Professional Documents
Culture Documents
FaultAndEventTree PDF
FaultAndEventTree PDF
Refaul Ferdous,1 Faisal Khan,1,∗ Rehan Sadiq,2 Paul Amyotte,3 and Brian Veitch1
Quantitative risk analysis (QRA) is a systematic approach for evaluating likelihood, conse-
quences, and risk of adverse events. QRA based on event (ETA) and fault tree analyses
(FTA) employs two basic assumptions. The first assumption is related to likelihood values of
input events, and the second assumption is regarding interdependence among the events (for
ETA) or basic events (for FTA). Traditionally, FTA and ETA both use crisp probabilities;
however, to deal with uncertainties, the probability distributions of input event likelihoods
are assumed. These probability distributions are often hard to come by and even if avail-
able, they are subject to incompleteness (partial ignorance) and imprecision. Furthermore,
both FTA and ETA assume that events (or basic events) are independent. In practice, these
two assumptions are often unrealistic. This article focuses on handling uncertainty in a QRA
framework of a process system. Fuzzy set theory and evidence theory are used to describe
the uncertainties in the input event likelihoods. A method based on a dependency coeffi-
cient is used to express interdependencies of events (or basic events) in ETA and FTA. To
demonstrate the approach, two case studies are discussed.
KEY WORDS: Event tree analysis (ETA); fault tree analysis (FTA); interdependence; likelihoods;
quantitative risk analysis (QRA); uncertainty
86 0272-4332/11/0100-0086$22.00/1
C 2010 Society for Risk Analysis
Fault and Event Tree Analyses for Process Systems Risk Analysis 87
ETA. The interdependencies among the events (or ministic and probabilistic approaches in QRA for the
basic events) are described by incorporating a de- process system. The event and fault trees for these
pendency coefficient into the fuzzy- and evidence- two examples were earlier studied, respectively, in
theory-based formulations for FTA/ETA. Expert Lees(11) and Skelton.(26) The deterministic approach
judgment/knowledge can be used to quantify the provides a quick analysis if the probabilities are
unknown or partially known likelihood and depen- known accurately.(10) Based on assigned probabili-
dency coefficient of the events (or basic events). ties (Fig. 1 and Table II), the frequency of outcome
events for “liquefied petroleum gas (LPG) release
event tree” and the probability of top event for “run-
2. FTA AND ETA IN PROCESS SYSTEMS away reaction fault tree” are calculated as crisp val-
The traditional fault and event trees can be an- ues (Table III). In the probabilistic approach, trian-
alyzed either deterministically or probabilistically. gular PDFs are assumed to perform MCS (N = 5,000
The deterministic approach uses the crisp probability iterations) and the PDFs for the outcome events’ fre-
of events (or basic events) and determines the prob- quency and the top event probability are determined
ability of the top event and the frequency of outcome based on this assumption. The 90% confidence inter-
events in the fault and event trees, respectively. The vals for the outcome events of the “LPG event tree”
probabilistic approach treats the crisp probability as and top event of “runaway reaction fault tree” are
a random variable and describes uncertainty using summarized in Table IV and Fig. 3, respectively.
probability density functions (PDF).(10,20,23) Tradi-
tionally, the probabilistic approach uses Monte Carlo 3. UNCERTAINTY IN FTA AND ETA
simulation (MCS) to address the random uncertainty
in the inputs (i.e., probability of basic events or FTA and ETA require probability data of events
events) and propagate the uncertainty for the out- (or basic events) as inputs to conduct a compre-
puts.(25) The PDFs for the inputs can be derived hensive QRA for a process system. Since most of
from historical information, but are often rare, espe- the time the crisp data as well as PDFs are rarely
cially when the process system comprises thousands available for all events and basic events, experts’
of components.(18) judgment/knowledge are often employed as an al-
With an assumption that the events (or basic ternative to the objective data.(13) Two types of un-
events) are independent, deterministic and proba- certainties, namely, aleatory and epistemic uncertain-
bilistic approaches use the equations in Table I to ties, are usually addressed while using the expert’s
analyze the fault and event trees. Pi denotes the knowledge in QRA.(10,27,28) Aleatory uncertainty is a
probability of ith (i = 1, 2, 3, . . . , n) events (or natural variation, randomness, or heterogeneity of a
basic events), POR and PAND, respectively, denote physical system. It can be well described using prob-
the “OR” and “AND” gate operations, and λi de- abilistic methods if enough experimental data are
notes the frequency for the initiating event and the available to support the analysis.(29) Epistemic un-
outcome events. certainty means ambiguity and vagueness, ignorance,
Two examples—an event tree for “LPG release” knowledge deficiency, or imprecision in system
(Fig. 1) and a fault tree for “runaway reaction” behaviors.
(Fig. 2)—are considered to illustrate the use of deter- In QRA, it is important to characterize, repre-
sent, and propagate the uncertainty accurately in or-
der to get a reliable analysis. However, when the
Table I. Equations Used in Traditional Fault Tree Analyses and
input PDFs are “reasonably known,” MCS can be
Event Tree Analyses
used to estimate and propagate the uncertainties,
QRA Method Equation especially two dimensional MCS, which can effec-
tively deal with both aleatory and epistemic uncertain-
n
ETA λi = λ × Pi ties (not discussed here).(30) If knowledge is limited
i=1 for definition of the PDFs, probabilistic approaches
n
might not be the best choice to handle the uncer-
FTA POR = 1 − (1 − Pi )
tainty in QRA.(31) In addition, the independence as-
i=1
n sumption of events (or basic events) might be conve-
PAND = Pi
nient to simplify the FTA or ETA; however, it is not
i=1
always true for all cases.(14) This assumption in fact is
Fault and Event Tree Analyses for Process Systems Risk Analysis 89
P6 B Fireball
Fig. 1. Event tree for LPG release. λ=0.68×10-4 (1-P2)=0.9
Events/Yr P4=0.9 Vapor cloud
P7 C (Dependent on
P3=0.4 wind direction)
P8 D LPG vapor
(1-P4)=0.1 (From DAP source)
(1-P1)=0.1
P9 E LPG vapor
(1-P3)=0.6 (From release point)
Runaway reaction
(N-4)
G1
G4
BE4 BE5
Table II. Basic Events Causing the Runaway Reaction adding other kind of uncertainty, that is, the depen-
dency uncertainty, during the analyses. Vesely et al.(3)
Probability of
Symbol Basic-Event Basic Event
show several cases of FTA where the independent
assumptions of basic events are not valid.
