Reliability Engineering and System Safety 173 (2018) 64–77

Contents lists available at ScienceDirect

Reliability Engineering and System Safety

journal homepage: www.elsevier.com/locate/ress

Risk assessment methodologies in maintenance decision making: A review

of dependability modelling approaches
Peter Chemweno a,∗, Liliane Pintelon a, Peter Nganga Muchiri b, Adriaan Van Horenbeek a
a
Center for Industrial Management, KU Leuven, Celestijnenlaan 300A, BE-3001 Heverlee, Belgium
b
School of Engineering, Dedan Kimathi University of Technology, P.O. Box 657-10100, Nyeri, Kenya

a r t i c l e i n f o a b s t r a c t

Keywords: The risk assessment process performs an important role in maintenance decision making, through structuring
Asset failure the process of identifying, prioritizing, and thereafter formulating effective maintenance strategies. However,
Risk assessment the effectiveness of the implemented strategies is influenced by the extent to which asset failure dependencies
Dependability modelling
are taken into account during the risk assessment process. In the literature, several risk assessment methods are
Uncertainty
discussed that vary widely depending on factors such as modelling of failure dependencies in dynamic assets,
Maintenance decision making
and treating uncertainties associated with sparse reliability data. These factors invariably influence the extent to
which different risk assessment methods are applicable for maintenance decision making. This article reviews the
state-of-the-art knowledge on risk assessment in the context of maintenance decision making, with a particular
focus on dependability modelling methods. The review structures knowledge on dependability modelling ap-
proaches, treatment of uncertainty, and highlights important challenges researchers and practitioners are likely
to experience when performing risk assessment in the context of maintenance decision making. The challenges
highlighted include the resolution complexity of methods such as Bayesian networks, especially while assessing
risks of assets with complex failure dependencies.
© 2018 Elsevier Ltd. All rights reserved.

1. Introduction
In recent years, a wide range of methods have been developed and
applied for assessing risks and safety hazards in diverse sectors such as
process industries, or power plant facilities [1]. In the maintenance deci-
sion making domain, risk assessment is performed with a view of assist-
ing practitioners systematically identify, analyse, evaluate, and mitigate
failure risks in assets [2,3]. Among the most commonly applied methods
in this context include the Failure Mode and Effect Analysis (FMEA),
Fault Tree Analysis (FTA) and Bayesian network (BN). Of these, the
FMEA is widely used for prioritizing equipment failures and selecting ap-
propriate maintenance strategies [4]. However, the FMEA is associated
with important deficiencies, and in particular, the conventional form
of the risk priority number (RPN), an important metric for quantifying
asset failure risk [5,6]. In addition, the FMEA ignores failure dependen-
cies in assets, which in turn, negatively influences the risk assessment
process [5].
In the literature, several state-of-the-art reviews of risk assessment
methods are presented. Examples includes Li [7] where methods such
as Markov models and Monte Carlo simulation are discussed in the con-
text of assessing risks of failure of power utility systems. The reviewed
methods, however, insufficiently addressed dependability modelling as-
pects. In the context of maintenance decision making, Fraser et al.
[8] reviewed methods for assessing equipment failure risks and useful
for deriving maintenance decisions. Notably the methods are evaluated
considering two maintenance concepts; Risk based Maintenance (RBM)
and the Reliability Centered Maintenance (RCM). The RCM embeds the
FMEA which as mentioned, ignores failure dependency modelling as-
pects. On the other hand, the RBM approach embeds fault trees, which
although models asset failure dependencies, ignores temporal aspects
that are crucial for effective risk assessment, and optimal maintenance
planning. More recently, Aven [9] reviews trends and advances of risk
assessment methods where he evaluates foundational challenges asso-
ciated with applicability of different methods for decision making. This
includes aspects such as treatment of uncertainty, however, failure de-
pendability modelling aspects are not explicitly addressed in the review.
Smith [10] also reviews methods applicable for quantifying risks of op-
erable assets characterized with sub-optimal reliability and availability.
Examples of methods reviewed includes Hazard and Operability Anal-
ysis (HAZOP), and the Fault Tree Analysis (FTA). However, suitability

∗
Corresponding author.
E-mail addresses: peterkipruto.chemweno@kuleuven.be (P. Chemweno), liliane.pintelon@kuleuven.be (L. Pintelon), peter.muchiri@dkut.ac.ke (P.N. Muchiri),
adriaan.van.horenbeek@sas.com (A. Van Horenbeek).

https://doi.org/10.1016/j.ress.2018.01.011
Received 30 June 2016; Received in revised form 6 January 2018; Accepted 20 January 2018
Available online 6 February 2018
0951-8320/© 2018 Elsevier Ltd. All rights reserved.
P. Chemweno et al. Reliability Engineering and System Safety 173 (2018) 64–77

in maintenance decision making, is associated with availability and

Abbreviations sufficiency of maintenance data. Fig. 1 illustrates the organization of
this review. Section 2 reviews dependability modelling concepts where
AHP Analytic Hierarchy Process methods such as Fault trees, Bayesian networks, and Stochastic Petri-
ANP Analytic Network Process nets are evaluated. Section 3 reviews concepts for treating aleatory and
AND AND gate for the static fault tree epistemic uncertainty while Section 4 reviews different Bayesian infer-
BE Basic Event encing methods associated with Bayesian networks. Examples here in-
BN Bayesian Networks clude methods such as analytic approximation, data augmentation, and
BUGS Bayesian Inference Using Gibbs Sampling Markov chain Monte Carlo simulation. Section 5 reviews methods for
CBM Condition Based Maintenance quantifying epistemic uncertainties in the context of dependability mod-
CMMS Computerized Maintenance Management System elling where methods such as Fuzzy theory, Interval analysis, and the
DAG Directed Acyclic Graph Dempster-Shafer Theory of Belief (DSTE) are discussed. Section 6 dis-
Dynamic BN Dynamic Bayesian Network cusses the implications of the review for theory and practice, and further
DIC Deviance Information Criterion points out directions for future research. Section 7 draws important con-
DSTE Dempster-Shafer Theory of Evidence clusions.
E-M Expectation-Maximization Algorithm
FMEA Failure Mode and Effect Analysis 2. Dependability modelling in risk assessment
FTA Fault Tree Analysis
HAZOP Hazard and Operability Analysis Technical assets are usually characterized by complex dependen-
IVP Interval-Valued Probability cies between system components, which in turn, influences the extent
McMC Markov Chain Monte Carlo to which asset failure risks are assessed, and maintenance decisions
MCDM Multi-Criteria Decision Making reached [14]. In absence of system dependencies, the risk assessment
M-H Metropolis-Hastings Algorithm problem reduces a single component analysis where failure events are
OR OR gate for the static fault tree assumed as independent. For complex systems dependencies, Weber
PAND Priority AND Gate et al. [15] suggest that dependability modelling should consider the fol-
RBD Reliability Block Diagrams lowing aspects:
RBIM Risk-Based Inspection and Maintenance
RCA Root Cause Analysis • Complexity and system size,
RCM Reliability Centered Maintenance • Inclusion of temporal aspects and failure propagation in specific time
RPN Risk Priority Number instances,
SPARE SPARE gate for the dynamic fault tree • Inclusion of empirical and/or qualitative knowledge on failure
SPN Stochastic Petri-net events at different abstraction levels.
TE Top Event • Inclusion of failure dependencies and treating uncertainties related
VOTING VOTING gate for the dynamic fault tree to data availability, and estimation of model parameters.

Weber et al. [15] further describe several examples of dependability-

of these methods for failure dependability modelling, and maintenance modelling methods which includes among others:
decision support is not sufficiently addressed. Modarres, Zhou et al. • Fault trees, further classified into Static and Dynamic fault trees;
[11] evaluates advances in probabilistic risk assessment of safety-critical • Bayesian networks, classified into Static and Dynamic Bayesian net-
installations, where the importance of methods such as fault trees and
works;
Bayesian belief networks are highlighted for modelling failure depen- • Combined Fault trees and Bayesian network models, and
dencies. Similarly, suitability of the reviewed approaches for mainte- • Stochastic Petri-nets
nance decision making is not clearly addressed. A review of fault tree
analysis and its application for modelling failure dependencies in com- The following sections reviews the suitability of the above mentioned
plex assets is presented in Kabir [12], likewise, applicability for main- methods for assessing asset failure risks in the context of dependability
tenance decision making is not clearly discussed. modelling and maintenance decision support.
Evaluating the above reviews highlights several limitations or gaps
which motivates this review article. Firstly, the reviews tend to focus 2.1. Fault trees
on specific application contexts such as safety or risk assessment in pro-
cess industries. However, since risks are domain specific, application of Primarily, the fault tree models failure dependencies in a hierarchical
specific risk assessment methods varies depending on the application form, with a top failure event (TE) at the system level, intermediate
context [13]. For instance, risks in civil engineering structures such as failure events (IE) at the sub-system levels, and basic failure events (BE)
bridge collapse are rare and periodic, unlike technical failures of me- at the component level. The dependencies are modelled through logical
chanical systems, which occurs more frequently over the operational AND OR gates. Assuming failure events as statistically independent, the
lifetime of the equipment, e.g. bearing wear. Secondly, the reviews in- probability of occurrence of the TE modelled through the AND gate is
sufficiently evaluates the suitability of the reviewed risk assessment expressed as follows:
methods for failure dependability modelling, especially in the context
𝑛
∏
of maintenance decision making. The decision making aspects may in-
𝑃 (𝑇 𝐸 ) = 𝑃𝑖 (1)
clude aiding root cause analysis, or selecting appropriate maintenance 𝑖=1
strategies.
The OR gate, on the other hand, presumes occurrence of two or more
Hence, this article attempts to bridge the aforementioned gaps by
failure events prior to observing the TE. The probability of occurrence
reviewing risk assessment methods discussed in the literature, while fo-
of the TE is hence expressed as the sum of input probabilities of inde-
cusing on their applicability for maintenance decision support in view of
pendent BE denoted as:
modelling failure dependencies in assets. The review also evaluates how
𝑛
∑
the methods address aspects such as treatment of uncertainty, which
𝑃 (𝑇 𝐸 ) = 𝑃𝑖 (2)
𝑖=1

