis architectures:
- need to distinguish between faults and modeling uncertainty
- structured vs. unstructured modeling uncertainty
- trade-off between false alarms and conservative fault detection schemes
 Fault Modeling

The term represents the deviations in the

dynamics of the system due to a fault.

• is the fault function

• The matrix characterizes the time profile of a fault
which occurs at some unknown time

where denotes the unknown fault evolution rate.

 Fault Influence for Distributed Systems

• Local Faults
• Distributed Faults
• Distributed Faults with Overlapping Signature
• Propagating Faults
 Fault Isolation

Types of FAULT ISOLATION:

• identify the type of fault that has occurred
• identify the physical location of the fault

Class of fault functions :

where:
• is an unknown parameter vector, which is
assumed to belong to a known compact set

• is a known smooth vector field

 Fault Diagnosis Architecture

 There are N+1 Nonlinear Adaptive Estimators (NAEs)

 One of the NAEs is used for detecting and approximating faults
 The remaining N NAEs are isolation estimators used only after a fault
has been detected for the purpose of fault isolation.

Fault Detection and Isolation Architecture

Fault Detection Fault Detection Alarm

and Approximation Decision Scheme
Estimator
Activation
Identification of the
Bank of Fault Fault Isolation fault that has occurred
Isolation Estimators Decision Scheme

reference
input u
Feedback Nonlinear Plant x
Controller
 Fault Handling
Monitoring
Module
fault
detected
x (t) fault
occurred fault
x d (t)
isolated

t
T T T
0 d isol

 0 < t < T0 : system is operating in a healthy condition.

 T0 < t < Td : period in which there is a fault, which however has
not yet been detected.
 Td < t < Tisol : period during which the fault has been detected,
but it is not yet known which particular fault has occurred.
 t > Tisol : the fault has been isolated.
 Fault Detection and Approximation Estimator

where:
estimated state vector
Adaptive approximation model

adjustable weights of the on-line neural approximator

estimation poles

The initial weight vector is chosen such that

(healthy situation)
 Adaptive Approximation Model

 Nonlinear approximation model with adjustable

parameters (e.g., neural networks)
 Linearly parameterized vs. nonlinearly parameterized
 It provides the adaptive structure for approximating on-
line:
 Local modeling errors
 interconnection dynamics
 unknown fault functions
 Learning Algorithm

where:

state estimation error

The projection operator restricts the parameter estimation

vector to a predefined compact and convex region.

regressor matrix

Positive definite learning rate matrix

Dead-zone operator
 Detection Threshold

where:

Robustness of the fault detection scheme is the ability to avoid

false alarms. The above threshold make the FD scheme robust.

In the special case of a uniform bound on the modeling

uncertainty the detection threshold becomes:
 Detectability Conditions

If there exists an interval of time [t1 , t 2 ] such that at least one component
f i ( x, u ) of the fault vector satisfies the condition

then a fault will be detected.

 Result holds for the special case of constant bound on the

modeling uncertainty.
 We are also able to obtain more simplified detectability
conditions, but they are more conservative.
 In general there is an inherent trade-off between
robustness and fault detectability.

N NAEs are activated for isolation (isolation estimators) after the
detection of a fault
Learning Algorithm
Fault Isolation Estimators
• Each isolation estimator corresponds to one
of the possible types of parametric faults
• Adaptive threshold are designed based on
the available information, similar to the concept
of a matching filter
• isolation is achieved if every threshold is
exceeded, except one (the one corresponding
to the fault)
 Incipient Fault Isolability

Intuitively, fault are easier to isolate if they are sufficiently

“mutually different” in terms of a suitable measure

Fault Mismatch Function

The difference between the actual
fault function and the estimated
fault function associated with any
isolation estimator
Fault isolability condition
 Sensor Fault Diagnosis

 System/Process Faults
FD
 Actuator Faults FA

 Sensor Faults
C P
 Communication Faults
 Controller Faults
 Environment Faults
 Malicious Attacks (cyber-security)
 Interconnected CPS
 N interconnected CPS. 
 I‐th CPS: described by the pair   ,  
(I ) (I )

  ( I ) : physical part of the I‐th CPS,
  ( I ) : cyber part of the I‐th CPS.
 Interconnected CPS

  ( I ) (physical part)
 a nonlinear system 
(I )

x ( I )  A ( I ) x ( I )   ( I ) ( x ( I ) , u ( I ) )
     
know n local dynam ics

 h ( I ) ( x ( I ) , u ( I ) , C z( I ) z ( I ) )
      
know n interconnection dynam ics

  (I ) ( x(I ) , u (I ) , t)
   
m odeling uncertainty
 x ( I ) : local state vector
 u ( I ) : local input vector generated by a
feedback control agent  ( I ) using r ( I )
 z ( I ) : interconnection vector
 Interconnected CPS

  ( I ) (physical part)
 (I )
 Sensor set            used for 
measuring the linear 
combination of states  C ( I ) x ( I )

y ( I ) (t )  C ( I ) x ( I ) (t )  d ( I ) (t )  f ( I ) (t )

 y ( I ) : local output vector

 d ( I ) : measurement noise
 f ( I ) : fault vector
 Interconnected CPS


(I )
(cyber part)
 (I )
 control agent          that 
(I )
generates the input        
u
based on some reference 
r(I )
signal         , the measured 
output and the transmitted 
sensor information  z( I )

y z( I ) (t )  C z( I ) z ( I ) (t )  d z( I ) (t )  f z( I ) (t )
 Interconnected CPS

