9th IFAC Symposium on Fault Detection, Supervision and

9th IFAC
Safety of Symposium on Fault Detection, Supervision and
Technical Processes
9th IFAC
Safety of Symposium
Technical on Fault Detection, Supervision and
Processes
9th IFAC
September Symposium
2-4, 2015. on Fault
Arts Detection,
et Métiers Supervision
ParisTech, Paris, and
France
Safety of
September
Safety Technical Processes
2-4, 2015.
of Technical
Available online at www.sciencedirect.com
Arts et Métiers ParisTech, Paris, France
Processes
September
September 2-4, 2015. Arts et Métiers ParisTech, Paris, France
2-4, 2015. Arts et Métiers ParisTech, Paris, France
ScienceDirect
IFAC-PapersOnLine 48-21 (2015) 1315–1320
Availability
Availability analysis
analysis of
of systems
systems using
using
Availability
Availability analysis
analysis
random set of
of systems
systems
theory using
using
random
random set
set theory
theory
random
∗
set ∗theory ∗
Y. Hou ∗ M. Sallak ∗ W. Schön ∗
Y. Hou ∗ M. Sallak ∗ W. Schön ∗
Y.
Y. Hou
Hou ∗ M.M. Sallak
Sallak ∗ W.
W. Schön
Schön ∗
∗
∗ Sorbonne Universités, Université de Technologie de Compiègne,
∗ Sorbonne
CNRS, UMR
Universités, Université de Technologie de Compiègne,
7253 Heudiasyc - CS 60 319 - 60 203 Compiègne cedex,
∗ Sorbonne Universités, Université de Technologie de
Sorbonne
CNRS, UMR Universités, Université
7253 Heudiasyc - CS 60de319Technologie de Compiègne,
Compiègne,
- 60 203 Compiègne cedex,
CNRS, France.
UMR
CNRS, UMR (e-mail:
7253
7253 yunhui.hou,sallakmo,wschon@utc.fr).
Heudiasyc
Heudiasyc -
- CS 60 319 - 60 203 Compiègne cedex,
CS 60 319 - 60 203 Compiègne cedex,
France. (e-mail: yunhui.hou,sallakmo,wschon@utc.fr).
France.
France. (e-mail:
(e-mail: yunhui.hou,sallakmo,wschon@utc.fr).
yunhui.hou,sallakmo,wschon@utc.fr).
Abstract: In this paper, we introduce the use of random set theory for availability assessment
Abstract: In this paper, we introduce the use of random set theory for availability assessment
of systems with
Abstract:
Abstract: In
In thisrarepaper,
this failurewe events.
introduceInstead the of
the useusing
use of failure set
of random probabilities
theory
theory for forcalculated
availability directly
assessmentfrom
of systems with rarepaper,
failureweevents.
introduceInstead of usingrandom
failure set
probabilities availability
calculated assessment
directly from
each
of
of component’s
systems
systems with
with rare observation,
rare failure we
events.
failure events. propose
Instead toofconstruct
using
Insteadtoofconstruct pseudo-system
failure
using failure probabilities
probabilities observations
calculated directly
calculated directly from from
each component’s observation, we propose pseudo-system observations
components
each
each component’s
component’s observations.
observation,
observation, We we then applied
propose to operationspseudo-system
to construct defined in the random set
observations framework
directly from
components observations. We we then propose
applied construct
operationspseudo-system
defined in the observations
random set directly
framework from
(expectations,
components
components confidence
observations. intervals,
We then etc.)
applied to obtain
operationsupper and
defined lower
in the bounds
random andset confidence
framework
(expectations,observations. We then applied
confidence intervals, etc.) to operations
obtain upper defined
and in the bounds
lower random and set framework
confidence
intervals of system
(expectations,
(expectations, availability
confidence
confidence without
intervals,
intervals, etc.)assuming
etc.) to
to obtain
obtainany priorand
upper
upper distribution
lower
lower bounds aboutand failures of the
confidence
intervals of system availability without assuming any priorand distribution bounds
aboutand confidence
failures of the
system
intervals
intervals components.
of system Finally,
availability
of system availability a case study
without
without is used
assuming to prove
any the
prior efficiency
distribution of the
about proposed
failures method
of
of the
system components. Finally, a case studyassuming
is used toany proveprior
the distribution
efficiency of the about failuresmethod
proposed the
and a comparison
system
system components.
components. with imprecise
Finally,
Finally, a
a case
case probability
study
study is approach
is used
used to
to provebased
prove theon
the Monte-Carlo
efficiency
efficiency of thesimulations
of the proposed
proposed method is also
method
and a comparison with imprecise probability approach based on Monte-Carlo simulations is also
done.a
and
done.a comparison
and comparison with with imprecise
imprecise probability
probability approach
approach based
based on on Monte-Carlo
Monte-Carlo simulations
simulations is is also
also
done.
©
done.2015, IFAC (International Federation of Automatic Control)
Keywords: Availability, random set theory, rare events failures, confidence intervals.Hosting by Elsevier Ltd. All rights reserved.
Keywords: Availability, random set theory, rare events failures, confidence intervals.
Keywords:
Keywords: Availability,
Availability, random random set set theory,
theory, rare
rare events
events failures,
failures, confidence
confidence intervals.
intervals.
1. INTRODUCTION possibility theory (Dubois and Prade (1988)), random set
1. INTRODUCTION possibility theory (Dubois and Prade (1988)), random set
1.
1. INTRODUCTION
INTRODUCTION theory (Manski
possibility
possibility theory
theory (1995)),
(Dubois
(Dubois etc.
and
and Prade
Prade (1988)),
(1988)), randomrandom set set
theory (Manski (1995)), etc.
theory
theory (Manski
(Manski (1995)),
(1995)),is etc.etc.