65
P. Chemweno et al.
Static fault trees
Fault trees
Dynamic fault trees
Hybrid fault tree and
Dependability approaches
Bayesian network
Static Bayesian network
Bayesian networks
Dynamic Bayesian network
Stochastic Petri-nets
Fig. 1. Framework for the review.
Depending on the inclusion of temporal aspects, the gates may be
static or dynamic. In maintenance decision making, the static fault tree
is embedded in the risk based maintenance concept where several exam-
ples are discussed in the literature, for instance, see [16–18]. Authors,
for instance, Wu [19] propose a formalism which integrates well-known
methods such as the FMEA for modelling failure events. Such integrated
formalism are rather intuitive to users since resolving equipment failure
probabilities is computationally feasible as compared to dependability
modelling methods discussed in latter sections of this review. Bhangu
et al. [20] propose a static fault tree formalism for assessing the relia-
bility and failure risks of a thermal power plant installation where their
approach relies on fault data and associated outage hours. Their study
suggests alternative maintenance policies for optimizing power plant
availability. Choi and Chang [21] also apply the fault tree formalism for
assessing the reliability of seabed storage tanks where their approach re-
lies on reliability data for modelling basic fault events. They also suggest
alternative repair strategies for optimizing system availability. Taheriy-
oun and Moradinejad [22] integrate a Monte Carlo simulation approach
to a fault tree formalism and apply the approach for modelling failure
dependencies of water treatment equipment. Their approach considers
human factor aspects as contributors to top event failures. McNelles
et al. [23] compare static fault tree formalisms with the dynamic flow
graph formalism, the latter, for modelling temporal dependencies. They
highlight the challenge of resolving cut-sets for static fault trees, espe-
cially for systems characterized with dynamic time steps.
Furthermore, to cope with sparse reliability data, which is often an
important pre-requisite for modelling static dependencies in technical
assets, static fuzzy fault trees are suggested, and described in several
application cases, and discussed in more detail in Section 5.
Nonetheless, although considered intuitive for modelling failure de-
pendencies in technical assets, in the static form, the fault trees are asso-
ciated with important deficiencies that are primarily linked to inclusion
of temporal aspects inherent in dynamic systems. For this reason, dy-
namic fault trees are proposed where dynamic gates are incorporated.
In the literature, different dynamic logical gates are proposed [24]:
• Priority AND (PAND) gate which models the sequence in which de-
pendent failures occur once a failure event is initiated,
66
Reliability Engineering and System Safety 173 (2018) 64–77
Probability theory
Fuzzy theory
Interval analysis
Dempster Shafer theory of
Treatment of uncertainty
belief
Probability theory
Analytic approximation
approach
Data augmentation approach
Markov chain Monte Carlo
simulation approach
Simulation approach
• Functional dependency (FD) gate which models instances where the
trigger failure event simultaneously leads to failure of dependent
systems;
• SPARE gate which models the failure events of redundant compo-
nents;
• VOTING gate, which models a failure instance where at least k out
on n dependent components/events occur.
The use of dynamic fault trees for maintenance decision support
is discussed in the literature. Notably, Ge and Yang [25] propose a
modelling formalism based on dynamic binary decision trees where
their methodology adapts the Shannon’s decomposition theorem, which
scales down the number of disjoint calculable cut sets, efficiently re-
solving dynamic gates. Wang et al. [26] propose a dynamic fault tree
formalism for assessing the reliability of non-repairable systems. Their
formalism considers the impact of probabilistic failure dependencies on
critical system components. Manno et al. [27] introduce a novel for-
malism, which they define as the Adaptive Transitions Systems. Their
proposed formalism embeds efficient semantics for modelling failure de-
pendencies of repairable systems.
More recently, Chiacchio et al. [28] propose a dynamic fault tree
formalism which incorporates deterministic and stochastic dependen-
cies influencing complex non-repairable systems. Their formalism in-
corporates hybrid basic failure events, of which their failure distribu-
tion evolves with time. Salehpour–Oskouei and Pourgol–Mohammad
[29] propose a formalism exploiting the Priority AND gate for assess-
ing the reliability of sensor components attached to equipment for col-
lecting health data. Their formalism exploits a Monte Carlo simulation
approach for quantifying the probability of the top event failure of a
steam turbine system.
For sparse reliability data, Tu et al. [30] propose a novel fuzzy
dynamic tree formalism for modelling the reliability of safety-critical
avionic components. Their formalism models uncertainties associated
with sparse failure events, which are assigned fuzzy valued estimates.
Volk et al. [31] propose a novel formalism which exploits integrated
state-space reduction methods for efficiently resolving dynamic gates.
Among the methods integrated in their formalism include Markov
chains, which are applied for resolving the mean time to failures of com-
P. Chemweno et al. Reliability Engineering and System Safety 173 (2018) 64–77

plex dynamic systems. Additional formalisms apply sequential binary

decision diagrams, and timed dynamic fault tree analysis, the latter, a y1 y2
variation of the conventional dynamic fault tree analysis are discussed
in the literature, for instance, see Peng et al. [32], Ge et al. [33] and Ge
et al. [34].
However, it is important to note that in the aforementioned studies, y3
dynamic gates are resolved largely analytically, i.e. through sequence
algebra or Markov models. Often, these resolution approaches are com-
Fig. 2. Simplified DAG with two parent nodes (y1 and y2 ) and dependent node y3 .
putationally intensive, especially for systems with complex dynamic de-
pendencies. Moreover, Markov models are further associated with de-
ficiencies such as; (i) the state space explosion problem, (ii) limited to assessing maintenance-related risks of water supply systems. More re-
modelling dynamic dependencies defined through exponential distribu- cently, Nguyen et al. [47] apply a combined approach which embeds
tion functions. a stochastic Petri-net approximate resolution method. They apply their
Hence, to overcome challenges such as the state explosion problem, formalism for modelling repairable systems characterized with multi-
approximate or simulation resolution approaches are proposed, for in- state failure mechanisms.
stance, Monte Carlo simulation and Stochastic Petri-nets. Simeu-Abazi From the above, approximate (simulation) resolution approaches
et al. [35] propose an approach where a modularized fault tree scheme seemingly improve the computational effort necessary for resolving dy-
is translated into equivalent Petri-nets, hence enhancing the modelling namic gates for systems with complex failure dependencies. However,
flexibility of systems with complex dependencies, of which dynamic the reliance on empirical data for fault tree dependability modelling
gates are resolved via Markov models. Codetta Raiteri [36] further ex- formalisms, is seemingly a challenge, especially where such data is un-
tend the versatility of complex systems, where they propose a framework available. In addition, fault tree formalisms are limited to systems with
integrating three formalisms; parametric fault tree, dynamic fault tree, fairly simple and straightforward dependencies. This is because of the
and repairable fault tree. The parametric fault tree here models depen- combinatorial explosion problem for systems with more complex de-
dencies of repairable systems. Flammini et al. [37] also propose a multi- pendencies. Lastly, risk metrics remain static despite emergence of new
formalism modular approach, which incorporates generalized Stochas- evidences, hence, more versatile modelling formalisms incorporating
tic Petri-nets, fault trees, and repairable fault trees. Their formalism is Bayesian updating are suggested.
applied for assessing the reliability of railway signalling systems. Tu-
2.2. Bayesian networks
ran et al. [38], propose a dynamic fault tree formalism for assessing the
reliability of maritime diving support vessel. Their formalism incorpo-
The Bayesian networks models system failure dependencies by incor-
rates time-dependent dynamic gates for modelling failure dependencies
porating an efficient probabilistic inferencing framework which allows
through which, appropriate maintenance and/or repair sequences are
inclusion of uncertainty associated with sparse reliability information
proposed.
[48]. Typically, the networks consists of a directed acyclic graph (DAG)
More recently, Rauzy and Blériot-Fabre [39] propose a formal-
which contains a set of nodes and directed arcs as depicted in Fig. 2.
ism through which dynamic fault trees are translated into equivalent
Each node in the graph represents random (and independent) failure
guarded transition systems, the latter, a form of generalized stochastic
events 𝑌 = (𝑦1 , 𝑦2, 𝑦3 , .. 𝑦𝑛 ), while the directed arcs represent probabilistic
Petri-nets. Their formalism models dependencies of repairable systems,
dependencies, e.g. between random failure events [49]. In the Bayesian
a challenge noted for systems modelled through dynamic fault trees.
network, the conditional probabilities between random failure events
Several studies also propose efficient approaches for resolving dy-
are represented through a joint probability distribution parameterized
namic gates modelled through Markov models. Notably, Chiacchio et al.
as follows:
[40] propose a Markov-based stochastic approach which is applied for
( ) ∏ 𝑛 ( ( ))
assessing the reliability of complex multi-state dynamic systems. Their |
𝑝 𝑦1 , 𝑦2 , 𝑦3 , ... 𝑦𝑛 = 𝑝 𝑦𝑖 |𝑝𝑎𝑟𝑒𝑛𝑡 𝑦𝑖 (3)
formalism considers the influence of operation and environmental con- |
𝑖=1
ditions on system failure. Yevkin [41] propose an efficient Markov mod-
where p(yi |parent (yi )) represents the conditional relationship between
elling approach which is applied for resolving dynamic dependencies of
nodes and their parents (e.g. nodes y1 and y2 have a parent relationship
repairable and non-repairable systems. Their approach translates dy-
to node y3 ). Applying Eq. (3) to the DAG in Fig. 2, the joint probability
namic gates into equivalent Markov models such that the number of
distribution is expressed as follows:
transition states is minimized. Merle et al. [42] propose a Monte Carlo ( ) ( ) ( ) ( )
simulation approach, which enhances the resolution efficiency of com- 𝑝 𝑦1 , 𝑦2 , 𝑦3 = 𝑝 𝑦1 𝑝 𝑦2 𝑝 𝑦3 ||𝑦1 , 𝑦2 (4)
plex dynamic fault trees otherwise modelled through Markov models. The dynamic Bayesian network (DBN) extends the functionality of
Chiacchio et al. [43] proposed a novel Monte Carlo simulation-based the static Bayesian network through the inclusion of temporal depen-
tool, the MatCarloRe, for resolving the reliability of systems modelling dencies using sequences of time slices. The temporal transition from one
through hierarchical dynamic fault trees, and characterized with non- time phase to the next may be represented as follows [50]:
repairable basic failure events. More recently, Zhu et al. [44] propose (
( ) ∏𝑛
| ( ))
an alternative stochastic approach for modelling dependencies in dy- 𝑝 𝑦𝑡 ||𝑦𝑡−1 = 𝑝 𝑦𝑖𝑡 |𝑝𝑎𝑟𝑒𝑛𝑡 𝑦𝑖𝑡 (5)
|
namic fault trees while considering system redundancies and probabilis- 𝑖=1
tic common cause failures. Their approach applies a non-Bernoulli se- where 𝑦𝑖𝑡 expresses the ith node at the time instances, i = 1,2,…n, and
quencing approach for generating input values to the stochastic model. 𝑝𝑎𝑟𝑒𝑛𝑡 (𝑦𝑖𝑡 ) expresses the temporal dependencies of the parent nodes 𝑦𝑖𝑡
Apart from approximate resolution approaches, several studies incor- within the DBN. Extending the DBN to T time slices, the following joint
porate both exact and approximate (or simulation) approaches within probability distribution is derived [50]:
the same modelling formalism. Examples include Chiacchio et al. (
( ) ∏𝑇 ∏
𝑛
| ( ))
[45] who compares Markov models and Monte Carlo simulation ap- 𝑝 𝑦1→ 𝑇 = 𝑝 𝑦𝑖𝑡 |𝑝𝑎𝑟𝑒𝑛𝑡 𝑦𝑖𝑡 (6)
|
proaches for resolving dynamic gates. They conclude that the choice 𝑡=1 𝑖=1
between the two resolution approaches is a trade-off between system Through the joint probability distribution, the Bayesian network em-
complexity, and computational efficiency of the specific resolution ap- beds a flexible formalism which allows modelling of complex dependen-
proach. Lindhe et al. [46] also apply both exact and approximate res- cies and updating of risk metrics with emergence of new failure infor-
olution approaches within the same dynamic fault tree formalism, for mation.