BE1 Pump fails 0.2 Fuzzy set and evidence theories have recently
BE2 Line block 0.01 been used in many engineering applications where
BE3 No cooling water 0.1
expert knowledge is employed as an alternative to
BE4 Low coolant flow 0.01
BE5 High temp 0.01 crisp data or PDFs.(12,23,28,29,32) Fuzzy set theory
BE6 Dump valve fails 0.001 is used to address the subjectivity in expert judg-
ment, whereas the evidence theory is more promptly
90 Ferdous et al.
Table III. Deterministic Results for Fault Tree Analyses and Event Tree Analyses
Table IV. Frequency Determination of Outcome Events Using In this article, the probabilities of events (or basic
Monte Carlo Simulation events) and their dependency coefficients are treated
90% Confidence Interval as fuzzy numbers or basic probability assignments
(bpas), which are derived through expert knowl-
Outcome Lower Bound Upper Bound Median
edge. Fuzzy set and evidence theories along with de-
Events (5th Percentile) (95th Percentile) (50th Percentile)
pendency coefficients, are used to explore the data
A 1.958E-06 1.024E-05 6.100E-06 and dependency uncertainty in ETA/FTA. The fuzzy
B 4.935E-05 6.090E-05 5.512E-05 numbers in fuzzy set theory describe linguistic and
C 7.353E-07 4.151E-06 2.443E-06 subjective uncertainty while bpas in evidence theory
D 3.057E-10 5.467E-07 2.736E-07
E 1.300E-06 6.850E-06 4.080E-06
are used to handle ignorance, incompleteness, and in-
consistency in expert knowledge. A generic frame-
work is shown in Fig. 4 illustrating the use of fuzzy
set theory and evidence theory to handle two differ-
ent kinds of uncertainties in FTA and ETA. The fol-
employed in handling the uncertainty that arises due
lowing sections describe the fuzzy set theory and the
to ignorance, conflict, and incomplete information.
evidence theory with respect to handling uncertain-
In addition, to describe the dependency uncertainty
ties.
among the basic events in FTA, Ferson et al.(14) de-
scribed the Frank copula and Frechet’s limit. For
known dependency, the Pearson correlation in the
4. FUZZY SET THEORY
Frank copula describes the full range of depen-
dencies; that is, from perfect dependence to oppo- Zadeh(33) introduced fuzzy sets, which have re-
site dependence.(12) Li(24) proposed a dependency cently been applied where probability theory alone
factor-based fuzzy approach to address the depen- was found insufficient to represent all types of un-
dencies in performing risk analysis. Li(24) uses fuzzy certainties. Fuzzy set theory is flexible in describing
numbers to define the dependency factor among linguistic terms as fuzzy sets, hedges, predicates, and
basic events. quantifiers.(34) Fuzzy set theory is an extension of
1.0
0.95
Mean 0.0001366
0.8 StDev 0.00005728
N 5000
Probability
0.6
0.5
Fig. 3. 90% confidence interval for top
0.4 event probability.
0.2
0.05
0.0
Identification
Initiating event, precursor events for event tree and
the top event, basic events for the fault tree
Quantitative evaluation
Estimates the likelihood of the output parameters for
FTA and ETA (i.e., outcome events and top-event)
Fig. 4. Framework for fault tree analyses and event tree analyses under uncertainty.
traditional set theory, which represents imprecise convex). Generally, triangular or trapezoidal fuzzy
values as fuzzy numbers and characterizes the un- numbers (TFN or ZFN) are used for representing lin-
certainty using a continuous membership function guistic variables.(18,21,35,36) In this study, we used tri-
(μ). angular fuzzy numbers (TFN) in which the fuzzy in-
tervals are derived using α-cuts. Fig. 5 shows a TFN
in which fuzzy intervals are estimated using Equation
4.1. Fundamentals (1). The values pL , pm , and pR below represent the
minimum, most likely, and maximum values, respec-
Fuzzy numbers are used to describe the vague-
tively, in an interval P̃α :
ness and subjectivity in expert judgment through a
relationship between the uncertain quantity p (e.g., P̃α = [ pL + α( pm − pL), pR − α( pR − pm)]. (1)
event or basic event probability) and a member-
ship function μ that may range between 0 and 1. Fuzzy set theory uses the fuzzy arithmetic opera-
Any shape of a fuzzy number is possible, but the tions based on α-cut formulation to manipulate fuzzy
selected shape should be justified by available in- numbers.(24,37,38) Traditional fuzzy arithmetic oper-
formation (but it should be normal, bounded, and ations assume that the events (or basic events) are
92 Ferdous et al.
n
ETA Frequency estimation λi = λ × ( piαL, piαR)
i=1
n
n
P̃1 × P̃2 pαL = piαL; pαR = piαR
i=1 i=1
n n Table V. Traditional α-Cut-Based Fuzzy
P̃1 + P̃2 pαL = piαL; pαR = piαR Arithmetic Operations
i=1 i=1
n
n
FTA “OR” gate pαL =1− (1 − piαL); pαR = 1 − (1 − piαR)
i=1 i=1
n
n
“AND” gate pαL = piαL; pαR = piαR
i=1 i=1
Fault and Event Tree Analyses for Process Systems Risk Analysis 93
VL ML L M RH H MH VH
1.0
0.0
0 0.045 0.05 0.1 0.15 0.35 0.4 0.5 0.55 0.6 0.65 0.856 0.9 0.95 0.955
Maximum
Linguistic Minimum Bound
Grade Description (CdL ) (CdU )
Table VI. Scale to Categorize the P Perfect dependence between the events 1.000 1.000
Interdependence Among the Basic VS Very strong dependence, but not fully dependent 0.800 0.995
Events/Events S Strong dependence, but not too strong 0.450 0.850
W Weak dependence, but not too weak 0.150 0.500
VW Very weak dependence, but not fully independent 0.005 0.200
I Perfect independence between the events 0.000 0.000
are representing the TFNs boundary for the depen- the obtained fuzzy numbers for the event tree and
dency coefficients. fault tree outputs:(41)
μ P ( P̃) · P̃
4.2.2. Determination of Likelihood of Outcome Pout = . (2)
μ P ( P̃)
Event and Top Event as a TFN
The dependency coefficient Cd defines the de-
pendence of the events (or basic events) at each node 5. EVIDENCE THEORY (EVIDENTIAL
of a fault and event tree (Table VI). The modified REASONING)
fuzzy arithmetic with the empirical relation for FTA Multisource knowledge can provide more reli-
and ETA are described in Table VII, where Cd ≈ 1 able information about the probability of events (or
refers to perfect dependence and Cd ≈ 0 refers to basic events) than a single source. Knowledge can
complete independence among the event (or basic never be absolute as it is socially constructed and ne-
events). gotiated and often suffers incompleteness and con-
flict.(42) Evidence theory has alternatively been used
4.2.3. Defuzzification in many applications, especially when the uncertainty
is due to ignorance and incomplete knowledge.(43,44)
Defuzzification transforms the fuzzy number The main advantages of evidence theory are:
into a crisp value.(39) The crisp value is useful in eval-
(1) Individual belief, including complete igno-
uating the rank of outcome events’ frequency for
rance, can be assigned.