The random set theory a mathematical theory which can
The purpose of an availability assessment is to predict the The random set theory is a mathematical theory which can
The purpose of an availability assessment is to predict the The handle
The in a unique
random
random set
set theory framework
theory is both aleatory
is aa mathematical
mathematical and which
theory
theory epistemic
can
probability
The
The purposethat
purpose of
of an theavailability
an system is operating
assessment atisa to
specified
predicttime
predict the handle in a unique framework both aleatory and which can
epistemic
probability that theavailability assessment
system is operating atisa to
specified the handle
time uncertainties.
handle in a It
unique
in a unique is an extension
framework
framework both
both of probability
aleatory
aleatory and theory
epistemic
and theory
epistemic to
tprobability
(Barlow and
probability that Proschan
the
thatProschan system
the system (1975)).
is The
operating
is operating system
at a availability
specified
at a specified time uncertainties.
time uncertainties. It is an extension of probability to
t (Barlow and (1975)). The system availability set-valued
uncertainties. rather It
It isthan
is an point-valued
extension
an point-valued
extension ofmaps of maps (Manski
probability
probability (1995)).
theory
theory to
to
ttis (Barlow
computed and from the
Proschan system’s
(1975)). components
The system failure prob-
availability set-valued rather than (Manski (1995)).
is (Barlow
computed andfrom Proschan (1975)).components
the system’s The systemfailure availability Probabilityrather
prob- set-valued
set-valued and possibility
than distributions
than point-valued mapscan
maps be interpreted
(Manski (1995)).
abilities
is
is computed
computedat afrom giventhe time t. However,
system’s components these failure
probabilities
prob- Probabilityratherand possibility point-valued
distributions (Manski
can (1995)).
be interpreted
abilities at afrom giventhe system’s
time components
t. However, these failure prob- Probability
probabilities as random and
Probability sets.possibility
and The random
possibility set theory
distributions
distributions can
can was
be
be first ap-
interpreted
interpreted
can be
abilities
abilities difficult
at a
at a given to
given be estimated
time t. in
However, the presence
these of insuffi-
probabilities as random sets. The random set theory was first ap-
can be difficult to betime t. However,
estimated these probabilities
in the presence of insuffi- as plied
as in identification
random
random sets.
sets. The Theproblems
randomof
random social
set
set interactions.
theory
theory was firstSome
was first ap-
ap-
cient
can
can failure
be data
difficult to (De
be Rocquigny
estimated in (2008)).
the This
presence is
of partic-
insuffi- plied in identification problems of social interactions. Some
cientbefailure
difficult
data to (De
be estimated
Rocquignyin (2008)).
the presence This of is insuffi- examples
partic- plied in from criminology,
in identification problemsdemography,
problems of
of social epidemiology,
social interactions. Some
ularlyfailure
cient
cient the case data for(Dehighly reliable(2008)).
Rocquigny components This with
This is rare plied
is partic- examples identification
from criminology, demography, interactions. Some
epidemiology,
ularlyfailure
the case data for(De Rocquigny
highly reliable(2008)).
components with partic- economics,
rare examples
examples etc.
from
from for finding
criminology,
criminology, bounds
demography,
demography,on the predictions
epidemiology,
epidemiology, in
events
ularly
ularly failures
the case (or
for zero
highlyfailures).
reliable Furthermore,
components some
with rare economics, etc. for finding bounds on the predictions in
events the case (or
failures for zero
highly reliableFurthermore,
failures). components some with rare economics,
presence of etc.
economics, non-experimental
etc. for
for finding
finding and experimental
bounds
bounds on
on the
the data were
predictions
predictions in
in
events failures
events failures (or may
(or cause
zero major
failures). degradation
Furthermore, in
somesystems
rare presence of non-experimental and experimental data were
mayzero causefailures).
major Furthermore,
degradation insome rare presence
systems also provided
presence of (Manski
non-experimental
of non-experimental (1995)). and
andThe The random
experimental
experimental set
data
datatheory
were
were
and
events
events should
failures
failuresnever may be
maybecauseneglected
cause major during
majorduring the
degradation
degradation system
in avail-
systems
in systems also provided (Manski (1995)). random set theory
and should never neglected the system avail- alsowas also
also applied
provided
provided in problem
(Manski
(Manski (1995)).
(1995)). inference
The
The random from incomplete
random set
set theory
theory
ability
and
and computing
should
should never
never be process.
be neglected
neglectedIn thisduring
duringcase,the thesystem
componentsavail- was also applied in problem inference from incomplete
ability computing process. In this case,the thesystem
componentsavail- was data
was (Horowitz
also
also applied
applied et al.
in (2003)).
problem
in (2003)).
problemThe The authors
inference
inference considered
from
from that
incomplete
incomplete
failure
ability
ability probabilities
computing
computing process. are
process. not only
In this affected
case, by
the randomness
components data (Horowitz et al. authors considered that
failure probabilities are not In onlythisaffected
case, the by components
randomness data the
data bounds
(Horowitz
(Horowitz of population
et
et al. (2003)).
al. (2003)). parameters
The authors
The authors can be estimated
considered
considered that
that
(aleatory
failure
failure uncertainty)
probabilities
probabilities arebut
arebutnotalso
only
notalso by imprecision
affected
onlybyaffected by (epistemic
randomness
by randomness the bounds of population parameters can be estimated
(aleatory uncertainty) imprecision (epistemic the consistently
the bounds by
bounds of replacing
of population
population theparameters
population distribution
can
can be of the
be estimated
uncertainty).