67
P. Chemweno et al.
2.2.1. Static Bayesian networks
Several studies demonstrate the potential use of static Bayesian net-
works for modelling failure dependencies of technical systems. In the
context of dependability modelling and maintenance decision support,
Ferreiro et al. [51] propose a formalism where failure dependencies
of aircraft systems are modelled while incorporating prognostic in-
formation. They evaluate the risk reduction potential of two mainte-
nance strategies, i.e. preventive and corrective maintenance. Gran et al.
[52] incorporate organizational, human and technical risk factors into
their Bayesian modelling formalism and consequently evaluating appro-
priate maintenance interventions, which best mitigate oil leakages of
offshore facilities.
Tian et al. [53] also model the failure dependencies of a subma-
rine casing cutting tool using a static Bayesian network formalism, and
consequently, apply their formalism for diagnosing faults of the robot-
operated cutting tool. More recently, Liu et al. [54] propose an ap-
proach for translating the GO-FLOW methodology into an equivalent
static Bayesian network. The GO-FLOW methodology is commonly ap-
plied for modelling system reliability such as, in their study, a pressur-
ized water reactor.
Askarian et al. [55] also apply a static Bayesian network formalism
for diagnosing technical faults in a chemical plant. Abbassi et al. [56] in-
tegrate Bayesian networks into a quantitative risk assessment methodol-
ogy, where the methodology is applied for estimating the failure proba-
bilities of accident/failure scenarios, and associated consequences. How-
ever, their approach fails to consider dependencies between system fail-
ure events, and moreover, ignores temporal aspects, a limitation which
is addressed using dynamic Bayesian networks reviewed discussed next.
2.2.2. Dynamic Bayesian networks
The versatility of dynamic Bayesian networks is demonstrated in sev-
eral studies. For instance, Cai et al. [57] modelled the failure dependen-
cies of a sub-sea blowout preventer system, where they explore causal
relationships between imperfect repair processes, and common cause
system failures. Hu et al. [58] evaluate the influence of an opportunis-
tic predictive maintenance strategy on system failure using a modelling
formalism, which integrates dynamic Bayesian networks and the Haz-
ard and Operability Analysis (HAZOP). More recently, Cózar and Gámez
[59] demonstrate a modelling formalism which predicts anomalies of
complex dynamic systems, where the prediction forms the basis for trig-
gering predictive maintenance decisions. Zhu and Collette [60] propose
a Bayesian modelling formalism which they demonstrate for modelling
time-dependent failure mechanisms, such as fatigue crack growth. They
also consider maintenance actions, where they integrate a reliability in-
dex (𝛽) for triggering inspection and maintenance actions. Although ap-
plied for structural systems, the applicability of their approach for mod-
elling low probability (rare failure events) is also evident for mechanical
systems. A similar approach for assessing the reliability of deteriorating
structural systems via a dynamic Bayesian modelling formalism is dis-
cussed in Luque and Straub [61].
More recently, Li et al. [62] integrate a dynamic Bayesian formalism
into the GO flow methodology for modelling feedback signals flows. The
inclusion of the Bayesian network model enhances the reliability assess-
ment potential of the GO flow methodology, where traditionally, depen-
dencies between system components are one-directional. Ramírez and
Utne [63] also propose a formalism for assessing the reliability of ageing
systems while optimizing maintenance policies which include, correc-
tive, condition based maintenance, and time-based maintenance strate-
gies. Salazar et al. [64] also propose a modelling formalism which inte-
grates both reliability and system control performance aspects. In their
study, failure dependencies are modelled through a dynamic Bayesian
network model, which allows assessment of system reliability. They
suggest a strategy through which the control effort (for system perfor-
mance) is redistributed until maintenance is undertaken, hence improv-
ing system availability. Liang et al. [65] proposed a formalism for as-
sessing the reliability of warship systems where they consider varying
68
Reliability Engineering and System Safety 173 (2018) 64–77
failure and maintenance time distributions, which include, exponential,
normal and lognormal distributions. Nonetheless, despite the modelling
flexibility of dynamic Bayesian networks, often the formalism requires
high computational effort, especially for resolving the joint probabil-
ity of complex system failure dependencies. This resolution complexity
arises where, for instance, the marginal probabilities representing inde-
pendent failure events are modelled via probability distributions belong-
ing to distinct families, e.g. Weibull or Lognormal. This aspect remains a
challenge, where exponential failure transition rates are often assumed
for modelling dynamic failure transition, for instance as discussed in
Codetta-Raiteri and Portinale [66].
2.3. Combined fault trees and Bayesian network modelling approaches
Combined formalisms present a plausible framework for translat-
ing systems modelled via fault trees to equivalent Bayesian network
models. Khakzad et al. [67] propose such a formalism where systems
modelled via dynamic fault tree gates are translated into equivalent dy-
namic network nodes, while avoiding generation of multi-dimensional
conditional probability tables representing marginal probabilities of ba-
sic failure events. In Khakzad et al. [48], they extend their work and
propose a modular Object-Oriented Bayesian network (OOBN) formal-
ism for modelling complex failure dependencies represented using fault
trees. Their formalism decomposes complex dynamic Bayesian networks
into multiple modules, each of which is resolved independently. Kabir
et al. [68] propose a translation approach through which, stochastic fail-
ure dependencies of complex systems modelled via dynamic fault trees
are also translated to equivalent dynamic Bayesian networks, and their
reliability assessed.
More recently, Mi et al. [69] propose an approach which translates
complex dependencies of electromechanical systems modelled through
dynamic fault tree. Their approach considers epistemic uncertainty
which is expressed through bounded closed intervals, and which in-
corporates multiple sources of evidences, e.g. field failure data, test
and design data. A similar approach integrating multiple information
sources via a Bayesian inference framework is discussed in Wang et al.
[70]. However, their approach does not extend to applying a Bayesian
network formalism for modelling system failure dependencies. Barua
et al. [71] model the sequential dependencies between, on the one
hand, operation-related parameters of chemical processes, and on the
other hand, aging components vulnerable to failure. The sequential de-
pendencies are first modelled via dynamic fault tree and translated to
equivalent dynamic Bayesian network. Darwish et al. [72] incorporate
the Bayesian approach to fault trees, which allows experts assign impor-
tance ranking to basic failure events. Hence, by prioritizing basic events,
they consider a more optimal allocation of maintenance resources. Chen
et al. [73] propose a translation approach where reliability block dia-
grams commonly used for modelling and assessing system reliability of
complex dependable systems, are translated to Bayesian networks (BN).
In recent years, software applications supporting this translation are dis-
cussed in the literature, for instance, the Reliability Analysis with Dy-
namic Bayesian networks (RADYBAN) [74].
2.4. Stochastic Petri-nets
Stochastic Petri-net (SPN) also provides a formalism for modelling
system dependencies and embeds a Petri-net structure which graphically
depicts dependent systems through the tuple,𝑁 = (𝑃 , 𝑇 , 𝐼𝑡 , 𝑂𝑡 , 𝐻, 𝑔, 𝑀𝑜 ),
where [75]:
• P = a finite set of places containing some tokens with marked places,
• T = a finite set of transitions,
• It = A finite set of input places,
• Ot = A finite set of output places,
• H = A set of inhibitors,
• M0 = the initial system marking vector whose places contain a non-
negative number of tokens.
P. Chemweno et al.
Hybrid FTA-
BN;
14 (13%)
Stochasc
PN;
13 (12%)
Dynamic
BN;
23 (21%)
Fig. 3. Percentage distribution of articles per dependability modelling method.
The Petri-net simulates dynamic system behaviour by firing token
continuously from a set of input places (P1 ), through transitions (T)
to the output places (P), and the success of firing the tokens is based
on a set of enabling rules representing the modelled dependencies. For
maintenance decision making, Signoret et al. [76] propose a methodol-
ogy which modularizes large Petri-net structures through a formalism
which embeds Reliability Block Diagrams (RBD), a well-known reliabil-
ity assessment tool. Song et al. [77] propose a formalism which com-
bines stochastic fault trees and Petri-net models, and useful for diag-
nosing faults of pantograph systems. Flammini et al. [37] also propose
a combined formalism synthesizing generalized Stochastic Petri-nets,
fault trees, and repairable fault trees. Their formalism is also applied
for modelling failure dependencies of train control systems, and evalu-
ating alternative preventive maintenance policies which mitigate com-
ponent degradation. Additional studies discussing Stochastic Petri-net
formalisms may be found in articles, e.g. [47,78–82].
Stochastic Petri-net modelling formalisms, however, have one no-
table limitation – they rely on a simulation approach, which is com-
putationally intensive when modelling rare failure events [83]. In such
cases, the Petri-net models often underestimates occurrence probabili-
ties of modelled failure events, hence yielding sub-optimal maintenance
strategies. Fig. 3 presents an overview of the reviewed dependability
methods as per percentage distribution.
3. Quantifying uncertainty in the risk assessment methods
Depending on the approach for modelling failure dependencies, un-
certainties associated with the risk assessment process may be treated
as either, aleatory or epistemic [84]. The aleatory uncertainty results
from the inherent randomness of input model parameters derived from
reliability data, while on the other hand, epistemic uncertainty may re-
sult from insufficient reliability data. Quantifying epistemic uncertainty
relies on expert domain knowledge. For treating aleatory uncertainty,
statistical failure models are often used, while quantifying epistemic un-
certainty relies on models such as Interval Analysis, Fuzzy functions and
Belief functions are applied [84]. For Bayesian networks, uncertainty
associated with sparse reliability data is treated through a Bayesian in-
ferencing framework discussed next.
69
Reliability Engineering and System Safety 173 (2018) 64–77
Stac FTA;
17 (16%)
Dynamic
FTA;
25 (23%)
Stac BN;
15 (14%)
4. Bayesian inferencing approaches
The Bayesian inferencing framework models quantitative reliability
information via likelihood functions, while on the other, epistemic un-
certainty is inferred from prior distribution functions, the latter, elicited
from domain experts [85]. Both the likelihood and prior functions are
combined in the Bayesian inference framework, from which, the proba-
bility of asset failure is inferred from the posterior distribution. Hence,
the posterior distribution provides a means of updating risk metrics with
the availability of new evidences of failure events. The Bayes theorem
is illustrated as shown in Eq. (7):
𝑙(𝑥∕𝜇)𝜋(𝜇)
𝜋(𝜇∕𝑥) = ∞ (7)
∫𝜇=0 𝑙(𝑥∕𝜇)𝜋(𝜇)𝑑𝜇
Where 𝜋(𝜇) represents the prior distribution function; l(x/𝜇) the like-
lihood function, and 𝜋(𝜇/x) the posterior distribution function. How-
ever, the posterior distribution is often computationally intensive to re-
solve. Hence, several methods are proposed for resolving such posterior
distribution functions, and which are also embedded in Bayesian net-
work modelling formalisms [86]:
(i) Analytical approximation method which includes, the numerical
integration and Laplace approximation methods,
(ii) Data augmentation methods which includes the Expectation-
Maximization (E-M) algorithm,
(iii) Monte Carlo direct sampling,
(iv) Markov chain Monte Carlo including the Metropolis-Hastings al-
gorithm (M-H) and the Gibbs sampling approaches.
4.1. Analytical approximation approach
The analytical approximation approach resolves posterior distri-
bution functions via a data sampling approach based on a simula-
tion framework, e.g. Monte Carlo simulation. This sampling approach
draws samples from probability density functions of the modelled fail-
ure events. Thereafter, uncertainties associated with the sampled data
are propagated through an appropriate mathematical model, e.g. the
Bayes equation, from which the posterior distribution is resolved [87].
Within Bayesian network modelling formalism, the analytical approx-
imation approach is reported in studies, e.g. [88,89]. More recently,
P. Chemweno et al.
Wang et al. [90] applies a Monte Carlo simulation approach within
a Bayesian network modelling formalism for assessing the reliability
of railway turnout systems exposed to weather-related elements, from
which, optimal maintenance intervention strategies are formulated.
However, the simulation sampling approach has one important