Objective: Detect and isolate multiple sensor faults that may 
occur in one or more CPS 
Distributed Sensor Fault Diagnosis Architecture

  ( I ) (cyber part)
( I )
 monitoring agent           allowed 
to exchange information with the 
neighboring agents  z( I )

Task:
Detection & isolation of  multiple 
(I )
sensor faults in 

Detection of propagated sensor 
(I )
faults in   z
 Distributed Sensor Fault Diagnosis Architecture

 G : global decision logic
 collects and processes combinatorially the decisions of the 
monitoring agents

Task: Isolation of 
sensor faults 
propagated in the 
cyber layer due to 
the information 
exchange between 
monitoring agents
Monitoring Agent

monitoring agent ( I )
 Monitoring Agent

 (I )
 The monitoring of the local sensor set          is decomposed into 
NI modules
 ( I ,q)
 The module              monitors the group of sensors  ( I ,q)
 ( I ,q) : y( I ,q)  C( I ,q) x( I )  d ( I ,q)  f ( I ,q)
 Monitoring Agent


( I ,q)
: q‐th module of the I‐th monitoring agent
(I ,q ) (I )

Task: Detection of sensor faults in             and/or   z
 Monitoring Agent

The decisions of the NI modules are aggregated and 
processed combinatorially  for isolating the combination of 
multiple sensor faults that have occurred and inferring the 
presence of propagated sensor faults
 Monitoring Module


j‐th residual, y
( I ,q )
j

 y( I ,q)  y(jI )  C ( I ) xˆ ( I ,q ) , j  ( I ,q ) (1)

j
j

• ( I ,q ):
xˆ estimation model based on the
nonlinear observer

xˆ ( I ,q)  A( I ) xˆ ( I ,q)   ( I ) ( xˆ( I ,q) , u( I ) )

 h( I ) ( xˆ ( I ,q) , u( I ) , yz( I ) )
L ( I ,q )
y ( I ,q )
C ( I ,q ) ( I ,q )
xˆ  (2)
 Monitoring Module

 y
( I ,q )
 The j‐th adaptive threshold          (t )
j

is designed to bound the j‐th 
 y( IjH,q) (t )
residual                 under healthy 
conditions

 y( I ,q) (t )   y( I ,q) (t )
jH j
 Adaptive Threshold Computation
 The j‐th adaptive threshold can be implemented using linear 
filters

 y( I ,q ) (t )  H ( s )  ( xˆ ( I ,q ) (t ), u ( I ) (t ), t )  I Z ( I ,q ) (t )   Y j( I ,q ) (t )
j

Z ( I ,q ) (t )  E ( I ,q ) (t )  H1 ( s )  E ( I ,q ) (t ) 
E ( I ,q ) (t )  H 2 ( s )  ( xˆ ( I ,q ) (t ), u ( I ) (t ), t )   EB( I ,q ) (t ),
 (j I ,q )  ( I ,q )  I  ( I ,q )
H ( s)  , H1 ( s )  , H 2 (s) 
s  j s     I  s   ( I ,q )
( I ,q ) ( I ,q ) ( I ,q )

 I   I  hI  I
 Monitoring Module

Decision Logic based on 
a set of Analytical Redundancy 
Relations (ARRs)
 ( I ,q ) :   j( I ,q )
j ( I ,q )

 ( I ,q )
j : ( I ,q )
yj (t )   ( I ,q )
yj (t )  0,

residual adaptive threshold

Under healthy conditions,             is 
 ( I ,q )
always satisfied 
 Robustness and Structured Fault Sensitivity
Theorem: The distributed sensor fault diagnosis design
guarantees that:
(I , q )
(a) Robustness: If neither the local sensor set  nor the
(I )
transmitted sensor information y z are affected by sensor
faults, then the set of ARRs  (I , q ) is always satisfied.
(b) Structured fault sensitivity: If there is a time instant at
(I , q )
which  is not satisfied, then the occurrence of at
least one sensor fault in  (I , q )   (I ) is guaranteed.
z

V. Reppa, M. Polycarpou and C. Panayiotou, “Distributed Sensor Fault Diagnosis for a Network
of Interconnected Cyber-Physical Systems,” IEEE Transactions on Control of Network Systems,
vol 2, no. 1, pp. 11-23, March 2015.
Monitoring Agent
 Local Multiple Sensor Fault Isolation
Example:
yz( I )

( I ,1)  ( I ){1} ,

( I ,2)  ( I ){2}, ( I ){3}
( I ,3)  ( I ){3}

f1(I ) f2(I ) f3(I ) f

1
(I )
, f2(I ) f
1
(I )
, f3(I ) f 2
(I )
, f3( I ) f
1
(I )
, f2(I ) , f3(I ) fz( I ) f z
(I )
, c(I )
 (I ,1) 1 0 0 1 1 0 1 1 1
 ( I ,2) 0 1 1 1 1 1 1 1 1
 ( I ,3) 0 0 1 0 1 1 1 1 1
 Local Multiple Sensor Fault Isolation

f1(I ) f2(I ) f3( I ) f

1
(I )
, f2(I ) f
1
(I )
, f3( I ) f 2
(I )
, f3(I ) f
1
(I )
, f2( I ) , f3( I ) fz( I ) f z
(I )
, c(I )
 (I ,1) 1 0 0 1 1 0 1 1 1
 ( I ,2) 0 1 1 1 1 1 1 1 1
 ( I ,3) 0 0 1 0 1 1 1 1 1