(aleatory
(aleatory uncertainty)
uncertainty) but but also
also by by imprecision
imprecision (epistemic consistently
(epistemic consistently by replacing theparameters
population distribution estimated
of the
uncertainty). data with
consistently the by empirical
replacing
byempirical distribution
the
replacingdistribution population
the population in the functional
distribution
distribution ofthat
of the
the
uncertainty).
uncertainty). data with the in the functional that
Indeed, during the last years, the dependability and risk data give the
with bounds.
the In
empirical Tamer (2003),
distribution the
in author
the considered
functional that
Indeed, during the last years, the dependability and risk data withbounds.
give the
an example
the empirical
of an In
In Tamer
incomplete
distribution
(2003), the
econometric
in the
authorfunctional
structure
that
considered
which
assessments
Indeed, duringcommunity
the
the last has recognized
last years, the that thereand
the dependability are risk
dif- give the
the bounds. Tamer
Tamer (2003), the
the author considered
Indeed,
assessmentsduringcommunity years,
has recognized dependability
that thereand dif- give
are risk an example
is used
bounds.
by
of an In
economists
incomplete
to
(2003),
make
econometric author
simplifying
structureconsidered
which
assumptions
ferent sources/types
assessments community of uncertainties
has recognized that play
there an
are im-
dif- an example of an incomplete econometric structure which
assessments community
ferent sources/types of has recognized that there
uncertainties play are im- an
an dif- example
is used
andused
of an incomplete
by economists
to avoid multiplicity.
to make econometric
A bivariate
simplifying structure which
assumptions
simultaneous dis-
portantsources/types
ferent role in availability of and risk evaluation
of uncertainties that
that playplay(Winkler
an im- is
an im- is by
by economists to
to make simplifying assumptions
ferent
portantsources/types
role in availability uncertainties
and risk evaluation (Winkler andusedto avoid economists
multiplicity. make
A bivariatesimplifying assumptions
simultaneous dis-
(1996);
portant Aven
role (2011)).
in The
availability most
and common
risk distinction
evaluation is
(Winkler to crete
and response
to avoid model
multiplicity. which A is a stochastic
bivariate representation
simultaneous dis-
portant role in
(1996); Aven availability
(2011)). The mostand common
risk evaluationdistinction is to and
(Winkler creteto avoid multiplicity.
response
of equilibria
model whichAis bivariate a stochastic simultaneous
representation dis-
divide uncertainties
(1996);
(1996); Aven
Aven (2011)).
divide uncertainties(2011)). into
into
The
Thealeatory
most
most common
aleatory
and epistemic
common
and epistemic
uncertain-
distinction
distinction is to crete
is to
uncertain- crete responsein
response
of equilibria
a two-person
model
inmodel
which
which is
a two-person is discrete
aa stochastic
stochastic
discrete
gamerepresentation
was studied.
gamerepresentation
was studied.
ties
divide (Apostolakis
uncertainties (1990);
into Helton
aleatory and
and Burmaster
epistemic (1996)).
uncertain- Molchanov
of equilibria and
in a Molinari
two-person (2014)discretepresented
game a review
was studied.of
divide uncertainties
ties (Apostolakis into aleatory
(1990); Helton and and epistemic
Burmaster (1996)). of
uncertain- equilibriaand
Molchanov
applications
in aMolinari
of
two-person
random set
(2014)discrete
theory
game was
presented
in
studied.
a review
econometrics. Even
of
The
ties former comes
(Apostolakis from
(1990); the natural
Helton variability
and Burmaster of a random
(1996)). Molchanov and Molinari (2014) presented a review of
ties
The (Apostolakis
former comes (1990); from theHelton
naturaland Burmaster
variability random Molchanov
of a (1996)). applications and Molinari
of random
though the availability
set(2014)
theory presented
in econometrics. a review Evenof
eventformer
The
The (for example
eventformer
comes
comes from
(for example
failure
from theor
the
failure
reparation
natural
natural
or
of a component),
variability
variability
reparation
of
of a random applications
a random
of a component), applications of
though the availability random studies
of random set
set theory
theory
studies
of systems
in
of systems
was performed
in econometrics.
econometrics.
was performed
Even
Even
while
event the
(for latter
example represents
failure the
or lack of
reparation knowledge.
of a Aleatory
component), using
though several
the uncertainty
availability theories
studies of (Fuzzy
systems set
was theory (Cai
performed
event (forlatter
while the example failure the
represents or reparation
lack of knowledge. Aleatory though
of a component),
(1996)),
the availability
using several
belief
uncertainty
functions
studies
theories
theory
of systems
(Fuzzy set
(Aguirre et
wastheory
al.
performed
(2013)),
(Cai
im-
uncertainty
while the is
latter often referred
represents the to as
lack irreducible
of knowledge. uncertainty
Aleatory
Aleatory using using several
several uncertainty theories (Fuzzy set theory (Cai
while the latter
uncertainty represents
is often referredthetolack of knowledge.
as irreducible uncertainty (1996)), beliefuncertainty
functions theory theories (Fuzzyet set
(Aguirre theory (Cai
al. (2013)), im-
because
uncertainty a better
is understanding
often referred to of
as the natural
irreducible phenomena
uncertainty precise
(1996)), probabilities
belief functions (Coolen
theory (2004)),
(Aguirre etc.),
et in
al. our
(2013)),knowl-
im-
uncertainty
because a better is often referred to as
understanding irreducible
of the phenomena (1996)),
natural uncertainty edge, the
belief functions
precise probabilities
problem of
theory(2004)),
(Coolen
assessing
(Aguirre
system
et al.in(2013)),
etc.), our knowl-
availability
im-
has
cannot reduce
because a betterit.
a better On the contrary,
understanding of theimproving
of the natural
natural phenomenaour back- precise probabilities (Coolen (2004)), etc.), in
in our
our knowl-
because
cannot reduce it.understanding
On the contrary, improving our back- precise
phenomena edge, the
never
probabilities
been
problem of
tackled
(Coolen
using
assessing
random
(2004)), system
set
etc.),
theory.