drawback – assumes the existence of a closed-form posterior distribu-
tion from which samples are drawn. This is, however, not the case, es-
pecially where the prior and likelihood functions belong to different
families of distributions. This makes the posterior distribution function
computationally intensive to resolve [91]. Moreover, the analytic ap-
proximation approach often yields poor risk estimates, especially where
reliability data is sparse. Hence, alternative resolution approaches such
as data augmentation are suggested.
4.2. Data augmentation approach
The data augmentation approach works by augmenting observed
data with missing data which yields an augmented posterior density
function that is computationally tractable, and more efficiently resolved.
The Expectation-Maximization (E-M) algorithm is widely applied for
augmenting missing reliability data, and hence estimating the lifetime
distribution of repairable systems/assets. For Bayesian network for-
malisms, Mahmoud and Khalid [92] apply the approach for augmenting
censored fault data of electro-hydraulic rotational drive systems. Zhang
et al. [93] also apply the method within a dynamic Bayesian network
formalism for estimating the remaining useful life (RUL) of systems char-
acterized with complex failure dependencies, where the influence of a
condition-based maintenance strategy is considered for degrading com-
ponents. Zhang and Dong [94] also apply the approach within a dynamic
Bayesian network formalism where they incorporate a Gaussian model
for augmenting missing failure data.
More recently, Ratnapinda and Druzdzel [95] incorporate the E-M
augmentation approach within Bayesian networks, and consider an ap-
plication scenario where continuous data streams are used to augment
sparse reliability data. Other studies where the E-M method is embed-
ded in Bayesian network formalisms is discussed in studies, for instance,
see Bacha et al. [96]. Nonetheless, despite its usefulness for augmenting
sparse reliability data, the E-M is constrained for modelling dependen-
cies where the prior and likelihood functions belong to different families
of distributions [97]. Part of this constraint is addressed by the Markov
chain Monte Carlo method.
4.3. Markov chain Monte Carlo
The Markov chain Monte Carlo (McMC) approach works by simu-
lating Markov chains within a given parameter space where the chains
are constructed in such a way that the posterior distribution function
converges to an asymptotic distribution. From this convergence, poste-
rior statistical parameters (e.g. mean, standard deviation) are approx-
imated from ergodic averages of the Markov chains [98–100]. A pri-
mary advantage of the McMC compared to conventional Monte Carlo
sampling approach, is its ability to estimate posterior distribution pa-
rameters for complex mathematical models having a large number of
parametric values, and belonging to different distribution families [98].
This is in addition to enhancing the suitability of the method for dy-
namically updating risk metrics with emergence of new evidences of
failure events. Commonly applied McMC inferencing methods include
the Metropolis-Hastings (M-H) algorithm and Gibbs sampler [101]. The
latter is a rejection-sampling algorithm that generates a sequence of
samples from any complicated probability density function.
In the context of risk and reliability analysis, the Gibbs sampler
method is embedded in Bayesian network formalisms. For instance, Lin
et al. [102] proposes a Gibbs sampler-based approach for estimating the
service lifetime distributions of locomotive wheels. Their approach con-
siders factors such as wheel installation positioning, a factor influenc-
ing wheel wear, and maintenance. Liu et al. [103] applied the method
70
Reliability Engineering and System Safety 173 (2018) 64–77
for assessing the reliability of components characterized with multi-
state, Markov degradation processes. In their study, the Gibbs sampler
is applied for resolving the posterior distributions generated from the
degradation processes. Other studies incorporating the Gibbs sampler
in Bayesian network formalisms are discussed in, e.g. [104–106].
Some studies attempt to integrate the Gibbs sampler and M-H algo-
rithms within the same modelling formalism. Examples include Soliman
et al. [98], where a combined formalism is proposed for estimating the
reliability of multi-component systems characterized with dependencies
modelled via a modified Weibull posterior distribution. More recently,
the sampler is also discussed for modelling the influence of dependen-
cies such as stress and component strength on system reliability [107].
Zaidan et al. [108] also applies the approach for estimating the remain-
ing useful life of aerospace gas turbine engines.
Other authors have extended the hybrid McMC resolution approach
by allowing inclusion of parametric sensitivity analysis, for instance, see
[109–111]. Of particular interest, the resolution efficiency of McMC is
extended to analyzing rare failure events. In recent years, the McMC
resolution has evolved to software applications such as BUGS (Bayesian
inference using Gibbs sampling) where applicability of the approach is
demonstrated for assessing asset failure risks, e.g. see [112–114].
5. Methods for quantifying epistemic uncertainty
Although the Bayesian inferencing framework is useful for combin-
ing evidences, both quantitative and qualitative, lack of, or insufficient
reliability data may necessitate alternative methods for quantifying epis-
temic uncertainty. Such methods would allow expert elicitation to be
considered in dependability modelling formalisms. Examples of meth-
ods for quantifying epistemic uncertainty include; (1) Theory of Fuzzy
sets; (2) Interval Analysis; and (3) the Dempster–Shafer Theory of Evi-
dence [115].
5.1. Fuzzy approach for quantifying uncertainty
The fuzzy set concept was first suggested for modelling vague and im-
precise information through membership functions, where the function
specify a degree of belonging in the continuous interval <0, 1> [116].
Ideally, a function of ‘0’ implies no membership, while conversely, a
function of ‘1’ implies full membership in the continuous interval. The
fuzzy concept is applied within fault tree modelling formalisms, e.g. in
Purba et al. [117], for assessing the probability of failure of basic events
of a nuclear power plant facility. In the study, modelling the basic events
relied on fuzzy functions elicited from domain experts. The embedded-
ness of fuzzy concept within static fault tree formalisms is also discussed
in studies, e.g. [118,119].
For dynamic fault trees, the fuzzy concept is discussed in Tu et al.
[30] where the concept is applied for quantifying uncertainties asso-
ciated with sparse failure information of critical avionic systems. Kabir
et al. [120] also incorporate the concept while assessing the reliability of
fuel distribution system of marine ships. More recently, a fuzzy fault tree
analysis modelling formalism is discussed in Yazdi et al. [121] where im-
portantly, the formalism is applied for analysing failure risks associated
with common cause failures. Assessing such risks is often challenging
owing to sparse fault information. The concept is embedded in dynamic
fault tree formalisms as discussed in studies, e.g. [122,123]. Recent at-
tempts are also seen in the literature where some authors integrate the
fuzzy concept to Bayesian network modelling formalisms, for instance,
in He et al. [124] where fuzzy functions are assigned to failure probabil-
ity estimates of complex systems characterized with multi-state failures.
5.2. Interval analysis
In interval analysis, the uncertain and imprecise parameters of in-
terest are assumed to lie within the lower and upper interval bounds
<a,b> [115]. Compared to the fuzzy approach where fuzzy membership
P. Chemweno et al.
Petrochemical facilities
Industrial/manufacturing systems
Nucleur power generation/research
Railway systems/Marine applications
Food/paper/process industries
Electronics/telecommunications
Fig. 4. Distribution of articles as per application domain.
functions are specified, in the interval analysis, domain experts assign
crisp lower and upper bound values to the uncertainty range the param-
eters are judged to lie within [115]. For example, the failure probability
of a wind turbine gearbox may be specified as lying within the lower
and upper bounds <1 × 10−4 to 1 × 10−2 >. The interval analysis allows
estimates from several experts to be combined within a probabilistic
framework described by the interval functions [125]. Although the in-
terval analysis is demonstrated to work well within Bayesian network
formalisms, especially where reliability data is sparse, the analysis lacks
a concise mathematical structure or density function through which un-
certainty can be propagated [115,126]. To overcome this flaw, two al-
gorithms are suggested in the literature, and based on, (1) simulation
methods; and (2) surrogate models [115].
For reliability analysis and probabilistic safety assessment, the in-
terval analysis method is gaining attention in the field of uncertainty
quantification (UQ). In UQ, aleatory and epistemic uncertainties are
analysed through separate second-order distribution functions. This sep-
aration approach is suggested as useful for assessing the reliability of
complex, high reliability safety-critical systems, e.g. aerospace systems
[127–129]. Within dependability modelling formalisms, the UQ separa-
tion approach is discussed recently in Novack et al. [130] for quanti-
fying the epistemic uncertainty of basic failure events of space launch
vehicles. Fig. 4 depicts the distribution of reviewed dependability ap-
proaches as per the application domain.
5.3. Dempster–Shafer evidence theory
The Dempster–Shafer Theory of Evidence (DSTE) is founded on two
ideals; (i) obtaining degree of beliefs for subjective probability estimates
and; (ii) combining the degree of beliefs within a probabilistic frame-
work [131]. The DSTE provides an efficient framework for aggregating
information from multiple sources, both qualitative and quantitative,
where this aggregation is achieved through the Dempster’s combina-
tion rules [132]. In DSTE, estimates of the risk metrics of interest are
bounded within the belief (lower bound) and plausibility functions (up-
per bound), expressed by the Equation [131]:
Bel (𝐴) ≤ 𝑃 (𝐴) ≤ 𝑃 𝐿 (𝐴) (8)
The exact position where the metric (e.g. probability of failure) lies
depends on the degree of evidence or information available at the time
of analysis [131]. Hence, strong evidence would suggest a tendency
71
Reliability Engineering and System Safety 173 (2018) 64–77
26%
21%
19%
15%
11%
8%
towards the plausibility function (upper bound) while weak evidence
would suggest the contrary, i.e. a tendency towards the belief function
(lower bound).
In the literature, the DSTE is discussed in Eldred et al. [115] where
the authors use computational experiments to compare the DSTE and the
Interval Valued Probability (IVP) methods. The IVP segregates aleatory
and epistemic uncertainties, and allows nested operations to be per-
formed [115]. Based on the experiments, the authors conclude that al-
though the DSTE and IVP approach produce comparable results, the
DSTE is sensitive to the number of input variables. As such, the compu-
tational effort increases in tandem with the number of input variables.
Helton and Johnson [126] also compare the DSTE, the Interval Analysis
and the Fuzzy methodology and conclude that the DSTE is rather attrac-
tive in that; (i) it allows inclusion of more information compared to the
Interval Analysis; and (ii) it requires fewer assumptions for specifying
input uncertainties as compared to both, the Interval Analysis and the
Fuzzy set concept.
Although not applied within a dependability modelling formalism,
Ding et al. [133] demonstrate how the DSTE may be applied for assess-
ing the reliability of early fire detection systems by aggregating multi-
sensor information, e.g. smoke and light sensor information. For tech-
nical systems, Agaram [134] reviews recent applications of DSTE ap-
proaches which embeds concepts of information fusion for reliability
analysis, and fault diagnosis in the automotive industry. Notably, the
review highlights usefulness of the DSTE approach for early fault detec-
tion through combining multiple sources of evidences, including sensor
data, e.g. vibration, or ultrasound, and expert information on potential
failure events.
For dynamic fault tree analysis, Duan et al. [135] integrates an ev-
idential information network in which, component failure rates are ex-
pressed through interval number estimates, with epistemic uncertainties
associated with the sparse failure data modelled via the DSTE concept.
Inclusion of interval valued probabilities to fault tree modelling formal-
ism is also discussed in Toppila and Salo [136], where the authors cau-
tion of challenges upscaling such formalisms for assessing the reliability
of complex dependable systems. Zhang et al. [137] demonstrated how
linguistic information may be incorporated into an evidential network
which is based on the DSTE method and a Bayesian network formal-
ism. Flage et al. [138] also apply an approach which synthesizes the
DSTE and the fuzzy concept within a fault tree modelling formalism, for
quantifying epistemic uncertainty of basic failure events of general sys-
P. Chemweno et al. Reliability Engineering and System Safety 173 (2018) 64–77