1
D( I ) (t)  1
0
Diagnosis Set:  s( I ) (t)   1 2 
f (I )
, f (I )

(I )
Decision on the presence of sensor faults in  yz
0, f (I )
 (I )
s (t )
Dz (t)  
(I ) z

1, f z
(I )
  (I )
s (t )
 Local Multiple Sensor Fault Isolation
f1(I ) f2(I ) f3(I ) f
1
(I )
, f2(I ) f 1
(I )
, f3(I ) f 2
(I )
, f3( I ) f
1
(I )
, f2(I ) , f3(I ) fz( I ) f z
(I )
, c(I )
 (I ,1) 1 0 0 1 1 0 1 1 1
 ( I ,2) 0 1 1 1 1 1 1 1 1
 ( I ,3) 0 0 1 0 1 1 1 1 1

1
D( I ) (t)  1
1
Diagnosis Set:
s( I ) (t)   f 1
(I )
, f3( I )  , f1( I ) , f2( I ) , f3( I ) , f z( I ) , fz( I ) , c( I )  
(I )
y
Decision on the presence of sensor faults in  z
0, f (I )
 (I )
s (t )
Dz (t)  
(I ) z

1, f z
(I )
  (I )
s (t )
Global Multiple Sensor Fault Isolation
 Global Multiple Sensor Fault Isolation

Observed pattern of sensor faults in transmitted sensor 

information: Dz (t )  Dz (t ) Dz (t)  Dz (t)
(1) (2) (N)
 

f5(1) f1(2) f4(3) f

5
(1)
, f1(2) f
5
(1)
, f4(3) f
1
(2)
, f4(3) f
5
(1)
, f1(2) , f4(3)
 (1) 1 0 * 1 1 * 1
 (2) 0 1 * 1 * 1 1
 (3) * * 1 * 1 1 1

Semantics of ‘*’: the sensor fault involved in 
the ARR can explain why the ARR is violated, while the 
ARR may be satisfied although the corresponding fault 
has occurred
 Learning Approaches for Fault Diagnosis

 Reduce adaptive thresholds by reducing the

bound of the modeling uncertainty using learning
techniques.
 Design and analysis of an adaptive approximation
methodology to learn the modeling uncertainty

V. Reppa, M. Polycarpou and C. Panayiotou, “Adaptive approximation for multiple sensor fault
detection and isolation of nonlinear uncertain,” IEEE Transactions on Neural Networks and
Learning Systems, vol 25, no. 1, pp. 137-153, January 2014.
 Fault Diagnosis and Cybersecurity

 Targeted faults
 Early detection is crucial
 Sensor placement is a key issue
 Need to consider the impact dynamics
Application Example: Smart Buildings
 How critical are buildings?

 48% of energy consumption is for buildings

(27% for transportation; 25% for factories)

 76% of electricity consumption is for buildings

(23% for factories; 1% for transportation)

 87% of our time is spent indoors

 How critical are buildings?

 48% of energy consumption is for buildings

(27% for transportation; 25% for factories)

 76% of electricity consumption is for buildings

(23% for factories; 1% for transportation)

 87% of our time is spent indoors

 6% in automobiles and public transportation
 7% outdoors
The Transformation of Buildings
The Transformation of Buildings
 The Electronic Transformation Inside
 Sensors (more self-aware)

 Actuators (more automation)

 Intelligent decision making (energy efficiency,

safety and security, fault diagnosis, etc.)

 Communication devices (building to user;

user to building; building to building; etc.)
 The Electronic Transformation Inside
 Sensors (more self-aware)

 Actuators (more automation)

 Intelligent decision making (energy efficiency,

safety and security, fault diagnosis, etc.)

 Communication devices (building to user;

user to building; building to building; etc.)

 Internet of Things (IoT)

 Motivation for Smart Buildings
 Need to monitor and control:
 indoor living conditions and safety of the occupants
 energy consumption of large-scale buildings
 The technology is available (smart-ready):
 building automation is well established
 Cyber-physical systems for smart buildings
 sensing and actuation devices are widely available

 Need to develop smart software to enable the

coordination and scheduling of actions for handling
dynamic and uncertain environments
 Topics pursued at KIOS Research Center

• KIOS Research Center for Intelligent

Systems and Networks was founded in 2008
• Currently about 50 researchers working on
Monitoring, Control and Security of Critical
Infrastructure Systems
• Awarded a TEAMING project from H2020 to
upgrade to a Center of Excellence for
Research and Innovation (more than €40M)
 Smart Buildings Topics pursued at KIOS
• Distributed fault diagnosis and control of
HVAC systems
• Contamination event detection and isolation
in large-scale buildings
• Security surveillance using smart camera
networks
• Cognitive agents for on-line reconfiguration
of in smart buildings
 Topics pursued at KIOS Research Center
• Distributed control and fault diagnosis of large-
scale HVAC systems
• V. Reppa, P. Papadopoulos, M. Polycarpou and 
Heat Pump
C. Panayiotou, “A Distributed Architecture for 
Storage Tank
HVAC Sensor Fault Detection and Isolation,” 
IEEE Transactions on Control Systems  Condenser ust
Technology, vol. 23, pp. 1323‐1337, July 2015.  Zone 1 u1 Zone 2 u2 Zone 5 u5