ETA and calculating the contribution of basic events
(2) An interval probability can be obtained for
leading to the top event FTA. A number of defuzzi-
each uncertain parameter.
fication methods, including max membership prin-
(3) Multisource information can be combined
ciple, centroid method, weighted average method,
that helps to avoid bias due to some specific
mean max membership, center of sums, center of
source.(45)
largest area, and first (or last) of maxima, are avail-
able in the literature.(39−41) The weighted average
5.1. Fundamentals
method is comparatively easy and computationally
efficient to implement.(34,41) The following equation Evidence theory was first proposed by Demp-
for the weighted average method is used to defuzzify ster and later extended by Shafer. This theory is
94 Ferdous et al.
n
ETA Frequency estimation λi = λ × ( piαL, piαR)
i=1
P̃1 × P̃2 pαL = [1 − (1 − CdL
α α
)(1 − p1L α
)] × p2L
α α α α
Table VII. Modified α-Cut-Based Fuzzy
pR = [1 − (1 − Cd R)(1 − p1R)] × p2R Arithmetic Operations
α
α
α α
FTA P̃1 “OR” P̃2 pL = 1 − (1 − p1L) × 1 − (1 − CdL) × p2L
pαR = 1 − (1 − p1R
α ) × 1 − (1 − C α ) × pα
dR 2R
P̃1 “AND” P̃2 pαL = 1 − (1 − CdL α α
) × p1L α
× p2L
α
α α
α
pR = 1 − (1 − Cd R) × p1R × p2R
also known as Dempster-Shafer Theory (DST).(24,45) the set m() = m(T, F) = 0.1. This is because, the
DST uses three basic parameters, that is, basic prob- unassigned bpa is taken as ignorance, which is usu-
ability assignment (bpa), belief measure (Bel), and ally represented by the subset m{}.(43)
plausibility measure (Pl) to characterize the uncer-
tainty in a belief structure.(32,36,46) The belief struc-
5.1.3. Belief Measure
ture represents a continuous interval [belief , plausi-
bility] for the uncertain quantities in which the true The belief (Bel) measure, sometimes termed as
probability may lie. Narrow belief structures are rep- the lower bound for a set pi , is defined as the sum
resentative of more precise probabilities. The main of all the bpas of the proper subsets pk of the set of
contribution of DST is a scheme for the aggregation interest pi , that is, pk ⊆ pi . The relationship between
of multisource knowledge based on individual de- bpa and belief measure is written as:
grees of belief.
Bel( pi ) = m( pk). (4)
pk ⊆ pi
5.1.1. Frame of Discernment (FOD)
The belief measures in the above example are
FOD is defined as a set of mutually exclusive given by:
elements that allows having a total of 2|| subsets in a
power set (P), where || is the cardinality of an FOD. Bel(T) = m(T) = 0.8; Bel(F) = m(F) = 0.1
For example, if = {T, F}, then the power set (P) and
includes four subsets, that is, { (a null set), {T}, {F},
and {T, F}}, as the cardinality is two. Bel(T, F) = m(T) + m(F) + m(T, F) = 1.0.
5.1.5. Rule of Combination for Inference Table VIII. Determination of Belief Structure of an Event Using
Different Combination Rules
The combination rules allow aggregating the in-
dividual beliefs of experts and provide a combined {T} {F} {T, F}
m1 m2 0.60 0.30 0.10
belief structure. The Dempster & Shafer (DS) com-
bination rule is the fundamental for all combina- {T} 0.80 {T} = 0.48 {} = 0.24 {T} = 0.08
tion rules. Many modifications of the DS rule of {F} 0.10 {} = 0.06 {F} = 0.03 {F} = 0.01
combination have been reported. The most common {T, F} 0.10 {T} = 0.06 {F} = 0.03 {T, F} = 0.01
modifications include those by Yager, Smets, Ina- k 0.30
m1 ( pa )m2 ( pb ) 0.62 0.07 0.01
gaki, Dubois and Prade, Zhang, Murphy, and more
pa ∩ pb = pi
recently by Dezert and Smarandache.(43) Detailed m1−2 (DS) 0.89 0.1 0.014
discussions on these rules can be found in Dezert m1−2 (Yager) 0.62 0.07 0.31
and Smarandache.(47) In this study, DS and Yager Belief Structure
combination rules are discussed in detail and used Rules of
in developing the evidence-theory-based approach Combination Bel (T) Pl (T) Bel (F) Pl (F)
for FTA and ETA. DS combination rule: The DS DS rule 0.89 0.90 0.10 0.11
combination rule uses a normalizing factor (1−k) to Yager rule 0.62 0.93 0.07 0.38
develop an agreement among the acquired knowl-
edge from multiple sources, and ignores all conflict-
ing evidence through normalization. Assuming that
the knowledge sources are independent, this combi- cases (i.e., higher k value), it provides more stable
nation rule uses the AND-type operator (product) and robust results than the DS combination rule:(10)
for aggregation.(43) For example, if the m1 (pa ) and m1−2 ( pi ) =
m2 (pb ) are two sets of evidence for the same event ⎧
⎪
⎪ 0 for pi =
collected from two different experts, the DS combi- ⎪
⎪
⎪
⎪
nation rule uses the following relation to combine the ⎨ m1 ( pa ) × m2 ( pb) for pi =
evidence: pa ∩ pb = pi .