Table 1
Overview of methods for quantifying uncertainty in dependability modelling.

Methods Literature No. of articles

Bayesian inference approaches Analytic approximation [87–91] 5(8%)

Data augmentation [92–96] 6 (9%)
Markov chain Monte Carlo [111,89,114,112,110,98–103,171–175] 16 (24%)
Approaches for quantifying epistemic uncertainty Theory of fuzzy sets [54,117,120,30,123,124,176–179] 12 (18%)
Interval analysis [125,127–130,139,180] 9(14%)
Dempster-Shafer theory of belief [133–135,129,140–146,155,139,137,181] 18 (27%)

tems. More recently, Giuseppe et al. [139] apply an approach which also This challenge is particularly apparent for static and dynamic fault trees,
synthesizes the DSTE and Interval-Valued Probability estimates elicited as discussed in Gharahasanlou et al. [16].
from domain experts where similarly, their combined formalism is em- As regards user intuitiveness, integrated formalisms are seemingly
bedded in a fault tree modelling formalism and applied for assessing the attractive owing to the trade-off between intuitiveness, and modelling
reliability of systems with different configurations, i.e. parallel or series. complexity, especially when temporal aspects are considered. This is
In Bayesian network formalisms, authors such as Kabir et al. where fault tree formalisms are translated to equivalent Bayesian net-
[140] apply the DSTE for fusing censored failure data with expert es- works, hence seems to cope better with uncertainties associated with
timates where their approach is applied for assessing the reliability of sparse reliability data, or qualitative aspects such as operations risks, or
technical components of a water distribution system. Within Bayesian human-related factors, as seen in studies, e.g. Dongiovanni and Iesman-
network modelling formalism, DSTE is also discussed in [129,141–146]. tas [18]. However, it should be mentioned that despite the modelling
Table 1 summarizes the main methods for treating uncertainty in de- versatility introduced by the integrated formalisms, incorporating main-
pendability modelling approaches discussed in this review. tenance policies within the formalisms is seemingly a challenge. Effort
towards this direction is discussed for dynamic fault trees, and in par-
ticular, repairable dynamic fault trees suggested by authors e.g. Manno
6. Discussion
et al. [27]. However, repairable fault tree as discussed, excludes alterna-
tive maintenance such as optimized maintenance planning, or condition-
6.1. General insights, and implications of the review for research and
based maintenance. This omission also extends to incorporating prog-
practice
nostic information, such as inclusion of the remaining useful life to de-
pendability modelling formalisms. Although recent studies consider this
This review offers important insights for decision support in risk as-
aspect, nonetheless it is noted as an important gap which could be fur-
sessment, and more specifically, dependability analysis in maintenance
ther explored.
decision making. In particular, such insights could assist risk analysts
For static and dynamic Bayesian networks which constitute 35%
and maintenance practitioners assess equipment failure risks more ro-
of the reviewed approaches, an important trend towards more flexi-
bustly, and consequently, formulate effective maintenance strategies
ble modelling formalisms is seen. Importantly, apart from incorporating
that mitigate the effects of equipment failures. As depicted in Fig. 4,
temporal aspects, the Bayesian networks offers the advantage of updat-
performing risk assessment is especially an important consideration for
ing risk metrics with the emergence of new failure information. The for-
formulating maintenance strategies for safety-critical systems such as
malism also seems robust for incorporating qualitative information, such
nuclear power generation facilities, railway systems, and chemical pro-
as human-related maintenance errors. Such human aspects are often dif-
cess facilities. For such facilities, sub-optimal risk assessment may re-
ficult to quantify, yet are important contributors to equipment failures,
sult in failure events leading to catastrophic accidents, for instance, the
and accident events in safety-critical assets. Important human-related
Bhopal disaster, or recently, the Deepwater horizon spill event in the
performance shaping factors contributing to maintenance-related er-
Gulf of Mexico [147,148]. By structuring knowledge on dependabil-
rors includes fatigue, skill level, or not incorrect repair procedures. Al-
ity modelling, risk assessment, and maintenance decision making, it is
though inclusion of human factor aspects in Bayesian network modelling
expected that risk analysts and maintenance practitioners will better
formalisms are discussed, this is seemingly limited to safety and acci-
assess the relevance, and applicability of different dependability mod-
dent analysis, for instance, as discussed in Akhtar and Utne [149] and
elling methods.
Calviño, Grande [150].
From the review, significant research is seemingly directed towards
However, one important challenge of incorporating human factors
more versatile dependability modelling methods such as dynamic fault
within dependability modelling formalisms is the difficulty quantifying
trees, dynamic Bayesian networks, hybrid fault trees/Bayesian net-
the probability of errors linked to performance shaping factors associ-
works, and stochastic Petri-nets which overall, accounts for 69 % of
ated with human errors. Quantifying such errors requires use of scenario
the reviewed methods (see Fig. 3). Nonetheless, static dependability ap-
analysis where propagation of human errors to potential maintenance
proaches such as fault trees, and Bayesian networks constitute a notice-
errors is evaluated. Bayesian network formalisms are limited in this re-
able proportion of the reviewed approaches, which may be attributed to
gard. Noroozi et al. [151] proposes an alternative approach where Event
the intuitiveness of the methods by analysts and practitioners (31% of
trees are applied for scenario analysis, and quantifying the impact of hu-
reviewed methods). This contrasts to dynamic dependability modelling
man errors on equipment maintenance.
methods where equipment failure probabilities are primarily resolved
From the review, the important role of Bayesian network formalisms
through Markov models, and Monte Carlo simulation approaches.
for rare event analysis is also discussed. In particular, the data augmen-
However, apart from ignoring temporal aspects, the static fault tree
tation approach seems attractive for decision support in maintenance
is still limited to the extent to which basic failure events are modelled
since, often, availability of sufficient data for failure modelling is an
through varying empirically derived distribution functions, for instance,
important challenge. This is especially the case for high reliability and
Weibull or Lognormal functions. Largely, in the reviewed methods, ba-
safety-critical systems depicted in Fig. 4. A trend towards this direc-
sic events are assumed as exponentially distributed, an assumption con-
tion is discussed in studies, for instance, in [152,153]. An important
sidered for modelling simplicity. Although empirically derived distribu-
concern, however, for rare event analysis relates to validation concerns
tions would ideally mimic failure models expected in real-life, incorpo-
for formalisms integrating such analysis. This is an important challenge
rating such distributions within the reviewed formalisms is not straight-
neccesatitating future work in this direction.
forward, and presents additional resolution complexities of the methods.