availability
Thus,
knowl-
we
has
are
ground
cannot knowledge
reduce it. Oncan reduce
the our
contrary, epistemic
improving uncertainty
our back-
our back- edge, edge, the problem
the problem of assessing
of assessing system
system availability
availability has
cannot
ground reduce
knowledge it. On canthe contrary,
reduce improvinguncertainty
our epistemic never been tackled using random set theory. Thus, we has are
therefore,
ground we call
knowledge it reducible
can reduce uncertainty.
our epistemic These consider-
uncertainty convinced
never been that
tackledit will be
using interesting
random set to investigate
theory. Thus, the
we use
are
ground
therefore, knowledge
we call it can reduceuncertainty.
reducible our epistemic These consider- never
uncertainty convincedbeenthat
of such theory
tackledit willusing random setto
be interesting theory. Thus,the
investigate we use
are
ations have
therefore,
therefore,
ations have wefostered
we call
call it
fostered
the use of
it reducible
reducible
the use of
other alternative
uncertainty.
uncertainty. These theories convinced
These consider-
other alternative theories convinced
consider- of such theory thatand
that it
and
to study
it will
will be
to study
its advantages
be interesting
interesting
its advantages
to and drawbacks
to investigate
investigate the
the use
and drawbacks use
for
ations
ationstaking
have into
haveinto account
fostered
fostered theboth
use
theboth aleatory
of
usealeatoryother
of otherand and epistemic
alternative
alternative uncer-
theories in
of
of availability
such
such theory
theory assessment
and
and to
to study
study when
its
its considering
advantages
advantages and
andsystems with
drawbacks
drawbacks
for taking account epistemictheories
uncer- in availability assessment when considering systems with
highly reliable assessment
components.when
tainties
for takingsuch
intoas
into imprecise
account bothprobabilities
both aleatory
aleatory and and (Walley
epistemic(1991)),
epistemic uncer- in
uncer- in availability
availability considering systems with
for taking
tainties such asaccount
imprecise probabilities (Walley (1991)), highly reliable assessment
components.when considering systems with
belief
tainties functions
such as theory
imprecise (Dempster (1967);
probabilities Shafer
(Walley (1976)),
(1991)), highly reliable components.
tainties such as theory
belief functions imprecise probabilities
(Dempster (1967);(Walley (1976)), highly reliable components.
Shafer (1991)),
belief
belief functions
functions theorytheory (Dempster
(Dempster (1967); (1967); Shafer
Shafer (1976)),
(1976)),
Copyright
2405-8963 © © 2015,
2015 IFAC 1315Hosting by Elsevier Ltd. All rights reserved.
IFAC (International Federation of Automatic Control)
Copyright © 2015 IFAC 1315
Copyright
Peer review © 2015
under IFAC
responsibility
Copyright © 2015 IFAC of International Federation of 1315
Automatic
1315Control.
10.1016/j.ifacol.2015.09.707
SAFEPROCESS 2015
1316
September 2-4, 2015. Paris, France Y. Hou et al. / IFAC-PapersOnLine 48-21 (2015) 1315–1320
This paper aims to overcoming the problem of the com-
putation of systems availabilities in the presence of rare
events failures by proposing the use of random set theory
and thus obtaining upper and lower bounds of system
availability without assuming any prior distribution about
failures of these components. Particularly, we will prove
that the proposed propagating method based on random
set theory is more efficient than imprecise probability
approach based on Monte-Carlo simulations.
The rest of this paper is organized as follows. Section
2 reviews the preliminaries about random set theory.
Section 3 introduces the failure probability estimation of
components. Section 4 constructs the propagation method
to obtain availability of systems from components failure
events and lists two numerical examples to explain the
proposed approach. Section 5 illustrates a case study to
demonstrate the effectiveness of the proposed approach by
comparing it with imprecise probability approach based on
Monte-Carlo simulations. Section 6 concludes the whole
paper.
2. RANDOM SET THEORY
In this section, we begin with reviewing basic elements
of random set theory. Before introducing the definition of
closed random set, we firstly review the definition of ran-
dom variable on R which is a special case of closed random
set. Then we introduce the definitions of expectation and
confidence interval in random set theory framework.
2.1 Random set theory
Let us consider the probability space (Ω, A, P), where Ω
is the sample space (the set of all possible outcomes), A
is the σ-algebra (the set of subsets of Ω), and P is the
probability measure such that P : A → [0, 1].
Definition 1. A random variable on the probability space
(Ω, A, P ) is a measurable real map X : Ω → R, where the
property of measurability means that for every compact
set K ⊂ R, the set X − (K) is an event in the probability
space, i.e.
X − (K) = {ω ∈ Ω|X(ω) ∈ K} ∈ A
Definition 1 means that observing X one can always say
if X belongs to any given compact set K ⊂ R.
Definition 2. (Matheron (1975)) A closed random set on
the probability space (Ω, A, P) is a measurable map X :
Ω → F , where F is a family of closed subsets of R
associated to Ω, and the property of measurability means
that the set X − (K) is an event in the probability space,
i.e.
X − (K) = {ω ∈ Ω|X(ω) ∩ K = ∅} ∈ A
Definition 2 means that observing X one can always say
if X hits or misses any given compact set K ⊂ R. We
can conclude that the random closed set X is an object
with set-value, and that the theory of random closed sets
includes the classical case of random variables as a special
case.
Definition 3. (Matheron (1975)) The corresponding prob-
ability law (hitting probability) of a random closed set X
is defined as
T (K) = P{X ∩ K = ∅}
1316
for all compact sets K ⊂ R.