• V. Reppa, P. Papadopoulos,  M. Polycarpou,  Ad ,12 Ad ,24 Ad ,45

Zone 4
and C. Panayiotou, “A Distributed Virtual  Ad ,13 Ad ,23

Sensor Scheme for Smart Buildings based on  Zone 3
u3 Ad ,34
Zone 6 Ad ,56

u6
Adaptive Aproximation,” Proceedings of the  Zone N-2
Ad ,46
uN 2 u4
International Joint Conference on Neural 
Networks, World Congress on Computational  Zone N Zone N-1 Zone 7 Ad ,67

Intelligence (IJCNN 2014), pp. 99‐106, July  uN u N 1 u7
Ad ,47

2014.
 Topics pursued at KIOS Research Center
• Contamination event detection and isolation in
large-scale buildings
• M.  Michaelides, V. Reppa, M. 
Christodoulou, C. Panayiotou and M. 
Polycarpou, “Contaminant Event 
Monitoring in Multi‐zone Buildings Using 
the State‐Space Method,” Building and 
Environment, vol. 71, pp. 140‐152, 
January 2014. (2014 Best Paper Award).
• D. Eliades, M. P. Michaelides, C. 
Panayiotou and M. Polycarpou, 
“Security‐Oriented Sensor Placement in 
Intelligent Buildings”, Building and 
Environment, vol. 63, pp. 114‐121, 
March 2013.
 Topics pursued at KIOS Research Center
• Security surveillance using smart camera networks
• C. Laoudias, P.  Tsangaridis, M. Polycarpou, C. 
Panayiotou, C. Kyrkou and T. Theocharides, 
“'Cooperative Fault‐Tolerant Target Tracking in 
Camera Sensor Networks," Proceedings of the 
IEEE International Conference on 
Communications  (ICC’2015),  June 2015.
• C. Kyrkou, C. Laoudias, T. Theocharides, C. 
Panayiotou and M. Polycarpou, "Adaptive 
Energy‐Oriented Multi‐Task Allocation in 
Smart Camera Networks", IEEE Embedded 
Systems Letters, vol. 8, no. 2, pp. 37‐40, June 
2016. 
 Topics pursued at KIOS Research Center
• Cognitive agent for on-line reconfiguration in
smart buildings
• G. Milis, D. Eliades, C.G. Panayiotou and M. 
Polycarpou, “A Cognitive Fault‐Detection 
Design Architecture,” in Proceedings of 
IEEE World Congress on Computational 
Intelligence (WCCI’2016), July 2016.
• G. Milis, C.G. Panayiotou and M. 
Polycarpou, “Semantically‐Enhanced 
Online Configuration of Feedback Control 
Schemes,” IEEE Transactions on 
Cybernetics, 2017 (to appear).
 Topics pursued at KIOS Research Center
• Distributed fault diagnosis and control of
HVAC systems
• Contamination event detection and isolation
in large-scale buildings
• Security surveillance using smart camera
networks
• Cognitive agent for on-line reconfiguration of
in smart buildings
 HVAC Description
 HVAC systems consist of:
 A number of electrical and mechanical components for
 Heating (i.e., boilers, heating coils, heat pump)
 Cooling (i.e., cooling towers, chillers, cooling coils)
 Ventilating (i.e., fans, supply/return ducts, mixing boxes)
 A number of building zones (i.e., interconnected or not)
 the dynamics of a zone in the building are affected by the dynamics of their 
neighbouring zones

 Types of faults in HVAC systems:
 actuator/process faults (i.e., fouled heat exchangers, stuck dampers, leaking 
valves, broken fans) 
 sensor faults (i.e., drifting, stuck‐at‐zero), 
 communication faults (i.e., wire break). 
 Faulty Situations in HVAC Systems

 The recovery of faulty situations in HVAC systems: 
 shutting down the operation of the system (inconvenient and possibly 
ineffective from the viewpoint of energy)
 reconfiguring the controller(s) via a fault tolerant control scheme, using the 
outcome of a fault detection and isolation mechanism

 Early diagnosis and accommodation of faults is critical since 
local faults effects may propagate from a local subsystem to 
neighbouring subsystems 
 the physical interconnections 
 the distributed control scheme (local controllers may use information 
transmitted from neighbouring controllers to achieve the best possible 
tracking performance) 
 HVAC System Description
Electromechanical part