72
P. Chemweno et al.
To address some of the validation concerns for rare failure events,
the Markov chain Monte Carlo (McMC) simulation approach is discussed
where apart from efficiently resolving complex posterior distributions,
the approach addresses validity concerns for sparse data sets. This is
achieved partly through computing the Deviance Information Crite-
rion (DIC) which is embedded in software applications such as BUGS
(Bayesian Inference Using Gibbs Sampler). Although a useful resolution
approach for posterior distributions, and addressing model validity con-
cerns, its usage is limited to fairly simple systems with straightforward
dependencies. Extending the McMC for modelling more complex depen-
dencies such as maintenance policies, and human-related maintenance
errors is an interesting direction for future work.
Although demonstrated as applicable for rare event analysis,
Stochastic Petri-net applies enabling rules within a simulation modelling
framework which also introduces model validity concerns, for instance,
as discussed in Paolieri et al. [154]. Moreover, the formalism may not
be intuitive to maintenance practitioners as compared to methods such
as fault trees, or Bayesian network formalisms, hence its seemingly low
proportion as compared to other reviewed dependability modelling ap-
proaches.
For quantifying epistemic uncertainty, integrating fuzzy and DSTE
concepts within dependability modelling formalisms, such as the static
and dynamic fault trees is an interesting observation (45% of uncer-
tainty quantification methods, see Table 1). This is because, in absence
of sufficient data for modelling basic failure events, eliciting fuzzy esti-
mates from domain experts is an intuitive approach for addressing data
availability challenges. However, the fuzzy concept raises model valid-
ity concerns which is partly addressed by Bayesian updating. The DSTE
method also provides a useful platform for augmenting sparse reliabil-
ity information with expert estimates, for instance, discussed in stud-
ies, e.g. Khalaj et al. [155], and Flage et al. [138]. In particular, the
DSTE integrates a useful data fusion framework which allows synthesis
of maintenance-related information from multiple sources, e.g. condi-
tion monitoring sensor data such as vibration and ultrasound. The fusion
further extends to integrating information elicited from domain experts
within the modelling formalism.
6.2. General directions for future work
From the above discussion, dependability modelling formalisms
present interesting prospects for future research within the maintenance
decision making domain. Firstly, there is need to extend the modelling
flexibility of fault tree and Bayesian network formalisms such that em-
pirical failure models are integrated in the formalisms. This deviates
from the traditional assumption in dynamic fault trees where basic fail-
ure events are assumed as exponentially distributed. Incorporating such
empirically derived failure models may pave way for more flexible for-
malisms where the reliability of complex electromechanical systems,
such as collaborative robots is more practically assessed. Often such
robots systems constitute components exhibiting varying failure mech-
anisms, such as random failures (electronic components) or Weibull or
Gamma distributed failures (mechanical systems) [156].
Secondly, mapping failure dependencies objectively in the for-
malisms discussed in this review is challenging. Often, the failure depen-
dencies are mapped qualitatively, either based on expert knowledge on
associations between failure mechanisms, or based on the system config-
uration. The latter considers how components are interconnected, and
presumes that failure dependencies are aligned to the system configura-
tion. Data exploration methods combined with data fusion approaches
may provide a plausible platform for objectively mapping dependencies
between failure events, for instance, discussed in Chemweno et al. [3].
In particular, information fusion may allow synthesizing data from sys-
tems of similar configuration or design. This approach is discussed in
Raz et al. [157] where Information Fusion System architecture is sug-
gested.
73
Reliability Engineering and System Safety 173 (2018) 64–77
Other plausible approaches may include alternative formalisms, such
as use of dynamic event trees for instances where information on fault
incidences modelled via fault trees is limited. This approach is discussed
in Ibánez et al. [158] where they argue that the DET formalism avoids
the need for exploring all potential system failure configurations or de-
pendencies. A similar trend towards using the DET modelling formalism
is also seen in Karanki et al. [159] where uncertainties associated with
stochastic failure probabilities and modelling parameters are incorpo-
rated within DET’s.
For integrating sparse information to dependability formalisms, in-
formation fusion architectures are suggested. For instance, Guo et al.
[160] propose an approach where information from both expert and
data sources are integrated via a Bayesian inferencing framework. Their
approach importantly uses linear and geometric pooling methods, hence
allowing importance weights to be assigned to the prior failure infor-
mation. This diversifies the characteristics of possible prior that may
be integrated in the Bayesian inferencing framework. A Naives Bayes
approach for handling missing or unsynchronized is also proposed re-
cently in Dabrowski et al. [161], and integrated in a dynamic Bayesian
network modelling formalism. Hence such recent formalisms indicate
an interesting trend towards more data driven dependability modelling
approaches.
For rare failure analysis, a notable constraint is the reliance on both
numerical reliability data and expert analysis, which necessitates nu-
merous modelling assumptions for augmenting subjective estimates. To
mitigate the impact of such assumptions, authors such as Khorsandi
and Aven [162] propose inclusion of the ‘assumption deviation risk’
for mitigating modelling uncertainties. Inclusion of such aspects to de-
pendability modelling may further enhance treatment of uncertainty,
hence, an interesting area of future work. Combined formalisms such as,
such as the generalized stochastic Pertinets integrated with fault trees is
demonstrated for rare failure/accident analysis. Talebberrouane, Khan
[80] demonstrates that such formalisms provides more information on
fault occurrences at different operational states and dependability se-
quences, and may consider alternative maintenance and repair strate-
gies. A similar Petrinet/fault tree formalism is also discussed recently
in Yan et al. [163] for assessing the reliability of complex automated
guided vehicle systems while considering optimal inspection and main-
tenance timings.
Data-driven machine learning approaches, and the DSTE method
also seems to provide a plausible data fusion platform. For instance,
integrating methods such as the Least square Support Vector Machine
(SVM) in dependability modelling is widely discussed method for diag-
nosing faults of technical assets, e.g. see [164,165].
Thirdly, the combinatorial explosion problem remains an important
challenge for upscaling graphical-oriented dependability methods dis-
cussed in this review, i.e. fault trees, stochastic Petri-net, and Bayesian
network. This is especially a challenge for modelling systems with com-
plex dependencies owing to multiple interconnected components ex-
hibiting varying failure mechanics. Although object-oriented modelling
approaches try to address this concern by modularizing complex de-
pendability formalisms, the decomposition limits the extent to which
reliability, and maintenance-related aspects are integrated into such for-
malisms. Invariably, this limits the robustness of the risk assessment
process, and maintenance decision making, the latter linked to selecting
optimal maintenance strategies. Hence, exploring more efficient decom-
position schemes forms an interesting prospect for future work. In addi-
tion to decomposition schemes, application of more efficient algorithms
for reducing storage necessary for constructing modular schemes such
as Bayesian network may assist upscale dependability models. Recent
work in this direction is discussed in Tien and Der Kiureghian [166].
Alternative integrated formalisms may also allow upscaling of de-
pendability models, and overcome the challenge of traditional ap-
proaches which so far focus on simple systems with limited dependen-
cies. Recent application of continuous-time Markov chain seems promis-
ing in this regard, for instance, proposed in Liang et al. [167]. Func-
P. Chemweno et al.
tional block diagrams such as discussed in Fazlollahtabar and Niaki
[168] may also extend dependability modelling formalisms for electro-
mechanical complex systems such as robotic systems. The integrated
formalism discussed in Li et al. [169] which includes goal tree, success
tree, and master logic diagram for modelling dependencies between sys-
tem components of a wind turbine system is also oriented towards this
research direction, allowing upscaling and assessment of risks for multi-
state/multi-component systems.
Fourthly, integrating human-related performance shaping factors in
dependability modelling formalisms is an important concern for main-
tenance decision making as discussed in Section 6.1. Integrating such
factors allows analysts assess the impact of maintenance-related errors
on the probability of system failure. Invariably, this may yield more
robust maintenance strategies which considers the influence of human-
related aspects on risk assessment, and maintenance decision support.
From the review, Bayesian network formalisms seem suited for this pur-
pose, however, the influence of human factors in the reviewed stud-
ies are largely discussed in the context of accident and safety analysis.
Recent research work towards integrating human factor aspects in de-
pendability formalisms is discussed in Zwirglmaier et al. [170] where
the Bayesian network is applied for human reliability assessment. In
their study, the BN formalisms models causal pathways leading to hu-
man errors, hence quantifying the probabilities of such errors. Such an
approach may potentially be translated for quantifying the probability
of human-related maintenance errors, which in recent literature, is in-
creasingly an important concern for maintenance decision making.
Finally, the reviewed dependability formalisms largely focus on
estimating the system reliability, while integrating a limited set of
maintenance policies, for instance, optimized maintenance planning.
A few of the reviewed studies integrate more proactive maintenance
policies such as condition-based maintenance, and prognostic mainte-
nance in Bayesian network formalisms. Integrating more diverse main-
tenance policies within the same dependability modelling framework,
though not widely addressed in the literature, could form an interest-
ing prospect for future work. Such formalisms would essentially allow
risk analysts and practitioners assess the impact of varying maintenance
policies on system reliability, while at the same time, consider failure
dependencies.
7. Conclusion
This article presents a state-of-the-art review of dependability meth-
ods for risk assessment in the context of maintenance decision making.
The review evaluates applicability of the dependability modelling for-
malisms for maintenance decision support. Moreover, the review evalu-
ates aspects associated with the methods such as treatment of uncer-
tainty, both through probabilistic and statistical modelling methods.
The review also highlights important gaps, both in theory and practice,
which limit their use for risk assessment in view of modelling failure
dependencies in technical assets. Taking into account these dependen-
cies is especially important for robust assessment of failure risks, and
as a consequence, selecting appropriate maintenance strategies. More-
over, this review is seen as an attempt towards structuring available
knowledge on dependability methods for risk assessment in the context
of maintenance decision making, and furthermore, may act as a useful
guide for both researchers and practitioners in the maintenance decision
making domain.
Acknowledgment
This research work has benefited from the Flanders Make SBO
Project YVES, of which, the Centre for Industrial Management/Traffic
and Infrastructure (CIB) of KU Leuven is affiliated. The authors wish to
thank, in the first place, the SBO-YVES project for funding part of this
work. In the second place, the authors wish to thank three anonymous
reviewers for their critical remarks on this review article.
74
Reliability Engineering and System Safety 173 (2018) 64–77
References
[1] Marhavilas PK. Risk analysis and assessment methodologies in the work sites: On
a review, classification and comparative study of the scientific literature of the
period 2000 to 2009. J Loss Prev Process Ind 2011;24:477.
[2] 31010 ISO. Risk management- risk assessment techniques. International Organisa-
tion of Standardisation; 2009. p. 2009.
[3] Chemweno P, Morag I, Sheikhalishahi M, Pintelon L, Muchiri P, Wakiru J. Develop-
ment of a novel methodology for root cause analysis and selection of maintenance
strategy for a thermal power plant: A data exploration approach. Eng Fail Anal
2016;66:19–36.
[4] Duffuaa SO, Raouf A. Reliability-Centered Maintenance. In: Planning and control
of maintenance systems. Springer; 2015. p. 245–60.
[5] Liu H-C, Liu L, Liu N. Risk evaluation approaches in failure mode and effects anal-
ysis: A literature review. Expert Syst Appl 2013;40:828–38.
[6] Braaksma A, Meesters A, Klingenberg W, Hicks C. A quantitative method for failure
mode and effects analysis. Int J Prod Res 2012;50:6904–17.
[7] Li W. Risk assessment of power systems: models, methods, and applications. John
Wiley & Sons; 2014.
[8] Fraser K, Hvolby H-H, Tseng T-L. Maintenance Management Models: a study of
the published literature to identify empirical evidence: A greater practical focus is
needed. Int J Qual Reliab Manage 2015;32:635–64.
[9] Aven T. Risk assessment and risk management: Review of recent advances on their
foundation. Eur J Oper Res 2016;253:1–13.
[10] Smith DJ. Reliability, maintainability and risk: practical methods for engineers.
Oxford: Butterworth-Heinemann; 2017.