2.2 Expectation of random sets
The most used concept of expectation for random set is
the selection expectation (also called the Aumann expec-
tation).
Definition 4. (Aumann (1965)) A random point ξ is said
to be a selection of a random set X if ξ ∈ X almost surely,
i.e.
P(ξ ∈ X) = 1
A closed random set can be approximated by all its
selections. Let X be a closed random set on Rd . A random
variable is called integrable if its expected value exists. If
X possesses at least one integrable selection over Rd , then
X is called integrable. The expectation of X is defined by
grouping the expected value of all its integrable selections.
Definition 5. (Aumann (1965)) The (selection or Au-
mann) expectation E(X) of an integrable random closed
set X on Rd is the closure of the family of all expectations
for its integrable selections, i.e.
E(X) = {E(ξ)|ξ ∈ T (X)}
where T (X) is the set of all integrable selections of X.
2.3 Random intervals
In this paper, we use random interval, which is a special
case of random closed set on R to represent system
(un)availability.
Definition 6. (Gil (1992)) A random interval X of R
associated with the probability space (Ω, A, P) is a random
set of R associated with that probability space such that it
may be characterized by means of a bi-dimensional random
variable (X L , X U ) (associated with the space) such that
X L ≤ X U almost surely, i.e.
P(X L ≤ X U ) = 1
so that X(ω) = [X (ω), X U (ω)], for all ω ∈ Ω, and it will
L
be denoted by X = [X L , X U ].
If X L and X U are integrable random variables, a selection
of X = [X L , X U ], s, defined as
s = X L + ν(X U − X L ), ν ∈ [0, 1]
is also integrable. Then, we have
T (X) = {s : s = X L + ν(X U − X L ), ∀ν ∈ [0, 1]}
The expectation of X = [X L , X U ] becomes
E(X) = [E(X L ), E(X U )]
Example 1. Let U1 , U2 , ..., Un be independent and identi-
cally distributed random variables following uniform dis-
tribution U (0, 1). Let U(i) the ith smallest value among
U1 , U2 , ..., Un , i.e.
U(1) ≤ U(2) ≤ ... ≤ U(n)
The random set X = [U(k) , U(k+1) ], k = 1, ..., n − 1, is a
random interval as
P(U(k) ≤ U(k+1) ) = 1
Since we also have
U(k) ∼ Beta(k, n − k + 1)
the expectation of X = [U(k) , U(k+1) ] is given by
k k+1
E(X) = [E(U(k) ), E(U(k+1) )] = [ , ]
n+1 n+1
 SAFEPROCESS 2015
September 2-4, 2015. Paris, France Y. Hou et al. / IFAC-PapersOnLine 48-21 (2015) 1315–1320 1317
2.4 Confidence interval
Consider a random variable X ∈ X ⊂ R whose distribu-
tion depends on parameter θ = (θ1 , ..., θm ), θ ∈ Θ ⊆ Rm
(Nguyen (2006)) where Θ is the parameter space. Let
ϕ(θ) ∈ R a parameter of the distribution of X derivated
from θ, for example, P{X ≤ c} with a constant c ∈ R.
In the point of view of random set, given ξ a certain
number of observations of X, the random set C(ξ) ⊂
R which contains the true value parameter ϕ(θ) only
depending on ξ is called a confidence set for ϕ(θ) at
(confidence) level 1 − α if for all possible value of θ,
Pθ {ϕ(θ) ∈ C(ξ)} ≥ 1 − α (1)
where dPθ = f (x, θ)dx.
There are many random sets that satisfy the condition in
Eq. 1. In order to narrow down the selection field, we can
fix some conditions. For example, we choose continuous
forms such as random intervals and minimize the norm of
C so that the shortest or the most optimistic confidence
interval C(ξ) = [c1 (ξ), c2 (ξ)] can be given by as
Pθ {ϕ(θ) ∈ [c1 (ξ), c2 (ξ)]} = 1 − α
Notice that here we use point estimate of ϕ(θ) to construct
the confidence interval.
Now we extend the use of confidence interval to ap-
ply on interval estimates of ϕ(θ). Let a random interval
[aL (ξ), aU (ξ)] with known cumulative distribution func-
tions FL (ξ) and FU (ξ) independent from all parameters
θ be the interval pivot of the target parameter ϕ(θ) such
that
P(aL (ξ) ≤ ϕ(θ) ≤ aU (ξ)) = 1
The confidence interval of ϕ(θ), C  (ξ) = [tL (ξ), tU (ξ)] at
level 1 − α satisfies the following equation
Pθ {ϕ(θ) ∈ [tL (ξ), tU (ξ)]} ≥ 1 − α
Then we have
Pθ {[aL (ξ), aU (ξ)] ⊂ [tL (ξ), tU (ξ)]} ≥ 1 − α
⇔ Pθ {tL (ξ) ≤ aL (ξ) ≤ aU (ξ) ≤ tU (ξ)} ≥ 1 − α
Since P(aL (ξ) ≤ aU (ξ)) = 1, on minimizing its length, we
approximate final chosen confidence interval [tL (ξ), tU (ξ)]
by
[tL (ξ), tU (ξ)] = [FL−1 (α/2; ξ), FU−1 (1 − α/2; ξ)] (2)
where FL−1 (α; ξ) and FU−1 (α; ξ) are respectively the α-
quantile function of FL and FU .
3. ESTIMATION OF FAILURE PROBABILITY OF
COMPONENTS
In this section, we will explain how to obtain upper and
lower expected values and confidence intervals of compo-
nents failure probabilities from observation data. Note that
the state of a component will be represented by a random
variable X ∈ {0, 1}, where 1 and 0 denote respectively
the working and failed states of the component. Thus, the
failure probability of a component given some observations
O = {X1 , X2 , ..., Xn } which contains n samples of a ran-
dom variable X will be represented by a random variable
P , i.e. P = P{X = 0|O}.