⎧ ⎪
⎪
for pi = ⎪
⎪
⎪
⎪0 ⎪
⎪ m1 ( pa ) × m2 ( pb) + k for pi =
⎪
⎨ ⎩
pa ∩ pb = pi
m1−2 ( pi ) = m1 ( pa ) × m2 ( pb) . (8)
⎪
⎪ ∩
⎪
⎩
pa pb= pi
for pi = In the above example, if we assume another
1−k expert reports new evidence for the same event:
(6) m ({T}) = 0.6, m ({F}) = 0.3 and m ({T, F}) =
In the above equation, m1−2 (pi ) denotes the 0.1. Both bodies of evidence are combined using
combined knowledge of two experts for the event, DS and Yager combination rules. The aggrega-
and k measures the degree of conflict between the two tion of the knowledge is performed using Equa-
experts, which is determined by the factor k: tions (6) and (8). Equations (3) and (4) are used
to obtain the combined belief structure of the event
k= m1 ( pa ) × m2 ( pb). (7) (Table VIII ).
pa ∩ pb =
describe the steps of the evidence-theory-based ap- assigned to particular subsets of each FOD. How-
proach to analyze the event tree/fault tree under un- ever, for the dependency coefficient, experts’ knowl-
certainties. edge is collected only for the subsets {P}, {VS}, {S},
{W}, {VW}, {I}, and {}. The bpas for each subset
5.2.1. Definition of FODs individually represent the degree of belief of each ex-
pert, and implicitly, it represents the total evidences
Three different FODs for three uncertain quan- that support the probability of occurrence of an event
tities in FTA and ETA, including the probability of (or a basic event) and a dependency coefficient (Cd ).
events, the probability of basic events, and the de-
pendency coefficient (Cd ), are used to acquire the be- 5.2.3. Belief Structure and Bet Estimation
lief masses from different experts. The subsets for the
FODs are generated based on the cardinality of each The combination rules allow merging the knowl-
FOD (). edge from different sources as coherent evidence.
Traditionally, the consequences of events in These rules help to account for ignorance in knowl-
ETA are dichotomous, that is, {T} and {F}. There- edge and resolve conflicts among the sources. The
fore, the FOD for ETA is defined as {T, F}, which DS (Equation (6)) or Yager (Equation (8)) combi-
leads to four subsets in a power set (P) that includes nation rules are used in this study to aggregate col-
{, {T}, {F}, {T, F}}. lected knowledge from different sources. Equations
The operational state of a system is usually de- (4) and (5) are then used to derive the belief and
fined on the basis of evaluating the success (S) or fail- plausibility measure for the probability and depen-
ure (F) state of basic components.(3,5,6) Hence, the dency coefficients of events (or basic events). The
occurrence probability of a basic event in FTA can belief and plausibility measure for six kinds of de-
be described using the FOD = {S, F}. As the car- pendencies (in each node of FTA or ETA) are nor-
dinality is two for the FOD, the power set (P) of each malized to attain a generalized belief structure. Infor-
event comprises four subsets, which includes {, {S}, mation in Table VI, which represents the belief and
{F}, {S, F}}. plausibility for each kind of dependency, is used for
Six qualitative grades of dependency are cate- normalizing the belief structure of dependency coef-
gorized in this study to describe interdependences ficient for each node. Subsequently, equations shown
through dependency coefficients for FTA or ETA. in Table IX are used to estimate the likelihoods of
The notations of these grades are: Independent (I); outcome events and top event for the ETA and FTA,
Very Weak (M); Weak (W); Strong (S); Very Strong respectively.
(VS); and Perfect dependence (P). The FOD for this “Bet” provides a point estimate in belief struc-
case consists of six cardinal elements, which is repre- ture (similar to defuzzification), which is often used
sented by = {P, VS, S W, VW, I}. to represent the crisp value of the final events. It is
estimated based on the following equation:
5.2.2. Assignment of bpas to Basic Events/Events m( pi )
Bet(P) = , (9)
The bpas or belief masses for the events (or ba-
p ⊆P
| pi |
i
sic events) and the dependency coefficients (Cd ) are
elicited using the experts’ knowledge. Assuming that where |pi | is the cardinality in the set pi . For example,
the knowledge sources are independent, the bpas are the “Bet” estimate for the belief structure obtained
n
ETA Frequency λi = λ × [Bel(Pi ), Pl(Pi )]
estimation i=1
P1 × P2 Bel(Pout ) = 1 − (1 − Bel(Cd) × (1 − Bel(P 1 ) × Bel(P2 ) Table IX. Equations to Analyze the
Pl(Pout ) = 1 − (1 − Pl(Cd ) × (1 − Pl(P1 ) × Pl(P2 ) Event and Fault Trees
FTA P1 “OR”P2 Bel(Pout ) = 1 − {(1 − Bel(P1 )} × 1 − (1 − Bel(Cd ) × Bel(P 2)
Pl(Pout ) = 1− {(1 − Pl(P1 )} × 1 − (1 − Pl(Cd ) × Pl(P2 )
P1 “AND”P2 Bel(Pout ) = 1 − (1 − Bel(Cd) × (1 − Bel(P 1 ) × Bel(P2 )
Pl(Pout ) = 1 − (1 − Pl(Cd ) × (1 − Pl(P1 ) × Pl(P2 )
Fault and Event Tree Analyses for Process Systems Risk Analysis 97
using the DS combination rule is calculated as: probability of events (or basic events) and their de-
m(T) m(T, F) 0.89 0.01 pendency coefficients (Cd ) are defined using TFNs.
Bet(PT ) = + = + = 0.895. The frequency for the outcome events are then esti-
1 2 1 2
mated using the α-cut-based fuzzy formulations de-
The denominators “1” and “2” represent the car- veloped in Table VII. For example, the path lead-
dinality in the respective subsets. ing to the outcome event “A” is followed by the
two events. The probability and the coefficient of de-
pendency (Cd ) of these two events are linguistically
6. APPLICATION OF DEVELOPED
expressed, which are, respectively, assumed to be
APPROACHES
“Moderately Low (ML),” “Moderately High (MH),”
The same examples (“LPG release event tree” and “Strong (S).” The assigned linguistic expressions
and “runaway reaction fault tree”) discussed earlier for these two events are converted into TFNs (based
in Section 2 are studied in detail here using both on Fig. 6 and Table VI). The TFN for the outcome
fuzzy-based and evidence theory-based approaches. event “A” (shown in Fig. 8) is derived using the em-
pirical equations described in Table VII. Using nu-
merous trials for event dependency at each node of
6.1. LPG Release—Event Tree Analysis the LPG event tree, the uncertainty ranges (i.e., fuzzy
6.1.1. Fuzzy-Based Approach interval) for the outcome event “A” are estimated
(shown in Fig. 9). It can be observed that the uncer-
The revised event tree with fuzzy probabilities is tainty ranges are varied according to the change of
illustrated in Fig. 7. In the fuzzy-based approach, the event dependency at each node of the event tree.