[11] Modarres M, Zhou T, Massoud M. Advances in multi-unit nuclear power plant prob-
abilistic risk assessment. Reliab Eng Syst Saf 2017;157:87–100.
[12] Kabir S. An overview of fault tree analysis and its application in model based de-
pendability analysis. Expert Syst Appl 2017;77:114–35.
[13] Berg H-P. Risk management: Procedures, methods and experiences. Reliab Theory
Appl 2010;1:79–95.
[14] Tazi N, Châtelet E, Bouzidi Y. How combined performance and propagation
of failure dependencies affect the reliability of a MSS. Reliab Eng Syst Saf
2018;169:531–41.
[15] Weber P, Medina-Oliva G, Simon C, Iung B. Overview on Bayesian networks ap-
plications for dependability, risk analysis and maintenance areas. Eng Appl Artif
Intell 2012;25:671–82.
[16] Gharahasanlou AN, Mokhtarei A, Khodayarei A, Ataei M. Fault tree analysis of
failure cause of crushing plant and mixing bed hall at Khoy cement factory in Iran.
Case Stud Eng Failure Anal 2014;2:33–8.
[17] Motamedi A, Hammad A, Asen Y. Knowledge-assisted BIM-based visual ana-
lytics for failure root cause detection in facilities management. Autom Constr
2014;43:73–83.
[18] Dongiovanni DN, Iesmantas T. Failure rate modeling using fault tree analysis and
Bayesian network: DEMO pulsed operation turbine study case. Fusion Eng Des
2016;109:613–17.
[19] Wu Y. Development of reliability and probabilistic safety assessment program
RiskA. Ann Nucl Energy 2015;83:316–21.
[20] Bhangu NS, Pahuja G, Singh R. Application of fault tree analysis for evaluating
reliability and risk assessment of a thermal power plant. Energy Sources Part A
2015;37:2004–12.
[21] Choi I-H, Chang D. Reliability and availability assessment of seabed storage tanks
using fault tree analysis. Ocean Eng 2016;120:1–14.
[22] Taheriyoun M, Moradinejad S. Reliability analysis of a wastewater treatment
plant using fault tree analysis and Monte Carlo simulation. Environ Monit Assess
2015;187:4186.
[23] McNelles P, Zeng ZC, Renganathan G, Lamarre G, Akl Y, Lu L. A comparison of
fault trees and the dynamic flowgraph methodology for the analysis of FPGA-based
safety systems Part 1: Reactor trip logic loop reliability analysis. Reliab Eng Syst
Saf 2016;153:135–50.
[24] Rauzy AB. Sequence algebra, sequence decision diagrams and dynamic fault trees.
Reliab Eng Syst Saf 2011;96:785–92.
[25] Ge D, Yang Y. Reliability analysis of non‐repairable systems modeled by dy-
namic fault trees with priority AND gates. Appl Stochastic Models Bus Indus
2015;31:809–22.
[26] Wang Y, Xing L, Wang H. Reliability of systems subject to competing failure prop-
agation and probabilistic failure isolation. Int J Syst Sci 2016:1–19.
[27] Manno G, Chiacchio F, Compagno L, D’Urso D, Trapani N. Conception of repairable
dynamic fault trees and resolution by the use of RAATSS, a Matlab® toolbox based
on the ATS formalism. Reliab Eng Syst Saf 2014;121:250–62.
[28] b,Chiacchio F, D’Urso D, Compagno L, Pennisi M, Pappalardo F, et al. SHyFTA, a
stochastic hybrid fault tree automaton for the modelling and simulation of dynamic
reliability problems. Expert Syst Appl 2016;47:42–57.
[29] Salehpour‐Oskouei F, Pourgol‐Mohammad M. Fault diagnosis improvement using
dynamic fault model in optimal sensor placement: a case study of steam turbine.
Qual Reliab Eng Int 2017;33:531–41.
[30] Tu J, Cheng R, TAo Q. Reliability Analysis Method of safety-critical avionics sys-
tem based on Dynamic Fault Tree under Fuzzy Uncertainty. Eksploatacja i Nieza-
wodność 2015;17:156–63.
[31] Volk M, Junges S, Katoen J-P. Fast dynamic fault tree analysis by model checking
techniques. IEEE Trans Ind Inf 2017;14:370–9.
[32] Peng Z, Lu Y, Miller A, Johnson C, Zhao T. Risk assessment of railway
transportation systems using timed fault trees. Qual Reliab Eng Int 2016;32:
181–194.
P. Chemweno et al.
[33] Ge D, Lin M, Yang Y, Zhang R, Chou Q. Quantitative analysis of dynamic fault
trees using improved Sequential Binary Decision Diagrams. Reliab Eng Syst Saf
2015;142:289–99.
[34] Ge D, Li D, Chou Q, Zhang R, Yang Y. Quantification of highly coupled dynamic
fault tree using IRVPM and SBDD. Qual Reliab Eng Int 2016;32:139–51.
[35] Simeu-Abazi Z, Lefebvre A, Derain J-P. A methodology of alarm filtering using
dynamic fault tree. Reliab Eng Syst Saf 2011;96:257–66.
[36] Codetta Raiteri D. Integrating several formalisms in order to increase Fault Trees’
modeling power. Reliab Eng Syst Saf 2011;96:534.
[37] Flammini F, Marrone S, Iacono M, Mazzocca N, Vittorini V. A multiformalism
modular approach to ERTMS/ETCS failure modeling. Int J Reliab Qual Saf Eng
2014;21:145.
[38] Turan O, Lazakis I, Judah S, Incecik A. Investigating the reliability and criticality
of the maintenance characteristics of a diving support vessel. Qual Reliab Eng Int
2011;27:931–46.
[39] Rauzy A, Blériot-Fabre C. Towards a sound semantics for dynamic fault trees. Reliab
Eng Syst Saf 2015;142:184–91.
[40] Chiacchio F, D’Urso D, Manno G, Compagno L. Stochastic hybrid automaton model
of a multi-state system with aging: Reliability assessment and design consequences.
Reliab Eng Syst Saf 2016;149:1–13.
[41] Yevkin O. An efficient approximate markov chain method in dynamic fault tree
analysis. Qual Reliab Eng Int 2015;32:1509–20.
[42] Merle G, Roussel JM, Lesage JJ. Quantitative analysis of dynamic fault trees based
on the structure function. Qual Reliab Eng Int 2014;30:143–56.
[43] Chiacchio F, Cacioppo M, D’Urso D, Manno G, Trapani N, Compagno L. A Weibul-
l-based compositional approach for hierarchical dynamic fault trees. Reliab Eng
Syst Saf 2013;109:45–52.
[44] Zhu P, Han J, Liu L, Lombardi F. A stochastic approach for the analysis of dynamic
fault trees with spare gates under probabilistic common cause failures. IEEE Trans
Reliab 2015;64:878–92.
[45] Chiacchio F, Compagno L, D’Urso D, Manno G, Trapani N. Dynamic fault trees
resolution: A conscious trade-off between analytical and simulative approaches.
Reliab Eng Syst Saf 2011;96:1515–26.
[46] Lindhe A, Norberg T, Rosén L. Approximate dynamic fault tree calculations for
modelling water supply risks. Reliab Eng Syst Saf 2012;106:61–71.
[47] Nguyen TK, Beugin J, Marais J. Method for evaluating an extended Fault Tree
to analyse the dependability of complex systems: Application to a satellite-based
railway system. Reliab Eng Syst Saf 2015;133:300–13.
[48] Khakzad N, Khan F, Amyotte P. Quantitative risk analysis of offshore drilling op-
erations: A Bayesian approach. Saf Sci 2013;57:108–17.
[49] Nielsen TD, JENSEN FV. Bayesian networks and decision graphs. Springer; 2009.
[50] Liu Z, Liu Y, Cai B, Zhang D, Zheng C. Dynamic Bayesian network modeling of
reliability of subsea blowout preventer stack in presence of common cause failures.
J Loss Prev Process Ind 2015;38:58–66.
[51] Ferreiro S, Arnaiz A, Sierra B, Irigoien I. Application of Bayesian networks in prog-
nostics for a new Integrated Vehicle Health Management concept. Expert Syst Appl
2012;39:6402–18.
[52] Gran B, Bye R, Nyheim O, Okstad E, Seljelid J, Sklet S, et al. Evaluation of the Risk
OMT model for maintenance work on major offshore process equipment. J Loss
Prev Process Ind 2012;25:582–93.
[53] Tian X, Liu Y, Zhang Y, Lin R, Xi Y. Fault diagnosis research of submarine casing
cutting robot for abandoned oil wellhead. Int J Secur Appl 2014;8:213–24.
[54] Liu Z, Liu Y, Wu X, Yang D, Cai B, Zheng C. Reliability evaluation of auxiliary
feedwater system by mapping GO-FLOW models into Bayesian networks. ISA Trans
2016;64:174–83.
[55] Askarian M, Zarghami R, Jalali‐Farahani F, Mostoufi N. Fault diagnosis of chemi-
cal processes considering fault frequency via Bayesian network. Can J Chem Eng
2016;94:2315–25.
[56] Abbassi R, Bhandari J, Khan F, Garaniya V, Chai S. Developing a quantitative
risk-based methodology for maintenance scheduling using Bayesian network. Chem
Eng Trans 2016;48:235–40.
[57] Cai B, Liu Y, Fan Q, Zhang Y, Yu S, Liu Z, et al. Performance evaluation of subsea
BOP control systems using dynamic Bayesian networks with imperfect repair and
preventive maintenance. Eng Appl Artif Intell 2013;26:2661–72.
[58] Hu J, Zhang L, Liang W. Opportunistic predictive maintenance for complex mul-
ti-component systems based on DBN-HAZOP model. Process Saf Environ Prot
2012;90:376–88.
[59] Cózar J, Gámez JMPJA. An application of dynamic bayesian networks to condition
monitoring and fault prediction in a sensored system: a Case Study. 2017;10:176–
95.
[60] Zhu J, Collette M. A dynamic discretization method for reliability inference in dy-
namic bayesian networks. Reliab Eng Syst Saf 2015;138:242–52.
[61] Luque J, Straub D. Reliability analysis and updating of deteriorating systems with
dynamic Bayesian networks. Struct Saf 2016;62:34–46.
[62] Li K, Ren Y, Fan D, Liu L, Wang Z, Ma Z. Enhance GO methodology for reliabil-
ity analysis of the closed-loop system using Cyclic Bayesian Networks. Mechanical
systems and signal processing. In Press; 2017.
[63] Ramírez PAP, Utne IB. Use of dynamic Bayesian networks for life extension assess-
ment of ageing systems. Reliab Eng Syst Saf 2015;133:119–36.
[64] Salazar JC, Weber P, Nejjari F, Sarrate R, Theilliol D. System reliability aware
model predictive control framework. Reliab Eng Syst Saf 2017;167:663–72.
[65] Liang XF, Wang HD, Yi H, Li D. Warship reliability evaluation based on dynamic
bayesian networks and numerical simulation. Ocean Eng 2017;136:129–40.
[66] Codetta-Raiteri D, Portinale L. Generalized Continuous Time Bayesian Networks as
a modelling and analysis formalism for dependable systems. Reliab Eng Syst Saf
2017;167:639–51.
75
Reliability Engineering and System Safety 173 (2018) 64–77
[67] Khakzad N, Khan F, Amyotte P. Risk-based design of process systems using dis-
crete-time Bayesian networks. Reliab Eng Syst Saf 2013;109:5–17.
[68] Kabir S, Walker M, Papadopoulos Y. Reliability analysis of dynamic systems by
translating temporal fault trees into Bayesian networks. Model-Based Saf Assess:
Springer 2014:96–109.
[69] Mi J, Li Y-F, Yang Y-J, Peng W, Huang H-Z. Reliability assessment of com-
plex electromechanical systems under epistemic uncertainty. Reliab Eng Syst Saf
2016;152:1–15.
[70] Wang L, Pan R, Wang X, Fan W, Xuan J. A Bayesian reliability evaluation
method with different types of data from multiple sources. Reliab Eng Syst Saf
2017;167:128–35.
[71] Barua S, Gao X, Pasman H, Mannan MS. Bayesian network based dynamic opera-
tional risk assessment. J Loss Prev Process Ind 2016;41:399–410.
[72] Darwish M, Almouahed S, De Lamotte F. The integration of expert-defined im-
portance factors to enrich Bayesian Fault Tree Analysis. Reliab Eng Syst Saf
2017;162:81–90.
[73] Chen S, Qi Z, Chen D, Guo L, Peng W. Investigation of Bayesian network for relia-
bility analysis and fault diagnosis of complex systems with real case applications.
Adv Mech Eng 2017;9:10.
[74] Codetta-Raiteri D, Portinale L. Approaching dynamic reliability with predictive and
diagnostic purposes by exploiting dynamic Bayesian networks. Proc Inst Mech Eng
Part O: J Risk Reliab 2014;228:488–503.
[75] Sadou N, Demmou H. Reliability analysis of discrete event dynamic systems with
Petri nets. Reliab Eng Syst Saf 2009;94:1848–61.
[76] Signoret J-P, Dutuit Y, Cacheux P-J, Folleau C, Collas S, Thomas P. Make your Petri
nets understandable: Reliability block diagrams driven Petri nets. Reliab Eng Syst
Saf 2013;113:61–75.
[77] L-l Song, T-y Wang, X-w Song, Xu L, Song D-g. Research and application of FTA
and petri nets in fault diagnosis in the pantograph-type current collector on CRH
EMU trains. Math Prob Eng 2015:1–12.
[78] Sharma RK, Sharma P. Integrated framework to optimize RAM and cost decisions
in a process plant. J Loss Prev Process Ind 2012;25:883–904.
[79] Wang Z, Atli M, Kondo Adjallah H. Coloured stochastic Petri nets modelling for
the reliability and maintenance analysis of multi-state multi-unit systems. J Manuf
Technol Manag 2014;25:476–90.
[80] Talebberrouane M, Khan F, Lounis Z. Availability analysis of safety critical systems
using advanced fault tree and stochastic Petri net formalisms. J Loss Prev Process
Ind 2016;44:193–203.
[81] Leigh JM, Dunnett SJ. Use of Petri nets to model the maintenance of wind turbines.
Qual Reliab Eng Int 2016;32:167–80.
[82] Zhang D, Hu H, Roberts C. Rail maintenance analysis using Petri nets. Struct In-
frastruct Eng 2017;13:783–93.
[83] Zio E. Integrated deterministic and probabilistic safety assessment: concepts, chal-
lenges, research directions. Nucl Eng Des 2014;280:413–19.
[84] He Y, Mirzargar M, Kirby RM. Mixed aleatory and epistemic uncertainty quantifi-
cation using fuzzy set theory. Int J Approximate Reasoning 2015;66:1–15.
[85] Bolstad WM. Introduction to Bayesian statistics. John Wiley & Sons; 2013.
[86] Thodi P, Khan F, Haddara M. Risk based integrity modeling of offshore pro-
cess components suffering stochastic degradation. J Qual Maint Eng 2013;19:
157–180.
[87] Scott SL, Blocker AW, Bonassi FV, Chipman HA, George EI, McCulloch RE. Bayes
and big data: The consensus Monte Carlo algorithm. Int J Manag Sci Eng Manag
2016;11:78–88.
[88] Peng W, Li Y-F, Yang Y-J, Mi J, Huang H-Z. Leveraging degradation testing and
condition monitoring for field reliability analysis with time-varying operating mis-
sions. IEEE Trans Reliab 2015;64:1367–82.
[89] Yontay P, Pan R. A computational Bayesian approach to dependency assessment in
system reliability. Reliab Eng Syst Saf 2016;152:104–14.
[90] Wang G, Xu T, Tang T, Yuan T, Wang H. A Bayesian network model for pre-
diction of weather-related failures in railway turnout systems. Expert Syst Appl
2017;69:247–56.
[91] Troffaes MC, Walter G, Kelly D. A robust Bayesian approach to modeling epistemic
uncertainty in common-cause failure models. Reliab Eng Syst Saf 2014;125:13–21.
[92] Mahmoud MS, Khalid HM. Expectation maximization approach to data-based fault
diagnostics. Inf Sci 2013;235:80–96.
[93] Zhang X, Kang J, Jin T. Degradation modeling and maintenance decisions based
on Bayesian belief networks. IEEE Trans Reliab 2014;63:620–33.
[94] Zhang Z, Dong F. Fault detection and diagnosis for missing data systems with
a three time-slice dynamic Bayesian network approach. Chemom Intell Lab Syst
2014;138:30–40.
[95] Ratnapinda P, Druzdzel MJ. Learning discrete Bayesian network parameters from
continuous data streams: What is the best strategy? J Appl Logic 2015;13:628–42.
[96] Bacha A, Benhra J, Sabry AH. A CNC machine fault diagnosis methodology based
on bayesian networks and data acquisition. Commun Appl Electron 2016;5:41–8.