1317
3.1 Expected values
We assume that we have observed k failures (k is the num-
ber of Xi = 0) among the n observations in O. According
to the theorem introduced in David and Nagaraja (2003),
and more detailed in Aguirre et al. (2013), the upper and
lower random variables P L and P U of P = P{X = 0|O}
are respectively the k and k + 1 order statistics U(k) and
U(k+1) of U1 , U2 , ..., Un which are n random variables inde-
pendent and identically distributed following the uniform
distribution U (0, 1) (David and Nagaraja (2003)). Then,
we can write as in Aguirre et al. (2013)
P L = U(k) ∼ Beta(k, n + 1 − k) (3)
P U = U(k+1) ∼ Beta(k + 1, n − k) (4)
Since P L ≤ P U almost surely, [P L , P U ] ⊆ [0, 1] is
a random interval. Then P = P{X = 0|O} can be
represented in form of a random interval as
P{P ∈ [P L , P U ]} = 1
The expected value of P is then given by
k k+1
E(P ) ∈ [E(P L ), E(P U ))] = [ , ] (5)
n+1 n+1
Let p = P{X = 0}. According to central limit theorem, as
the sample number n → ∞,
k → np
where np denotes the integer part of np such that
np ≤ np ≤ np + 1. Then as n → ∞,
P L ∼ Beta(np, n + 1 − np)
P U ∼ Beta(np + 1, n − np)
np np + 1
E(P L ) = E(P U ) =
n+1 n+1
The epistemic uncertainty of P associated with size-
limited observations O is quantified by |E(P U )−E(P L )| =
1
n+1 which converges to 0 as the number of available
observations n converges to infinity.
3.2 Confidence intervals
Using Eq. 2, 3 and 4, the confidence interval at level 1 − α
for [P L , P U ] is given by
−1 −1
[t̂L , t̂U ] = [Iα/2 (k, n + 1 − k), I1−α/2 (k + 1, n − k)] (6)
where Ix (a, b) is the regularized incomplete beta function.
The confidence interval describes the most probably field
for P on taking account of both aleatory and epistemic
uncertainties, so that the difference between t̂U and t̂L
becomes smaller but does not converge to 0 as n converges
to infinity (the aleatory uncertainty is not reducible).
4. ESTIMATION OF SYSTEM AVAILABILITY
In this section, we will explain how to obtain system un-
availability estimates from component observations data
by constructing pseudo system observations and using the
parameter estimation method presented in the previous
section. The following key assumptions are taken into
account:
• System and components are allowed to take only two
possible states: either working or failed.
SAFEPROCESS 2015
1318
September 2-4, 2015. Paris, France Y. Hou et al. / IFAC-PapersOnLine 48-21 (2015) 1315–1320

• Component failures are s-independent. Failure of one Replacing E(P(Xi = xi |Oi )) by its estimator p̂xi cal-
component does not impact the failures of other culated from Oi , we have the estimators of ks and
components. [E(P L ), E(P U )]
• The structure function is coherent. That is, improve-  d

ment of component states cannot damage the system. k̂s = ns p̂xi (9)
• The components are not repairable. ϕ(x1 ,...,xd )=0 i=1
∀(x1 ,...,xd )∈{0,1}d
4.1 Preliminaries
k̂s k̂s + 1
Let us consider a binary random variable Y which rep- [P̂ L , P̂ U ] = [
, ] (10)
ns + 1 ns + 1
resents the system state and binary random variables Xi Using Eq. 2, the confidence interval at level 1 − α for US
(1 ≤ i ≤ d) representing respectively the states of d inde- is given by
pendent system components C1 , ..., Cd . The system state −1 −1
is computed by a structure function ϕ : {0, 1}d → {0, 1}, [t̂L , t̂U ] = [Iα/2 (k̂s , ns +1−ks ), I1−α/2 (k̂s +1, ns −ks )] (11)
i.e.
Y = ϕ(X1 , X2 , ...., Xd ) 4.4 Numerical example
The system unavailability US can be given by
US = P(Y = 0) = P(ϕ(X1 , X2 , ...., Xd ) = 0) Let us consider the system S1 depicted in Fig. 1 and
the observation results presented in Table 1. We aim to
4.2 Pseudo observation construction compute the unavailability US1 of the system S1 whose
structure function is given by
Let Oi = {X1,i , ..., Xni ,i } be an observation pool which ϕ(x1 , x2 , x3 ) = x1 (x2 + x3 )
contains ni independent and identically distributed obser- where + is the logic operator OR giving 1 if at least one
vations of component Xi . of x2 and x3 has value 1; otherwise, giving 0.
Instead of propagating failure probabilities estimated from
each component’s observation pool to the system level to
compute the system unavailability, our proposed idea is
to build directly pseudo-observation pool ÕS containing
ns independent and identically distributed observations of
Y . To obtain each system pseudo-observation of system
state Yj , firstly one observation Xi,j of each component
Xi is randomly picked with replacement from its obser-
vation pool Oi ; then Yj is obtained through the structure Fig. 1. Reliability block diagram of S1
function, i.e.
Yj = ϕ(X1,j , ..., Xd,j ) Table 1. Component observations of S1
As mentioned in the previous section, the number of ki
Oi ki ni p̂i =
pseudo observations ns represents the quantity of knowl- ni
1 0 20 0
edge available given O1 , ..., Od in system level so that
2 2 30 0.0667
it is reasonable to fix ns between min(n1 , ..., nd ) and 3 1 35 0.0286
max(n1 , ..., nd ).