ML Vapor cloud
P5 A (Independent of
wind direction)
MH
N-2
P6 B Fireball
λ=0.68×10-4
Fig. 7. Event tree with fuzzy linguistic event/yr MH
MH Vapor cloud
grades. N-1 P7 C (Dependent on
wind direction)
L
N-4
LPG vapor
P8 D
(From DAP
N-3 ML
ML source)
P9 E LPG vapor
H (From release
point)
~ ~ ~
1.0 ML A = P1α × P2α MH
~
P2α ~
P1α
Fig. 8. Triangular fuzzy numbers of μ P~
α
outcome event “A” with “strong”
dependency. 0.5
0.0
0.045 0.15 0.46 0.76 0.85 0.955
98 Ferdous et al.
0.8
Membership function
0.6
0.2
0.0
1.00E-06 1.10E-05 2.10E-05 3.10E-05 4.10E-05 5.10E-05 6.10E-05 7.10E-05
6.1.2. Evidence-Theory-Based Approach bility and dependency coefficients of events for the
ETA. Table XI lists the belief structures of events
To demonstrate the evidence-theory-based ap-
and dependency coefficients for the LPG release
proach, experts’ knowledge from two unbiased and
event tree (Fig. 1). These belief structures and the
independent sources is considered for determining
equations in Table IX are used to derive the belief
the probability as well as the dependency coefficients
structures for the outcome events of LPG release.
of events for ETA. The elicited knowledge from the
Two different kinds of dependence, that is, indepen-
sources is shown in Tables X(a) and X(b).
dent and dependent, are considered while estimat-
DS and Yager combination rules are used to ag-
ing the belief structures for the outcome events. The
gregate and determine the belief structures of proba-
Expert 1 (m1 ) N-1 0.15 0.00 0.30 0.10 0.00 0.00 0.45
N-2 0.00 0.30 0.20 0.00 0.10 0.00 0.40
N-3 0.40 0.00 0.20 0.00 0.00 0.20 0.20
N-4 0.50 0.20 0.00 0.00 0.00 0.20 0.10
Expert 2 (m2 ) N-1 0.30 0.00 0.20 0.15 0.00 0.00 0.35
N-2 0.20 0.30 0.00 0.00 0.00 0.15 0.35
N-3 0.00 0.20 0.40 0.00 0.20 0.00 0.20
N-4 0.00 0.30 0.40 0.00 0.20 0.00 0.10
N-1 0.30 0.00 0.20 0.15 0.00 0.00 0.35
Fault and Event Tree Analyses for Process Systems Risk Analysis 99
Table XI. Belief Structures for the Probability and Interdependence of Events
P VS S W VW I
Interdependence of Events
Independent Dependent
results are presented in Table XII. An order of mag- The difference of using the DS and Yager com-
nitude difference is observed in the “Bet” estimation bination rules is shown in Fig. 10. In the figure, differ-
for the outcome event “E.” This difference signifies ent kinds of dependencies are labeled on the x-axis.
the importance of defining the dependency relation- The belief and plausibility measure for each kind of
ships in ETA. dependency is plotted on the y-axis. The minimum
100 Ferdous et al.
DS rule of combination
4.000E-06
Pl(A)
Bel(A)
3.000E-06
Belief structure
2.000E-06
1.000E-06
0.000E+00
I W S VS P
Interdepence of events
Fig. 10. Belief structure representing the
frequency for outcome event “A.”
Yager rule of combination
1.400E-05
Pl(B)
1.200E-05 Bel(A)
1.000E-05
Belief structure
8.000E-06
6.000E-06
4.000E-06
2.000E-06
0.000E+00
I W S VS P
Interdepence of events
and maximum values presented in Table VI are con- 6.2. Runaway Reaction—FTA
sidered as the belief structure of dependency coeffi-
6.2.1. Fuzzy-Based Approach
cient for each kind of dependency. The shaded areas
in Fig. 10 represent the belief and plausibility mea- To demonstrate the fuzzy-based approach for
sures for the outcome event “A.” These areas show FTA, the probability of basic events and their de-
that the Yager combination rule measures a large be- pendencies are defined using expert linguistic expres-
lief structure in comparison to the DS combination sions. The linguistic expressions are converted into
rule. Hence, an interpretation can be made that the TFNs. The linguistic expressions and the correspond-
Yager combination rule yields more conservative re- ing TFNs are given in Table XIII. A total of seven
sults (i.e., a larger belief structure) in the context of different trials and the fuzzy arithmetic operations
existing high conflicts in the sources. (described in Table VII) are used to evaluate the
Fault and Event Tree Analyses for Process Systems Risk Analysis 101
Table XIII. Expert’s Knowledge on the Probability of tainty. Contrary to trial 1, when the events are as-
Basic Events sumed independent, the top event probability bears
Event Linguistic Variable TFNs the smallest uncertainty.
1
Fig. 11. Uncertainty representation for T-1
top event using different trials. 0.9
T-4
0.8 T-5
T-7
0.7
Uncertainty
0.6
0.5
0.4
0.3
0.2
0.1
0
0.000 0.050 0.100 0.150 0.200 0.250 0.300 0.350 0.400
Table XIV. Multisource Knowledge for the Probability of analytically or controlled in any conventional sense.
Basic Events Moreover, relationships between causes and effects
Expert 1 (m1 ) Expert 2 (m) in these systems are often not well understood
but can be expressed empirically. Typical complex
Basic Event {F} {S} {SF} {F} {S} {SF} systems consist of numerous interacting factors or
BE1 0.150 0.750 0.100 0.250 0.650 0.100 concepts. These systems are highly nonlinear in
BE2 0.020 0.800 0.180 0.015 0.900 0.085 behavior and the combined effects of contributing
BE3 0.200 0.700 0.100 0.100 0.800 0.100 factors are often subadditive or superadditive. The
BE4 0.015 0.950 0.035 0.025 0.950 0.025 modeling of complex dynamic systems requires
BE5 0.015 0.900 0.085 0.010 0.980 0.010
methods that combine human knowledge and expe-
BE6 0.002 0.950 0.048 0.001 0.940 0.059
rience as well as expert judgment. When significant
S = success; F = failure. historical data exist, model-free methods such as ar-
tificial neural networks (ANN) can provide insights
into cause-effect relationships and uncertainties
then calculated by using the equations in Table IX. through learning from data.(4) But, if historical data
Table XV shows the belief structure and the “Bet” are scarce and/or available information is ambigu-
estimate of the top event for two combination rules. ous and imprecise, soft computing techniques can
A total of seven trials are performed using different provide an appropriate framework to handle such
assumptions of interdependence between the basic relationships and uncertainties. Such techniques
events. The belief structure for each kind of depen- include probabilistic and evidential reasoning
dence is defined in Table VI. Table XV indicates that (Dempster-Shafer Theory), fuzzy logic, and evo-
the uncertainty in calculating the belief structure and lutionary algorithms.(50) Table XVI provides a
“Bet” estimate varies accordingly with the change of qualitative comparison between five soft computing
interdependence at different nodes. techniques, including ANN, decision trees (DT),
fuzzy rule-based models (FRBM), Bayesian net-
works (BN), and cognitive maps/fuzzy cognitive
7. UNCERTAINTY-BASED FORMULATIONS maps (CM/FCM). Central to this comparison is an
FOR FTA AND ETA: A COMPARISON assessment of how each technique treats inherent
The level of uncertainty associated with a system uncertainties and its ability to handle interacting
is proportional to its complexity, which arises as factors that encompass issues specific to engineering
a result of vaguely known relationships among systems.(50)
various entities, and randomness in the mechanisms Qualitative and quantitative comparisons have
governing the domain. Sadiq et al.(50) described com- been performed in this section to investigate the
plex systems such as environmental, sociopolitical, features and uncertainty handling abilities of dif-
engineering, or economic systems, which involve ferent tools and the proposed approaches for FTA
human interventions, and where vast arrays of and ETA. The qualitative comparison presented in
inputs and outputs could not all possibly be captured Table XVII illustrates that most of the tools such
Table XV. Belief Structures and “Bet” Estimations of Top Event for Different Trails
Trials (T) N-1 N-2 N-3 N-4 Bel Pl Bet Bel Pl Bet
Fuzzy Cognitive
Rule- Artificial Maps/Fuzzy
Decision Based Neural Bayesian Cognitive
Attributes Tree Models Networks Networks Maps
systems.