[97] Sengupta A, Cressie N. Hierarchical statistical modeling of big spatial datasets using
the exponential family of distributions. Spatial Stat 2013;4:14–44.
[98] Soliman AA, Abd-Ellah AH, Abou-Elheggag NA, Ahmed EA. Modified Weibull
model: A Bayes study using MCMC approach based on progressive censoring data.
Reliab Eng Syst Saf 2012;100:48–57.
[99] Andrieu C, Vihola M. Convergence properties of pseudo-marginal Markov chain
Monte Carlo algorithms. Ann Appl Probab 2015;25:1030–77.
[100] Doucet A, Pitt M, Deligiannidis G, Kohn R. Efficient implementation of Markov
chain Monte Carlo when using an unbiased likelihood estimator. Biometrika
2015;102 295-13.
[101] Van Dyk DA, Jiao X. Metropolis-Hastings within partially collapsed Gibbs samplers.
J Comput Graph Statist 2015;24:301–27.
P. Chemweno et al.
[102] Lin J, Asplund M, Parida A. Reliability analysis for degradation of locomotive
wheels using parametric Bayesian approach. Qual Reliab Eng Int 2014;30:657–67.
[103] Liu Y, Lin P, Li Y-F, Huang H-Z. Bayesian reliability and performance assessment
for multi-state systems. IEEE Trans Reliab 2015;64:394–409.
[104] Aslett LJ, Coolen F, Wilson SP. Bayesian inference for reliability of systems and
networks using the survival signature. Risk Anal 2015;35 1640-51.
[105] Wang H, Yajima A, Castaneda H. Bayesian modeling of external corrosion in under-
ground pipelines based on the integration of Markov chain Monte Carlo techniques
and clustered inspection data. Comput‐Aided Civil Infrastruct Eng 2015;30:300–16.
[106] Bassamzadeh N, Ghanem R. Multiscale stochastic prediction of electricity demand
in smart grids using Bayesian networks. Appl Energy 2017;193:369–80.
[107] Nadar M, Kızılaslan F. Estimation of reliability in a multicomponent stress-strength
model based on a Marshall-Olkin Bivariate Weibull distribution. IEEE Trans Reliab
2016;65:370–80.
[108] Zaidan MA, Harrison RF, Mills AR, Fleming PJ. Bayesian Hierarchical Models for
aerospace gas turbine engine prognostics. Expert Syst Appl 2015;42:539–53.
[109] Vergé C, Morio J, Del Moral P. An island particle algorithm for rare event analysis.
Reliab Eng Syst Saf 2016;149:63–75.
[110] Tee KF, Khan LR, Li H. Application of subset simulation in reliability estimation of
underground pipelines. Reliab Eng Syst Saf 2014;130:125–31.
[111] Compare M, Baraldi P, Bani I, Zio E, Mc Donnell D. Development of a Bayesian
multi-state degradation model for up-to-date reliability estimations of working in-
dustrial components. Reliab Eng Syst Saf 2016;166:25–40.
[112] Hamada M, Wilson A, Weaver B, Griffiths R, Martz H. Bayesian binomial assurance
tests for system reliability using component data. J Qual Technol 2014;46:24.
[113] Kim Y-J, Ahn K-U, Park C-S. Decision making of HVAC system using Bayesian
Markov chain Monte Carlo method. Energy Build 2014;72:112–21.
[114] Alzbutas R, Iešmantas T. Application of Bayesian methods for age‐dependent reli-
ability analysis. Qual Reliab Eng Int 2014;30:121–32.
[115] Eldred MS, Swiler LP, Tang G. Mixed aleatory-epistemic uncertainty quantification
with stochastic expansions and optimization-based interval estimation. Reliab Eng
Syst Saf 2011;96:1092–113.
[116] Zadeh LA. Fuzzy sets as a basis for a theory of possibility. Fuzzy Sets Syst
1978;1:3–28.
[117] Purba JH, Lu J, Zhang G, Pedrycz W. A fuzzy reliability assessment of basic events
of fault trees through qualitative data processing. Fuzzy Sets Syst 2014;243:50–69.
[118] Rajakarunakaran S, Kumar AM, Prabhu VA. Applications of fuzzy faulty tree anal-
ysis and expert elicitation for evaluation of risks in LPG refuelling station. J Loss
Prev Process Ind 2015;33:109–23.
[119] Mhalla A, Collart Dutilleul S, Craye E, Benrejeb M. Estimation of failure proba-
bility of milk manufacturing unit by fuzzy fault tree analysis. J Intell Fuzzy Syst
2014;26:741–50.
[120] Kabir S, Walker M, Papadopoulos Y, Rüde E, Securius P. Fuzzy temporal fault tree
analysis of dynamic systems. Int J Approximate Reasoning 2016;77:20–37.
[121] Yazdi M, Nikfar F, Nasrabadi M. Failure probability analysis by employing fuzzy
fault tree analysis. Int J Syst Assur Eng Manag 2017:1–17.
[122] Duan R, Fan J. Dynamic diagnosis strategy for redundant systems based on relia-
bility analysis and sensors under epistemic uncertainty. J Sens 2015:1–14.
[123] Yuyan C, Ting L, Jian W, Rong X, Xinmin W. Fuzzy dynamic fault tree analysis for
electro-mechanical actuator based on algebraic model with common-cause failures.
Autom Control Comput Sci 2016;50:80–90.
[124] He Q, Yabing Z, ZHAng R, Sun Q, Liu T. Reliability analysis for multi-state system
based on triangular fuzzy variety subset bayesian networks. Eksploatacja I Nieza-
wodnosc 2017;19:158.
[125] Urbina A. Quantification of margins and uncertainties of complex systems in the
presence of aleatoric and epistemic uncertainty. Reliab Eng Syst Saf 2011;96:1114.
[126] Helton JC, Johnson JD. Quantification of margins and uncertainties: alternative
representations of epistemic uncertainty. Reliab Eng Syst Saf 2011;96:1034–52.
[127] WestIV TK, Hosder S, Winter T. Quantification of margins and uncertainties for
integrated spacecraft systems models. J Spacecraft Rockets 2015;52:450–61.
[128] WestIV TK, Hosder S. Uncertainty quantification of hypersonic reentry flows with
sparse sampling and stochastic expansions. J Spacecraft Rockets 2015;52:120–33.
[129] Shah H, Hosder S, Winter T. A mixed uncertainty quantification approach using
evidence theory and stochastic expansions. Int J Uncertainty Quantif 2015;5 51-48.
[130] Novack SD, Rogers J, Al Hassan M, Hark F. Characterizing epistemic uncertainty
for launch vehicle designs. 2016.
[131] Shafer G, Logan R. Implementing Dempster’s rule for hierarchical evidence. Artif
Intell 1987;33:271–98.
[132] Lin G, Liang J, Qian Y. An information fusion approach by combining multigranu-
lation rough sets and evidence theory. Inf Sci 2015;314:184–99.
[133] Ding Q, Peng Z, Liu T, Tong Q. Multi-sensor building fire alarm system with infor-
mation fusion technology based on DS evidence theory. Algorithms 2014;7:523–37.
[134] Agaram V. Reliability of multi-sensor fusion for next generation cars and trucks.
SAE 2014:1–10.
[135] Duan R, Hu L, Lin Y. Fault diagnosis for complex systems based on dynamic ev-
idential network and multi-attribute decision making with interval numbers. Ek-
sploatacja I Niezawodnosc 2017;19:580.
[136] Toppila A, Salo A. Selection of risk reduction portfolios under interval-valued prob-
abilities. Reliab Eng Syst Saf 2017;163:69–78.
[137] Zhang X, Mahadevan S, Deng X. Reliability analysis with linguistic data: An evi-
dential network approach. Reliab Eng Syst Saf 2017;162:111–21.
[138] Flage R, Baraldi P, Zio E, Aven T. Probability and possibility‐based representations
of uncertainty in fault tree analysis. Risk Anal 2013;33:121–33.
[139] Giuseppe C, Maria GG, La Fata CM. A Dempster-Shafer theory-based approach to
compute the birnbaum importance measure under epistemic uncertainty. Int J Appl
Eng Res 2016;11:10574–85.
76
Reliability Engineering and System Safety 173 (2018) 64–77
[140] Kabir G, Demissie G, Sadiq R, Tesfamariam S. Integrating failure prediction mod-
els for water mains: Bayesian belief network based data fusion. Knowl-Based Syst
2015;85:159–69.
[141] Chen Y, Chen Y-W, Xu X-B, Pan C-C, Yang J-B, Yang G-K. A data-driven approxi-
mate causal inference model using the evidential reasoning rule. Knowl-Based Syst
2015;88:264–72.
[142] Yang J, Huang H-Z, He L-P, Zhu S-P, Wen D. Risk evaluation in failure mode and
effects analysis of aircraft turbine rotor blades using Dempster–Shafer evidence
theory under uncertainty. Eng Fail Anal 2011;18:2084–92.
[143] Compare M, Zio E. Genetic algorithms in the framework of Dempster-Shafer
theory of evidence for maintenance optimization problems. IEEE Trans Reliab
2015;64:645–60.
[144] Yuan K, Xiao F, Fei L, Kang B, Deng Y. Modeling sensor reliability in fault diagnosis
based on evidence theory. Sensors 2016;16:113.
[145] Certa A, Hopps F, Inghilleri R, La Fata CM. A Dempster-Shafer theory-based ap-
proach to the failure mode, effects and criticality analysis (FMECA) under epis-
temic uncertainty: application to the propulsion system of a fishing vessel. Reliab
Eng Syst Saf 2017;159:69–79.
[146] Shah H, Hosder S, Winter T. Quantification of margins and mixed uncer-
tainties using evidence theory and stochastic expansions. Reliab Eng Syst Saf
2015;138:59–72.
[147] Goh YM, Tan S, Lai KC. Learning from the Bhopal disaster to improve process safety
management in Singapore. Process Saf Environ Prot 2015;97:102–8.
[148] Labib A. Learning (and unlearning) from failures: 30 years on from Bhopal to
Fukushima an analysis through reliability engineering techniques. Process Saf En-
viron Prot 2015;97:80–90.
[149] Akhtar MJ, Utne IB. Human fatigue’s effect on the risk of maritime groundings – A
Bayesian network modeling approach. Saf Sci 2014;62:427–40.
[150] Calviño A, Grande Z, Sánchez‐Cambronero S, Gallego I, Rivas A, Menéndez JM.
A Markovian–Bayesian network for risk analysis of high speed and conven-
tional railway lines integrating human errors. Comput‐Aided Civil Infrast Eng
2016;31:193–218.
[151] Noroozi A, Khakzad N, Khan F, MacKinnon S, Abbassi R. The role of human error
in risk analysis: Application to pre- and post-maintenance procedures of process
facilities. Reliab Eng Syst Saf 2013;119:251–8.
[152] Yang M, Khan F, Lye L, Amyotte P. Risk assessment of rare events. Process Saf
Environ Prot 2015;98:102–8.
[153] Yu H, Khan F, Veitch B. A flexible hierarchical Bayesian modeling technique for
risk analysis of major accidents. Risk Anal 2017;37:1668–82.
[154] Paolieri M, Horvath A, Vicario E. Probabilistic model checking of regenerative con-
current systems. IEEE Trans Softw Eng 2016;42:153–69.
[155] Khalaj M, Makui A, Tavakkoli-Moghaddam R. Risk-based reliability assessment un-
der epistemic uncertainty. J Loss Prev Process Ind 2012;25:571–81.
[156] Fazlollahtabar H, Niaki STA. A modified branching process for the reliability anal-
ysis of complex systems: multiple-robot systems. Commun Stat-Theory Methods
2017:1–12.
[157] Raz AK, Kenley CR, DeLaurentis DA. A System-of-Systems perspective for informa-
tion fusion system design and evaluation. Inf Fusion 2017;35:148–65.
[158] Ibánez L, Hortal J, Queral C, Gómez-Magán J, Sánchez-Perea M, Fernández I,
et al. Application of the integrated safety assessment methodology to safety mar-
gins. Dynamic event trees, damage domains and risk assessment. Reliab Eng Syst
Saf 2016;147:170–93.
[159] Karanki DR, Rahman S, Dang VN, Zerkak O. Epistemic and aleatory uncertainties
in integrated deterministic and probabilistic safety assessment: Tradeoff between
accuracy and accident simulations. Reliab Eng Syst Saf 2017;162:91–102.
[160] Guo J, Li ZS, Jin JJ. System reliability assessment with multilevel information using
the Bayesian melding method. Reliab Eng Syst Saf 2018;170:146–58.
[161] Dabrowski JJ, de Villiers JP, Beyers C. Naïve Bayes switching linear dynamical
system: A model for dynamic system modelling, classification, and information
fusion. Inf Fusion 2018;42:75–101.
[162] Khorsandi J, Aven T. Incorporating assumption deviation risk in quantitative risk
assessments: A semi-quantitative approach. Reliab Eng Syst Saf 2017;163:22–32.
[163] Yan R, Jackson LM, Dunnett SJ. Automated guided vehicle mission reliability mod-
elling using a combined fault tree and Petri net approach. Int J Adv Manuf Technol
2017:1–13.
[164] Benkedjouh T, Medjaher K, Zerhouni N, Rechak S. Health assessment and life
prediction of cutting tools based on support vector regression. J Intell Manuf
2015;26:213–23.
[165] Tang B, Song T, Li F, Deng L. Fault diagnosis for a wind turbine transmission system
based on manifold learning and Shannon wavelet support vector machine. Renew-
able Energy 2014;62:1–9.
[166] Tien I, Der Kiureghian A. Algorithms for Bayesian network modeling and reliability
assessment of infrastructure systems. Reliab Eng Syst Saf 2016;156:134–47.
[167] Liang Z, Parlikad AK, Srinivasan R, Rasmekomen N. On fault propagation in dete-
rioration of multi-component systems. Reliab Eng Syst Saf 2017;162:72–80.
[168] Fazlollahtabar H, Niaki STA. Binary state reliability computation for a complex sys-
tem based on extended Bernoulli trials: Multiple autonomous robots. Qual Reliab
Eng Int 2017;33:1709–18.
[169] Li Y-F, Valla S, Zio E. Reliability assessment of generic geared wind turbines by GT-
ST-MLD model and Monte Carlo simulation. Renewable Energy 2015;83:222–33.
[170] Zwirglmaier K, Straub D, Groth KM. Capturing cognitive causal paths in hu-
man reliability analysis with Bayesian network models. Reliab Eng Syst Saf
2017;158:117–29.
[171] Dezfuli H, Kelly D, Smith C, Vedros K, Galyean W. Bayesian inference for NASA
probabilistic risk and reliability analysis. Washington, DC: NASA; 2009.
P. Chemweno et al.
[172] Zhou D. The Application of Bayesian Networks in System Reliability. Arizona State
University; 2014.
[173] Roy A, Srivastava P, Sinha S. Risk and reliability assessment in chemical process
industries using Bayesian methods. Rev Chem Eng 2014;30:479–99.
[174] Vergé C, Morio J, Del Moral P. An island particle algorithm for rare event analysis.
Reliab Eng Syst Saf 2016;149:63–75.
[175] Pan Z, Balakrishnan N. Reliability modeling of degradation of products with mul-
tiple performance characteristics based on gamma processes. Reliab Eng Syst Saf
2011;96:949–57.
[176] Jee TL, Tay KM, Lim CP. A new two-stage fuzzy inference system-based ap-
proach to prioritize failures in failure mode and effect analysis. IEEE Trans Reliab
2015;64:869–77.
77
Reliability Engineering and System Safety 173 (2018) 64–77
[177] Liu H-C, You J-X, Duan C-Y. An integrated approach for failure mode and effect
analysis under interval-valued intuitionistic fuzzy environment. Int J Prod Econ
2017 In Press.
[178] Duan R, Fan J. Dynamic diagnosis strategy for redundant systems based on relia-
bility analysis and sensors under epistemic uncertainty. J Sens 2015;1–14.
[179] Abdo H, Flaus J. Monte Carlo simulation to solve fuzzy dynamic fault tree. IFAC–
PapersOnLine 2016;49:1886–91.
[180] Eldred MS, Swiler LP, Tang G. Mixed aleatory-epistemic uncertainty quantification
with stochastic expansions and optimization-based interval estimation. Reliab Eng
Syst Saf 2011;96:1092–113.
[181] Helton JC, Johnson JD. Quantification of margins and uncertainties: alternative
representations of epistemic uncertainty. Reliab Eng Syst Saf 2011;96:1034–52.