For cooling operation: 
ust Replace Heat pump 
u1 u2 u5 with Chiller

Ad ,12 Ad ,24 Ad ,45 Building Zones

Zone 4
Ad ,13 Ad ,23

u3 Ad ,56 Door
Ad ,34

Ad ,46
u6
uN 2 u4
Fan‐coil unit
Ad ,67

uN u N 1 u7
Ad ,47
 HVAC System Description
Zone 1 u1 Heat Pump

Storage TankAd ,12

Ad ,13 Condenser ust

1 u1 Zone 2 u2 Zone 5 u5
ddTTstz(i t()t )ZoneUU a

max aP
a
 sti,,max sz (T (t ))u (t )  sz
s (Tstst (t )  st
T zi (t ))u (t
i A )  ui
zi
(t )(t))Tst (t ))
t ) (TTzamb
(t()TUz i(,max
dtdt CstCz A d ,12 Cst i Cz
d ,24
A i d ,45
i

i i

Zone 4
ahA ast1  azi
 (T  
st Aw A
(Ti1 (t )  Tzi (t )) C  azij (Zone
(t ) T (t )) T (t ), Tzi (t )
d ,13 d ,23

ZoneC3
i
st pl st Tzi (t6) A Tz j (t )) 
C
st
zi
u 3 Cst zi jAdi,34 C d ,56
zi
  C Tst (t )  To (t )  A
u6
 p 1  sgnu(TN  2(t )  T , (t )u) Tst (t )  To (t )  Tmax
Ps (Tst (t ))   C  
1N-2
d ,46


Zone a ir p

j
 T zj
ma x 
zi 4


zi i


Zone N 1, N-1
Zone (t )7ATo (t )  Tmax
TstZone d ,67

 Audij max(Tzi (t ), Tuz j (t )) 2(C p  Cv ) Tz j (ut )  Tzi (t ) ,

N N 1 7
Ad ,47
 HVAC System Modelling

Temperature nonlinear dynamics for water in the storage tank:
dTst (t ) U st ,max a
dt

Cst
Ps (Tst (t ))ust (t )  sz
Cst
 u (t )U
i
i i ,max (Tzi (t )  Tst (t ))

ast a
 (Tst (t )  Tpl (t ))  st Tst (t ),   1,..., N 
Cst Cst
Performance coefficient of the heat pump
  Tst (t )  To (t ) 
1  p 1  , Tst (t )  To (t )  Tmax
Ps (Tst (t ))    Tmax 
 Tst (t )  To (t )  Tmax
 1,

M. Zaheer‐Uddin and R. Patel, “Optimal tracking control of multizone indoor environmental spaces,” 
Journal of Dynamic Systems, Measurement and Control, vol. 117, no. 3, pp. 292–303, 1995.
 HVAC System Modelling

 Temperature nonlinear dynamics of air in the i‐th zone
dTzi (t ) U i ,max asz azi
 (Tst (t )  Tzi (t ))ui (t )  (Tzi (t )  Tamb (t ))
dt Czi Czi
hAwi 1 azi

Czi
(Ti1 (t )  Tzi (t )) 
Czi
a
ji
zij (Tzi (t )  Tz j (t )) 
Czi
Tzi (t )

 air C p

Czi
 sgn(T
ji
zj (t )  Tzi (t ))  Adij Tzi (t ) 2(C p  Cv ) Tz j (t )  Tzi (t ) ,

Czi   air C pVzi

air heat capacity
 HVAC System with Feedback Control
(1)
yref uc(1) y (1)
 
(1) (1)
 (1)

 1   
local linear and nonlinear dynamics
u (t )  (i ) ( is) ( i ) (i )   (Ai ) x s (t )
(i ) (i ) (i ) (1)
y
x (t ) g A( x (xt ), x(t ()t )) g ( x (t ), x ( i ) (t ))u ( i ) (t )
c( i )

h(i ) ( xinterconnection
(i )
(t ), x ( j ) (t ))dynamics
  
 h(d( i ) ((x
(i )
(i )
) y (t )( j ) 
t ))( i  (i )
(t ref), x (t)) (2)
yref (2)
uuc(2) y ( 2)
   eling uncertainty  (2) c
 (2)
 (2)

 k  yr(efi (t )   x (i ) (t )   
known disturbances mod
(i ) )

  reference
(i
) (i )
(dsignal (t ))    r (i ) (t ) , y (2)

uu( i )((ts)t ) 
uc u(t( i))(t )f a (t )f ,( i ) (t ) ,
(i ) (i ) (i )
c s s a
 : y (t )  x (permanent
s
t )  n (t) 
actuator permanent
fault
f ss (t ),
 : y (t )  x (i ) (t ) actuator
(i ) (i )
 n(i ) (tf)ault
 f s(i ) (t ) , yref
(N )
uc( N ) y( N )

permanent  (N)
 (N )
 (N )
sensor fault
y( N )
 HVAC System Modelling

 HVAC temperature dynamics represented in nonlinear state space 
form 
 
local linear and nonlinear dynamics

 s : x s (t )  As x s (t )  g s ( x s (t ), d s (t ))u s (t )
   known
interconnection dynamics
disturbances
  modeling
 uncertainty

 h s ( x s (t ), x(t ), u (t ))   s  d s (t )   r s (t ) ,

 
local linear and nonlinear dynamics

 ( i ) : x ( i ) (t )  A(i ) x (i ) (t )  g (i ) ( x s (t ), x (i ) (t ))u ( i ) (t )
 
interconnection dynamics
 knowndisturbances
 modeling  uncertainty

 h ( i ) ( x ( i ) (t ), x ( j ) (t ))   ( i ) (d ( i ) (t ))  r ( i ) (t ) ,
 Nominal Distributed Control