c Can manage networks but cannot handle feedback loops; therefore referred to as directed
neuro-fuzzy models.
n Has a potential to be used with other soft techniques.
as Relex V7.7,(51) RAM Commander 7.7(52) , and owing to ignorance or incompleteness of an expert’s
PROFAT(53) are unable to handle dependency un- knowledge.
certainty. Except for PROFAT, the other tools can- Another type of uncertainty arises due to lack
not handle subjective uncertainty in the fault and of information on dependencies among events.
event trees for a system. PROFAT(53) is a fuzzy- Traditional FTA uses a default assumption of
based tool that can handle subjective uncertainty; “independence” among the risk events to determine
however, it fails to account for epistemic uncertainty the joint probability (risk) of a parent event. This
104 Ferdous et al.
RAM PROFAT
Relax Commander (Khan and Proposed
Uncertainty V7.7(51)a 7.7(52)a Abbasi, 1999)(53) Approach Table XVII. Qualitative Comparisons of
Proposed Approach with Available Fault
Subjective (fuzzy-based) NCb NC Cc C Tree Analyses/Event Tree Analyses
Incompleteness (evidence based) NC NC NC C Tools
Dependency NC NC NC C
aA commercial software.
b Not considered.
c Considered.
assumption simplifies the analysis, but may not be perts’ knowledge using bpa and is able to provide a
very realistic. The relationship between risk events measure of uncertainty using belief structures.
may be positively or negatively correlated (or in- Relax V7.7(51) and RAM Commander 7.7(52) are
dependent). In the case of two independent events two useful tools for reliability and safety engineer-
X and Y, the joint probability of their conjunction ing. The probability of top event for the “runaway
is simply a product of their individual probabili- reaction fault tree” and the frequency of outcome
ties.(12,14) There exist many different methods to ex- events for the “LPG release event tree” have been
press correlation (dependence) but the Frank model analyzed using these tools for the same input (Fig. 1
(copula) is the most common. and Table II). Results (Table XVIII) show that by in-
Simple dependency coefficient-based empirical troducing 10% uncertainty into the input data, these
relations (similar to Li approach(24) ) embedded two tools accumulated about 19% and 9% of uncer-
within the proposed approach can concurrently han- tainty on the calculated top event’s probability and
dle the dependency uncertainty in FTA and ETA. outcome event’s frequency of “B.” The original in-
The proposed approach successfully accounts for the put data (Fig. 1 and Table II) are reduced by 10%
subjective uncertainty using a membership function to introduce the uncertainty into the analysis. The
and evaluates the uncertainty range as a fuzzy in- traditional (probabilistic) methods used predefined
terval. The evidence-theory-based approach can de- PDFs to describe the uncertainty in the input data
scribe the epistemic and aleatory uncertainties in ex- (i.e., the probability of basic events or events in FTA
Table XVIII. Quantitative Comparison of Fault Tree Analyses/Event Tree Analyses Tools
Outcome Events No Uncertainty 10% Uncertainty No Uncertainty 10% Uncertainty No Uncertainty 10% Uncertainty
or ETA). When the crisp data or the PDFs for the Fuzzy linguistic grades were assigned to TFNs and
input data are not known or limited (a very common α-cut-based fuzzy empirical relations of the fuzzy-
situation in process systems), the FTA or ETA are based approach were used to handle the linguistic
highly dependent on expert knowledge. In these situ- and subjective uncertainty in expert knowledge. For
ations, traditional tools and probabilistic approaches multisource knowledge, the incomplete and incon-
are not helpful. This makes the FTA/ETA less sistent baps were combined by using combination
credible. Both fuzzy set theory and evidence the- rules. The dependency coefficients in evidence-
ory are not limited by availability of detailed data. theory-based empirical relations were used to de-
The results using both approaches are presented in scribe the dependency uncertainty and analyze the
Table XVIII. An expert knowledge and assumption fault tree and event tree under uncertainty due to in-
of independence among events (or basic events) are consistent, incomplete, and partial ignorance of mul-
used in calculating the top event probability and out- tisource knowledge.
come events frequency. In fuzzy-based approach, the The developed approaches were applied to two
uncertainty is assigned using the membership func- case studies: “LPG release event tree” and “runaway
tion. The TFNs corresponding to 90% membership reaction fault tree.” The interdependencies among
are considered as input data for the analysis. In the events (or basic events) were varied in each node
evidence-theory-based approach, the uncertainty is of the fault tree or event tree. The impacts of the in-
allocated through the unassigned mass (as ignorance) terdependencies were observed so as to understand
of the power set. For the 10% uncertainty in the ba- the effects of the dependencies of events (or basic
sic event probabilities, the evidence-theory-based ap- events) in FTA/ETA for process systems. For two de-
proach estimates about 9% and 8% uncertainties in pendence cases of basic events/events, independent
the response, that is, [2.55 × 10−4 , 3.16 × 10−4 ] and and perfectly dependent, the output results for the
[4.46 × 10−5 , 5.63 × 10−5 ], respectively. Similarly, the FTA and ETA are provided in Tables XIX and XX,
fuzzy-based approach measures less than 1% uncer- respectively. It can be observed in the first three rows
tainty results in the response (top event’s probabil- of Table XIX that the results remain almost the same.
ity as well as outcome event’s frequency “B.”) with However, when dependency was considered (fourth
corresponding fuzzy intervals of [7.38 × 10−3 , 1.01 × row in Table XIX), the results varied by an order of
10−2 ] and [5.47 × 10−5 , 5.60 × 10−5 ]. magnitude. This highlights the importance of depen-
dencies in ETA.