4.3 System unavailability estimation According to Eq. 9 and the structure function, we obtain
k̂s1 = ns (p̂1 p̂2 p̂3 + p̂1 p̂2 (1 − p̂3 ) + p̂1 (1 − p̂2 )p̂3
Let ks be the number of Yj = 0 (system failure) in ÕS .
+ p̂1 (1 − p̂2 )(1 − p̂3 ) + (1 − p̂1 )p̂2 p̂3 )
Treating the system as a single component, the system
unavailability US can be written as Then, using Eq. 10 and 11, we compute the expected
US = P(Y = 0|O1 , ..., Od ) = P(Y = 0|ÕS ) value and the confidence interval at level 0.95 of US1
and we compare them with results obtained by maximum
Then the expected value of random interval [P L , P U ] ki
describing US such that likelihood estimator (MLE) using the estimator p̂i =
ni
P{P L ≤ US ≤ P U } = 1 for each failure probability of components. The results are
is given by presented in Table 2. As we can see, the point estimate
ks ks + 1 of US1 obtained by MLE belongs to all the three intervals
[E(P L ), E(P U )] = [ , ] (7) obtained using our proposed method.
ns + 1 ns + 1
Notice that ks is also a random variable as the construction 5. CASE STUDY: FIRE-DETECTOR SYSTEM
procedure of ÕS is a random procedure. The expected
value of ks is can be written as In this section, we consider a case study of a fire-detector
 d system in a production room defined in Rausand and
E(ks ) = ns E(P(Xi = xi |Oi )) (8) Hø yland (2004) in order to illustrate the efficiency of our
ϕ(x1 ,...,xd )=0 i=1 method and to compare it with an imprecise probabilistic
∀(x1 ,...,xd )∈{0,1}d approach based on Monte-Carlo simulation.

1318
 SAFEPROCESS 2015
September 2-4, 2015. Paris, France Y. Hou et al. / IFAC-PapersOnLine 48-21 (2015) 1315–1320 1319

Table 2. Summary results of system S1 Table 4. Unavailability estimation of the fire-

detector system
ns [P̂ L , P̂ U ] [t̂L , t̂U ] P̂ U − P̂ L t̂U − t̂L
20 [0.0018,0.0494] [2.4958e-44,0.1719] 0.0476 0.1719 Estimation method ns [P̂ L , P̂ U ]
30 [0.0018,0.0341] [1.7751e-30,0.1193] 0.0323 0.1193 Our proposed 10 [0.2545,0.3455]
35 [0.0019,0.0296] [1.5547e-26,0.1037] 0.0277 0.1037 method 15 [0.2625,0.3250]
MLE 0.0019 - 0 - 20 [0.2667,0.3143]
MLE 0.2800
Table 3. Component observations
Ci Abbreviation Description ki ni
1 DC Current source 2 10
2 SR Start relay 1 10
3 PS Power switch 0 15
4 OP Operator 1 15
5 MS Manual switch 2 15
6 VU Voting 0 10
7-10 FP1-4 Melt plugs 2 20
11-13 SD1-3 Smoke detectors 1 20

Fig. 3. Test 1: Quantiles results with ns = 10 and ns = 15

Table 5. Test 2: Component parameters
Ci Abbreviation Description pi ni
1 DC Current source 0.1025 10
2 SR Start relay 0.1080 10
3 PS Power switch 0.1052 15
4 OP Operator 0.1052 15
5 MS Manual switch 0.0999 15
Fig. 2. Reliability block diagram of the fire-detector system 6 VU Voting 0.0999 10
7-10 FP1-4 Melt plugs 0.0800 20
11-13 SD1-3 Smoke detectors 0.0888 20
5.1 System description
5.3 Test 1: Propagation method evaluation
The fire-detector system of a production room is composed
of two parts: the heat detection part with four parallel In this section, we compared the cumulative distribution
identical fuse plugs (FP1-4), which force the air out of function (CDF) of US obtained using Monte-Carlo sim-
the circuit if the temperature is higher than 72◦ C, and ulation method with the CDF of P L and P U obtained
a pressure switch (PS) which transmits signal to a start using our method. We used the same data presented in
relay (SR) for sending alarms as soon as one of the fuse Table 3. In Monte-Carlo simulation method, we have to
plugs starts working; the smoke detection part with three choose a probability distribution over each failure prob-
smoke detectors (SD1-3) and a voting unit (VU) sending ability pi of the components in order to perform the
alarms if at least two of the three detectors are activated. simulation. According to Eq. 5, each component fail-
Besides, the DC source must work and an operator (OP) ure probability is bounded by [ nik+1 i
, nkii+1
+1 ]. Thus, each
can also trigger the alarm (SR) and relieve the pressure in value of pi = P(Xi = 0) is assumed to follow a uni-
the circuit (using PS) by switching on the manual-switch form distribution U ( nik+1 , nkii+1
+1 ) or a normal distribution
i

(MS). In Table 3, we give component failure data (ki ki +0.5 1

N ( ni +1 , 6(n +1)2 ). Then, n = 104 expected values of
number of failures in ni observations) and abbreviations i

of the components of the fire-detector system.
5.2 Availability assessment
The reliability block diagram of the system is shown in
Fig. 2. Using the system structure function computed from
minimal cut sets and Eq. 9, 10 and 11, we computed the
unavailability estimation of the fire-detector system with
number of observations ns = 10, 15, 20. As we can see in
Table 4, the point estimate system unavailability obtained
by MLE belongs to all the three intervals obtained using
our proposed method.
US are calculated based on n samples of pi simulated
according to uniform and normal distributions.
Fig. 3 shows empirical quantiles with different unavailabili-
ties obtained by simulation and theoretical values given by
inverse CDF of P L and P U for system failure probability
based on given dataset. Our method provides wider confi-
dence interval while the results given by the simulation do
not include small values close to 0.