 Distributed control laws: 
1
 Control law for         : ucs (t )  s s s

  A s s
x (t )  h s
( x s
(t ), x(t ), u (t ))
g ( x (t ), d (t ))
  
 (d (t ))  k  yref (t )  x (t )   y ref (t ) 
s s s s s s

   
 reference signal  
1
 Control law for   : uc(i ) (t )  (i ) s (i )

  A(i ) (i )
x (t )  h (i )
( x (i )
(t ), x ( j)
(t ))
g ( x (t ), x (t ))
  
 (d (t ))  k  yref (t )  x (t )   y ref (t ) 
(i ) (i ) ( i )(i ) ( i ) ( i )

   
 reference signal  
 Sensor’s Structure:
u s (t )  ucs (t )  f as (t ),
 : y (t )  x (t )  n (t )  f (t ),
s s s s
s
s
 Faults in Actuators:
u ( i ) (t )  uc( i ) (t )  f a( i ) (t ) ,
 : y (t )  x (t )  n (t )  f (t ) ,
(i ) (i ) (i ) (i ) (i )

 s
permanent
permanent actuator fault
sensor fault
 Distributed Sensor Fault Diagnosis Scheme 

 (1) : x (1) (t )  A(1) x (1) (t )  g (1) ( x s (t ), x (1) (t ))u (1) (t )

h (1) ( x (1) (t ), x ( 2 ) (t ))   (1) (d (1) (t ))  r (1) (t )
 (2) : x (2) (t )  A(2) x (2) (t )  g (2) ( x s (t ), x (2) (t ))u (2 ) (t )
h (2) ( x (2) (t ), x (1) (t ))   (2) (d ( 2 ) (t ))  r ( 2 ) (t )
Distributed Sensor Fault Diagnosis Scheme 
 ARR:  :|  y (t ) |  y (t ),
(i ) (i ) (i )

 Boolean decision signal:
0, t  t D( i ) ( i )
D (t )  
(i )
, t D  inf {t  0 :|  (i )
y (t ) |  (i )
y (t )}
1, t  t D
(i )

 Residual generation:
 y(i ) (t )  y (i ) (t )  xˆ (i ) (t )
 Distributed nonlinear estimator:

xˆ ( i ) (t )  A(i ) xˆ (i ) (t )  g (i ) ( y s (t ), y ( i ) (t ))uc( i ) (t )

 h( i ) ( y ( i ) (t ), yi (t ))   ( i ) (d ( i ) (t ))
 L( i )  y ( i ) (t )  xˆ ( i ) (t )  ,

yi (t ) [ y ( j ) (t ) : j  i ] ,
 Distributed Sensor Fault Diagnosis Scheme 
 Distributed Fault Detection:
 Analytical redundancy relation (ARR):  ( i ) :|  y( i ) (t ) |  y( i ) (t ),
 Boolean decision signal:
 0, t  t (i )
t D( i )  inf {t  0 :|  y(i ) (t ) |  y( i ) (t )}
D ( i ) (t )   D
,
1, t  t D
(i )

 Residual generation:  y(i ) (t )  y (i ) (t )  xˆ (i ) (t )

 Distributed nonlinear estimator:

xˆ ( i ) (t )  A( i ) xˆ ( i ) (t )  g ( i ) ( y s (t ), y ( i ) (t ))uc(i ) (t )  h (i ) ( y ( i ) (t ), yi (t ))

 ( i ) (d ( i ) (t ))  L( i )  y ( i ) (t )  xˆ ( i ) (t )  ,

yi (t ) [ y ( j ) (t ) : j  i ] ,
 Distributed Sensor Fault Diagnosis Scheme 
 Adaptive threshold:
t
  e ( i )   ( i )t
n    (i )e ( t  )
(L n (i )  r (i )
(i )
(i ) (i ) (i ) (i )
y x
0

 g ( i ) (n ( i ) , n s , uc( i ) )  h ( i ) (n ( i ) , ni , y ( i ) , yi ))d ,

| g (i ) | (i )  n ( i )  n s   g ( i ) (n ( i ) , n s ),
1
| h ( i ) | p ( i )  Adij  ( i ) ( y ( i ) , y ( j ) )  a zij n ( j)
 h (i )
( n (i )
, ni , y (i )
, yi )
ji C zi ji

2 y ( j )  3 y (i ) y (i )
 (i ) ( y (i ) , y ( j ) )  n (i )  n ( j)  e( i ) ,
2 y ( j )  y (i ) 2 y ( j )  y (i )
| x (i ) (t ) | x ( i )
( i )   ( i )t
|e AL( i )t
|  e
 Distributed Sensor Fault Diagnosis Scheme 
 
nonlinear estimator

xˆ (xiˆ)s((i )t()t 

)  
A ˆx((ii)) (t )E( i )g:|((i
A xas (t ) a g y( y (t ), yy (t ))(us c (t ) c f a (t ))
(i()i )ARR’s:
ˆ i))(( i )y(sts)(t|),y ((ii)() i )
((t t )
),  ˆ (i()i() t ))u (i ) (ˆt()i )
f
a a a