The results in Table XX are inconsistent mainly
8. RESULTS AND DISCUSSIONS
because of different types of uncertainties modeled
Two types of uncertainty, namely, data uncer- in the different approaches. The perfectly dependent
tainty and dependency uncertainty, were explored. case in FTA determines the probability range for the
Expert knowledge in terms of fuzzy linguistic grades top event as [0, 0.400], which is a maximum in com-
and bpas was used instead of assigning the likelihood parison to the independent case for representing the
and interdependencies of basic events/events as crisp uncertainty. It can also be observed in Table XX that
probabilities for FTA/ETA. The dependency coeffi- when the basic events are perfectly dependent, the
cient in each node of the fault tree and event tree point estimate (defuzzified value) of the top event
addressed the dependency uncertainty and described exhibits a higher ordered magnitude in compari-
the relationships among the basic events/events. son to the deterministic approach and MCS-based
Dependency Frequency of
Approach of Events Outcome Event “A”
approach. This confirms the significance of including Including the negative dependencies of events
the dependencies of the basic events in FTA. Similar (or basic events), and combining the subjectivity (us-
observations of using the evidence-theory-based ap- ing fuzzy-based approach) and incompleteness (ev-
proach for FTA/ETA (Tables XII and XV) confirm idence theory) into a single approach, for example,
that a reliable and robust result cannot be attained Fuzzy-Dempster-Shafer, may offer additional future
without considering the interdependencies of events improvement to the approaches developed here.
(or basic events).
ACKNOWLEDGMENTS
9. CONCLUSIONS The authors gratefully acknowledge the finan-
cial support provided by the Natural Sciences and
FTA and ETA are two fairly established tech-
Engineering Research Council of Canada (NSERC)
niques; however, the uncertainty in defining the
through the Strategic Grant Program.
probabilities and the relationships of events (or ba-
sic events) can lead to questionable results for QRA.
REFERENCES
The traditional approaches require the known proba-
bility and the independence assumption of events (or 1. Ferdous R, Khan F, Veitch B, Amyotte PR. Methodology for
basic events), which are rare and often unrealistic for computer aided fuzzy fault tree analysis. Process Safety and
Environmental Protection, 2009; 87(4):217–226.
process systems. Two different approaches to handle 2. Spouge J. A Guide to Quantitative Risk Assessment for Off-
these types of uncertainties in FTA and ETA are de- shore Installations. Aberdeen, UK: CMPT Publication, 1999.
rived in this study by combining expert knowledge 3. Vesely WE, Goldberg FF, Roberts NH, Haasl DF. Fault Tree
Handbook. Washington, DC: U.S. Nuclear Regulatory Com-
with fuzzy set theory and evidence theory. The appli- mission, 1981.
cation of these approaches to two different case stud- 4. Haasl DF. Advanced concepts in fault tree analysis. In Sys-
ies shows the proposed approaches are more robust tem Safety Symposium. Seattle, WA, Washington, DC: Boe-
ing Company, 1965.
to handle the uncertainty in QRA for the process sys- 5. Hauptmanns U. Fault tree analysis of a proposed ethylene va-
tems in the following ways: porization unit. Industrial & Engineering Chemistry Funda-
mentals, 1980; 19(3):300–309.
6. Hauptmanns U. Fault tree analysis for process industries en-
(1) Fuzzy-based approaches and evidence- gineering risk and hazard assessment. Pp. 21–59 in Kandel A,
theory-based approaches properly address Avni E (eds). Engineering Risk & Hazard Assessment, vol. 1.
the uncertainties in expert knowledge and an- Boca Raton, FL: CRC Press, 1988.
7. Kumamoto H, Henley EJ. Probabilistic Risk Assessment and
alyze the event trees or fault trees associated Management for Engineers and Scientists, 2nd ed. New York:
with different kinds of uncertainties in expert IEEE, 1996.
knowledge. 8. AIChE. Guidelines for Chemical Process Quantitative Risk
Analysis. New York: CCPS of the American Institute of
(2) Introduction of a dependency coefficient in Chemical Engineers, 2000.
the fuzzy- and evidence-theory-based ap- 9. Andrews JD, Dunnett SJ, Tu L. Event tree analysis using
proaches describes interdependencies among binary decision diagrams. IEEE Transactions on Reliability,
2000; 49(2):230–238.
the events (or basic events) in a fault 10. Ferdous R, Khan F, Sadiq R, Amyotte P, Veitch B. Handling
tree/event tree. data uncertainties in event tree analysis. Process Safety and
(3) The proposed approaches can be applied to Environmental Protection, 2009; 87(5):283–292.
11. Mannan MS. Lees’ Loss Prevention in the Process Indus-
FTA/ETA for any process systems that have tries: Hazard Identification, Assessment and Control, 3rd ed.
data and dependency uncertainties. Burlington: Butterworth-Heinemann, 2005.
Fault and Event Tree Analyses for Process Systems Risk Analysis 107
12. Sadiq R, Saint-Martin E, Kleiner Y. Predicting risk of water 32. Bae HR, Grandhi RV, Canfield RA. An approximation ap-
quality failures in distribution networks under uncertainties proach for uncertainty quantification using evidence theory.
using fault-tree analysis. Urban Water Journal, 2008; 5(4):287– Reliability Engineering & System Safety, 2004; 86(3):215–225.
304. 33. Zadeh LA. Fuzzy sets. Information and Control, 1965;
13. Yuhua D, Datao Y. Estimation of failure probability of oil and 8(3):338–353.
gas transmission pipelines by fuzzy fault tree analysis. Journal 34. Khan FI, Sadiq R. Risk-based prioritization of air pollution
of Loss Prevention in the Process Industries, 2005; 18(2):83– monitoring using fuzzy synthetic evaluation technique. Envi-
88. ronmental Monitoring and Assessment, 2005; 105(1):261–283.
14. Ferson S, Hajagos J, Berleant D, Zhang J, Tucker WT, 35. El-Iraki A, Odoom ER. Fuzzy probist reliability assessment
Ginzburg L, et al. Dependence in Dempster-Shafer Theory of repairable systems. Pp. 96–100 in Conference of the North
and Probability Bounds Analysis.: Sandia National Laborato- American Fuzzy Information Processing Society—NAFIPS
ries, 2004. (Cat. No.98TH8353), Pensacola Beach, FL: 1998.