5.4 Test 2: Confidence interval evaluation
This test aims to verify the performance of our proposed
confidence interval by calculating its average coverage

1319
SAFEPROCESS 2015
1320
September 2-4, 2015. Paris, France Y. Hou et al. / IFAC-PapersOnLine 48-21 (2015) 1315–1320
Table 6. Average coverage probability (ACP)
for the obtained confidence intervals at 1 −
α = 0.95 and the expected values
ns ACP for
US ∈ [t̂L , t̂U ]
10 0.9990
15 0.8944
20 0.8808
probability (ACP) based on simulated datasets. ACP
denotes the empirical probability that the actual value of
system unavailability falls in the confidence interval, which
corresponds exactly to the definition of confidence level.
We assume that the actual value of pi = P(Xi = 0)
is known, n = 104 samples of (k1 , ..., kd ) are generated
according to pi and ni presented in Table 5. Then n
expected values and confidence intervals at level 0.95 of
US are calculated using the generated samples.
The point estimate value of system unavailability, US =
P(Y = 0) = ϕ(p1 , ..., pd ), is equal to 0.3247. Table 6 shows
reasonable results. We noticed that both ACP decreases as
ns increases from 10 to 20. Based on the simulation results,
with ns = 10 the actual confidence level is 0.9990 which
is much higher than 0.95, the uncertainty is overestimated
as we picked the smallest ni as ns and undervalued the
information for observation pools; and with ns = 15 and
20 the confidence intervals are closer to actual CI at level
0.90 which is smaller than the supposed confidence level
probably because on constructing the pseudo observations
repeated component observations are certainly used and
the randomness presented by components level observa-
tions are narrowed down. The optimistic value of ns is
between 10 and 15.
6. CONCLUSION
The random set theory is a mathematical theory which can
handle in a unique framework both aleatory and epistemic
uncertainties. When the components are highly reliable,
the random set theory and the construction of pseudo-
system observations can be used to estimate upper and
lower bounds of system availability. In our opinion, the
obtained results justify the use of such approach for these
kinds of systems. Future works will focus on extending our
proposed approach to dependability assessment of large
systems by elaborating some asymptotic results for system
availability under the framework of random set theory.
REFERENCES
Aguirre, F., Sallak, M., and Schon, W. (2013). Construc-
tion of Belief Functions From Statistical Data About
Reliability Under Epistemic Uncertainty. IEEE Trans-
actions on Reliability, 62(3), 555–568.
Apostolakis, G.E. (1990). The concept of probability in
safety assessments of technological systems. Science,
250, 1359–1364.
Aumann, R. (1965). Intervals of set-valued functions.
Math. Analysis and Appl., 12, 1–12.
Aven, T. (2011). Interpretations of alternative uncertainty
representations in a reliability and risk analysis context.
Reliability Engineering & System Safety, 96, 353–360.
1320
Barlow, R.E. and Proschan, F. (1975). Statistical theory
of reliability and life testing: probability models. Holt,
Rinehart and Winston.
Cai, K.Y. (1996). Introduction to Fuzzy Reliability. The
Springer International Series in Engineering and Com-
puter Science.
Coolen, F.P.A. (2004). On the use of imprecise probabil-
ities in reliability. Quality and Reliability Engineering
International, 20, 193–202.
David, H.A. and Nagaraja, H.N. (2003). Order Statistics.
J. Wiley and Sons, Eds.
De Rocquigny, E. (2008). Uncertainty in Industrial Prac-
tice: A Guide to Quantitative Uncertainty Management.
Wiley-Blackwell.
Dempster, A. (1967). Upper and lower probabilities in-
duced by a multivalued mapping. Annals of Mathemat-
ical Statistics, 38, 325–339.
Dubois, D. and Prade, H. (1988). Possibility Theory: An
Approach to Computerized Processing of Uncertainty.
Plenum Press, New York.
Gil, M.A. (1992). A note on the connection between fuzzy
numbers and random intervals. Statistics & Probability
Letters, 13(4), 311–319.
Helton, J.C. and Burmaster, D.E. (1996). Guest editorial:
treatment of aleatory and epistemic uncertainty in per-
formance assessments for complex systems. Reliability
Engineering and System Safety, 54, 91–94.
Horowitz, J.L., Manski, C.F., Ponomareva, M., and Stoye,
J. (2003). Computation of Bounds on Population Pa-
rameters When the Data Are Incomplete. Reliable Com-
puting, 9(6), 419–440.
Manski, C.F. (1995). Identification Problems in the Social
Sciences. Harvard University Press, Cambridge, MA.
Matheron, G. (1975). Random Sets and Integral Geometry.
J.Wiley, New York.
Molchanov, I. and Molinari, F. (2014). Applications of
Random Set Theory in Econometrics. Annual Review
of Economics, 6(1), 229–251.
Nguyen, H. (2006). An Introduction to Random Sets.
Chapman and Hall/CRC Press, Boca Raton, Florida.
Rausand, M. and Hø yland, A. (2004). System reliability
theory: models, statistical methods, and applications,
volume 396. John Wiley & Sons.
Shafer, G. (1976). A mathematical Theory of Evidence.
Princeton University Press, New Jersey.
Tamer, E. (2003). Incomplete Simultaneous Discrete
Response Model with Multiple Equilibria. Review of
Economic Studies, 70(1), 147–165. doi:10.1111/1467-
937X.00240.
Walley, P. (1991). Statistical reasoning with imprecise
Probabilities. Chapman and Hall, New York.
Winkler, R.L. (1996). Uncertainty in probabilistic risk
assessment. Reliability Engineering & System Safety,
54(2-3), 127–132. doi:10.1016/S0951-8320(96)00070-1.