((tt ),|y(yi()t())
hh(i()i() (yy(i()i )((ttE),)sy:|fˆ((yit) ))
(i ) (i ) (i )
i
(dt ),(i ) (t ))
is s s

(i )( iBoolean decisions functions:  
 
 L  (t )   s(t )ysf (t ), s
)
(
(d i )( i ) ( iˆ
i ) ( i ) (t ))  (L )
(ti ))   ( i ) (t ) fˆ ( i ) (t ),
(
a ya  a (i )
adaptive filter
0, t t a 
 0, t  t (i )

 
I I

 I (i )
( t ) 
a
adaptive
 , I (i )
filter
( i ) 
( t ) 
s
,
t  (tiI)a 1, t  (tiI s)
a s (i )
 ( i ) (t )(iA) ( i ) (i ) (t()1,
    (i ) (i )
s a (Lt ) (is) AL as ((ti))  g(i ) c ( y ((ti )), y (t )) ,
i ) L( i ) u ( i ) ( t )s
t I a  inf {t ( it)D :|  ya (t ) |  ya (t )}
 law (i ) ˆ ( i ) ( j )

(i )

 p t (i ) Ainf
adaptive
dij {t (i ) t y
ˆfa(i ) (Residual generation: (xi )

(i )
:|  ( i) f
( t ) 
s| , y (t )}
(i ) ,
t )  a a (t ) D  ya (t )  , (i ) s  (i )
I D y y
js Ki (i ) s

 
 adaptive law

ˆ ( i ) ( i )  y (( it))  y (t ) 
(i ) (i ) (i )
f s (t )   s ( s (t )  1) D a (y(tis),) (t )  ,
a
ˆ
( i )x

(i )
 y (t )  y (t )  xˆs (t )  fˆs ,
s
(i ) (i ) (i )
 Distributed Sensor Fault Diagnosis Scheme 
 Local Fault Identification:
 ARR’s: Ea( i ) :|  y( ia) (t ) |  y(ai ) (t ),
Es( i ) :|  y( is) (t ) |  y(si ) (t ),

 Boolean decisions functions:

 0, t  t (i )

 0, t  t (i )
t I(ai )  inf {t  t D(i ) :|  y( ia) (t ) |  y(ai ) (t )}
I a( i ) (t )   I s( i ) (t )  
I a I s
, ,
1, t  t I a
(i )
1, t  t I s
(i )
t I(si )  inf {t  t D(i ) :|  y( is) (t ) |  y(si ) (t )}
 Residual generation:
 y(i ) (t )  y (i ) (t )  xˆa(i ) (t ),
a

 y(i ) (t )  y (i ) (t )  xˆs(i ) (t )  fˆs(i ) ,

s
 Distributed Sensor Fault Diagnosis Scheme 
 Local Fault Identification:
 Distributed adaptive nonlinear estimation scheme:
 
nonlinear estimator

xˆa (t )  A xˆa (t )  g ( y (t ), y (t ))(uc (t )  fˆa(i ) (t ))  h(i ) ( y ( i ) (t ), yi (t ))   (i ) (d (i ) (t ))

( i ) ( i ) ( i ) ( i ) s ( i ) ( i )


 L(ai ) y(ia) (t )  (ai ) (t ) fˆa(i ) (t ),

 
adaptive filter
 adaptive  law

 (t )  A  (t )  g ( y (t ), y (t )), ˆ ( i )
 (
a
i ) (
L
i ) (
a
i ) ( i ) s ( i )
f a (t )   a(i ) (ai ) (t ) D (i )  y(ia) (t )  ,

 
nonlinear estimator

xˆs (t )  A xˆs (t )  g ( y (t ), y (t )  fˆs (t ))uc (t )  h ( y (t )  fˆs (t ), yi (t ))   (d (t ))
( i ) ( i ) ( i ) ( i ) s ( i ) ( i ) ( i ) ( i ) ( i ) ( i ) ( i ) ( i )


 L(si ) y(is) (t )  (si ) (t ) fˆ ( i ) (t ),
 
adaptive filter
 
adaptive law

 ( i ) (i ) ˆ (i ) ( j )
 s (t )  AL  s (t )  Ls   uc (t )  p  Adij (i ) y  f s , y ,
 (i ) (i ) (i ) (i ) (i ) (i ) (i )

jKi x
  
fˆs( i ) (t )   s(i ) ((si ) (t )  1) D ( i )  y( is) (t )  ,
 Distributed Sensor Fault Diagnosis Scheme 

 Fault Isolation
 Observed fault pattern: I (t )  [ I a (t ), I s (t )]
(i ) (i ) (i ) 

(i )
 Fault isolation signature matrix F


 0, if f (i )
  (i )
(t ) f   (i)
(t) or D (i)
(t)=0
I Ki (t )  
(i ) s I K i I

 1, if f s
(i)
  (i)
I (t) or f Ki   (i)
I (t)
 Distributed Sensor Fault Diagnosis Scheme 

 Distributed Fault Isolation:

 Observed fault pattern of propagated sensor faults:I Ki (t )   I K( jj) (t ) : j  K i  {i}
 Fault isolation signature matrix F(ii )

f s(1,2)   f s(1) , f s(2)  f s(1,3)   f s(1) , f s(3)  f s(2,3)   f s(2) , f s(3)  f s(1,2,3)   f s(1) , f s(2) , f s(3) 
 Simulation Results
 Consider a seven‐zone HVAC system where the architectural arrangement of 
the seven zones is presented by the diagram
PA RA M ETERS OF THE SEV EN - ZONE HVAC SY STEM

ust Symbol Value Units

u1 u2 u5 azi , i ∈{ 1, 2,3, 4, 5,6, 7} 740 kJ/hoC
az12 , az13 , az24 , az34 , az45 , az46 , az47 , az56 , az67 50 kJ/hoC
Ad ,12 Ad ,24 Ad ,45
ast 12 kJ/kgoC
asz 0.6 kJ/kgoC
Zone 4

Ad ,13 Ad ,23
Cst 837 kJ/oC
Ad ,56
u3 Ad ,34 Cp 1.004 kJ/kgoC
Ad ,46
u6 Cv 0.717 kJ/kgoC
uN 2 u4 r air 1.225 kg/m3
Czi , i ∈{ 1,2, 3, 4,5, 6, 7} 370 kJ/oC
Ad ,67
Ui,max , i ∈{ 1,2, 3, 4, 5, 6, 7} 3700 kg/h
uN u N 1 u7 Ust,max 27.36 ×104 kJ/h
Ad ,47
Pmax 3.5
o
DTmax 45 C
Aw,i , i ∈{ 1, 2,3, 4, 5, 6, 7} 120 m2
h 8.29 W/moC
Ad,12, Ad,13, Ad,24, Ad,34 2.60 m2
Ad,45, Ad,46, Ad,47, Ad,56, Ad,67 2.60 m2
 Simulation Results
 Consider a seven‐zone HVAC system where the architectural arrangement of 
the seven zones is presented by the diagram

ust
u1 u2 u5
Ad ,12 Ad ,45
Sensor fault Ad ,24

Zone 4
Ad ,13 Ad ,23

Ad ,56
u3 Ad ,34

Ad ,46
u6
uN 2 u4
Ad ,67

uN u N 1 u7
Ad ,47 Sensor fault
 Simulation Results

 s (2)  (3)

 (1)

(4) 
(5)
(6)
 (7)
 Simulation Results

 (2)
 (3)

 s
 (1)

 (4)
 (6)

 (5)  (7)
 Simulation Results
 Consider a 83‐zone HVAC system where the architectural arrangement of the 
83 zones is presented by the diagram

Papadopoulos M. P., Reppa V., Polycarpou M. M., Panayiotou C., “Distributed Diagnosis of Actuator 

and Sensor Faults in HVAC systems,” IFAC World Congress 2017.
 Simulation Results
 Multiple Faults occurring consecutively

f  2)  30%un
f a(1) (t (1) (1)
Actuator  fault

Sensor fault f s(3) (t (3)

f  2.5)  20% y (3)
ref
 Simulation Results

 Multiple Fault Scenario

 f  2)  30%un
f a(1) (t (1)
(1) (1)
 Actuator fault in         :
 (3)
 Sensor fault in          : f s(3) (t (3)
f  2. 5)  20% y (3)
ref

 The parameters of each subsystem are:
azi  740, i  {1,, N }, azij  50, ast  12, asz  0.6, Cst  83700, C p  1.004,
Cv  0.717,  air  1.22, C zi  370,U i ,max  3700, i  {1,, N },U st ,max  27.36  105 , p  2.5,
Tmax  45, Awi  120, i  {1,, N }, h  8.29, Adij  1.95, i  {1,, N }, j  i
 It is assumed that the exogenous uncontrollable signals are constant

d1s  10o C , d 2s  5o C , d1( i )  5o C , d 2( i )  10o C , i {1,, N }

 The modeling uncertainty in each subsystem r  10%d1 sin(0.1t ),

s s

r (i )  10%d1( i ) sin(0.1t )
 Simulation Results
 Have a look at the distributed monitoring agents located at:
Zones { 1‐10, 81, 82, 83}

1‐10
81

82
83
Simulation Results
Simulation Results
 Simulation Results
 Local Fault Identification in Zone 1:
 Simulation Results
 Local Fault Identification in Zone 3:
 Remarks on Fault Diagnosis for HVAC Systems

 A distributed fault diagnosis (FD)methodology for isolating 
actuator and sensor faults in a multi‐zone HVAC system is 
presented. 
 The proposed architecture relies on the deployment of several 
distributed monitoring agents, which are allowed to exchange 
information. 
 Every agent is designed to detect the presence of faults, identify 
the type and infer the number and location (local or propagated 
faults). 
 Concluding Remarks

 Monitoring and security of interconnected

cyber-physical systems is a key area of growth
 Fault diagnosis will play a key role in big data
computing and Internet of Things (IoT)
 Trend towards more sensors but cheaper
sensors  more susceptible to faults
 Need for smart software to address faulty
behavior of hardware
 Acknowledgements
 Colleagues and Graduate Students: Vasso Reppa, Christos
Panayiotou, Thomas Parisini, Xiaodong Zhang, Panayiotis
Papadopoulos, Demetris Eliades, Michalis Michaelides,
Chris Keliris, Stelios Timotheou, Riccardo Ferrari.

 This work is funded by the European Research Council

Advanced Grant FAULT-ADAPTIVE (ERC-AdG-291508)