15. Tanaka H, Fan LT, Lai FS, Toguchi K. Fault-tree analysis 36. Cheng YL. Uncertainties in fault tree analysis. Tamkang Jour-
by fuzzy probability. IEEE Transactions on Reliability, 1983; nal of Science and Engineering, 2000; 3(1):23–29.
32(5):453–457. 37. Lai FS, Shenoi S, Fan TL. Fuzzy fault tree analysis theory and
16. Misra KB, Weber GG. Use of fuzzy set theory for level-I stud- applications. Pp. 117–137 in Kandel A, Avni E (eds). Engi-
ies in probabilistic risk assessment. Fuzzy Sets and Systems, neering Risk & Hazard Assessment, vol. 1. Boca Raton, FL:
1990; 37(2):139–160. CRC Press, 1988.
17. Singer D. A fuzzy set approach to fault tree and reliability 38. Siler W, Buckley JJ. Fuzzy Expert Systems and Fuzzy Reason-
analysis. Fuzzy Sets and Systems, 1990; 34(2):145–155. ing. Hoboken, NJ: John Wiley & Sons. 2005.
18. Kenarangui R. Event-tree analysis by fuzzy probability. IEEE 39. Klir GJ, Yuan B. Fuzzy Sets and Fuzzy Logic: Theory and Ap-
Transactions on Reliability, 1991; 40(1):120–124. plications, 1st ed. Upper Saddle River, NJ: Prentice Hall PTR,
19. Sawyer JP, Rao SS. Fault tree analysis of fuzzy mechanical sys- 1995.
tems. Microelectronics Reliability, 1994; 34(4):653–667. 40. Ross T. Fuzzy Logic with Engineering Applications. New
20. Suresh PV, Babar AK, Raj VV. Uncertainty in fault tree York: McGraw-Hill, 1995.
analysis: A fuzzy approach. Fuzzy Sets and Systems, 1996; 41. Ross T. Fuzzy Logic with Engineering Applications, 2nd ed.
83(2):135–141. West Sussex, UK: John Wiley & Sons, 2004.
21. Rivera SS, Barón HH. Using fuzzy arithmetic in contain- 42. Ayyub BM. A Practical Guide on Conducting Expert-Opinion
ment event trees. In International Conference on Probabilistic Elicitation of Probabilities and Consequences for Corps Fa-
Safety Assessment, Washington, DC, 1999. cilities. Alexandria, VA: Institute for Water Resources, IWR
22. Huang D, Chen T, Wang MJJ. A fuzzy set approach for event Report 01-R-1, 2001.
tree analysis. Fuzzy Sets and Systems, 2001; 118(1):153–165. 43. Sadiq R, Najjaran H, Kleiner Y. Investigating evidential rea-
23. Wilcox RC, Ayyub BM. Uncertainty Modeling of Data and soning for the interpretation of microbial water quality in a
Uncertainty Propagation for Risk Studies. Pp. 184–191 in distribution network. Stochastic Environmental Research and
ISUMA ’03: Proceedings of the 4th International Symposium Risk Assessment, 2006; 21(1):63–73.
on Uncertainty Modelling and Analysis. Washington, DC: 44. Wang YM, Yang JB, Xu DL, Chin KS. On the combination
IEEE Computer Society, 2003. and normalization of interval-valued belief structures. Infor-
24. Li H. Hierarchical Risk Assessment of Water Supply Systems. mation Sciences: An International Journal, 2007; 177(5):1230–
PhD Thesis. Department of Civil and Building Engineering, 1247.
Loughborough University, Loughborough, UK, 2007. 45. Sentz K, Ferson S. Combination of Evidence in Dempster-
25. Abrahamsson M. Uncertainty in Quantitative Risk Analysis— Shafer Theory. Albuquerque, NH: Sandia National Labora-
Characterisation and Methods of Treatment. Sweden: Lund tories, Sandia Report No: SAND2002-0835, 2002.
University, Department of Fire Safety Engineering, Report 46. Lefevre E, Colot O, Vannoorenberghe P. Belief function com-
No: 1024, 2002. bination and conflict management. Information Fusion, 2002;
26. Skelton B. Process Safety Analysis: An Introduction. War- 3(2):149–162.
wickshire, UK: IChemE, 1997. 47. Smarandache F, Dezert J. Proportional conflict redistribution
27. Thacker BH, Huyse LJ. Probabilistic assessment on the basis rules for information fusion. P. 461 in Applications and Ad-
of interval data. Journal of Structural Engineering and Me- vances of DSmT for Information Fusion, vol. 2. Rehoboth,
chanics, 2007; 25(3):331–346. MA: American Research Press, 2004.
28. Ayyub BM, Klir GJ. Uncertainity modeling and analysis in en- 48. Zadeh LA. In Fehling M (ed). Reviews of Books. Pp. 81–83 in
gineering and the sciences. Pp. 1–381 in Bilal M, Ayyub GJK A Mathematical Theory of Evidence, vol. 5. Menlo Park, CA:
(eds). Uncertainity Modeling and Analysis in Engineering AI Magazine, 1984.
and the Sciences. Boca Raton, FL: Chapman and Hall/CRC, 49. Yager RR. On the Dempster-Shafer framework and new com-
2006. bination rules. Information Science, 1987; 41(2):93–137.
29. Agarwal H, Renaud JE, Preston EL, Padmanabhan D. Uncer- 50. Sadiq R, Kleiner Y, Rajani B. Proof-of-Concept Model to Pre-
tainty quantification using evidence theory in multidisciplinary dict Water Quality Changes in Distribution Pipe Networks (Q-
design optimization. Reliability Engineering & System Safety, WARP). Denver, CO: Water Research Foundation, 2009.
2004; 85(1–3):281–294. 51. Relex Reliability Software V7.7. Needham, MA: Relex Soft-
30. Baraldi P, Zio E. A combined Monte Carlo and possibilistic ware Corporation, 2003.
approach to uncertainty propagation in event tree analysis. 52. Reliability, Availability, Maintainability and Safety Software.
Risk Analysis, 2008; 28(5):1309–1326. Israel: Advanced Logistics Development (ALD) Ltd., 2009.
31. Druschel BR, Ozbek M, Pinder GF. Application of Dempster- 53. Khan FI, Abbasi SA. PROFAT: A user friendly system for
Shafer theory to hydraulic conductivity. In CMWR—XVI, probabilistic fault tree analysis. Process Safety Progress, 1999;
Conference Program, Copenhagen, Denmark, 2006. 18(1):42–49.