Professional Documents
Culture Documents
m.stoelinga@cs.ru.nl
1 Introduction
Fault trees. Fault trees (FTs) are a systematic, graphical tool used to identify
potential sources of failure in a system. By analyzing an FT, a designer can
identify potential failure paths, understand the impact of failures, and determine
the best measures to prevent them. A FT is a directed acyclic graph (DAG) that
consists of basic events (BEs) representing atomic failure events, intermediate
AND/OR gates whose activation depends on that of their children, and the root
representing system failure. The system fails when the root is activated. We
provide a brief overview of FTs in Sec.4
⋆
This research has been partially funded by ERC Consolidator grant 864075 CAESAR
and the European Union’s Horizon 2020 research and innovation programme under
the Marie Skłodowska-Curie grant agreement No. 101008233.
2 Dang et al.
2 Related work
Fuzzy fault tree analysis has been studied in a wide body of literature and re-
viewed in many works[11,12]. When vagueness arise, uncertain parameters can
be described as fuzzy numbers. Each BEs is then equiped with a fuzzy num-
ber/possibility. Fuzzy set theory was first introduced in fault tree analysis by
Tanaka et al.[16]. The main idea of using fuzzy theory is to express the ambigu-
ous parameters in triangular, or trapezoidal, or Left-Right type fuzzy numbers,
then calculate the fuzzy probability of the top event based on Zadeh’s principle
as in [16], or using α-cut fuzzy operators as in[8], or applying extended algebraic
operations on the L-R type fuzzy number as in[14].
In general, it is challenging to calculate the fuzzy probability of a top event.
This is because of the multiplication of fuzzy numbers. Nonlinear programming
of the operation is infeasible to implement in practice [17]. Multiplication of
trapezoidal or triangular numbers is often done using an estimation [16] which
results in a fuzzy number of the same type as the operands. An approximate an-
alytical algorithm for calculating fuzzy operations is L-R representation[6]. Also,
there is an approximate numerical approach [13] that applies the extension prin-
ciple to the discretised fuzzy numbers resulting in the discrete extended product.
This approach, however, lacks generality because the extended operation may
not result in convex numbers. Using α-cut representation and interval arithmetic,
DSW algorithm [17] provides an efficient way to calculate fuzzy operations. We
incorporate this method into our BU-algorithm.
3 Preliminary Theory
Fuzzy set theory was first introduced by L.A. Zadeh [19] in 1965. Since then it
has been used to deal with vague problems. We consider fuzzy elements that can
have a range of possible values. For an element x of a set X, the extent to which
x can be equal to x is expressed by the membership degree of x in x, which is
a value x[x] ∈ [0, 1]. By that, x[x] = 1 denotes full membership, while x[x] = 0
denotes no membership.
For instance, the failure probability of a BE may be given as a real number,
e.g. x = 0.3 ∈ R; but often the exact value is not known precisely, and can be
somewhere around 0.3. This can be represented by a fuzzy number x : R → [0, 1]
which is 0 everywhere except close to 0.3, and which has a maximum at 0.3 (see
Fig. 1).
4 Dang et al.
Fig. 1: (a) A non-fuzzy, ‘crisp’ element x = 0.3, (b) a fuzzy element x, expressing
uncertainty around 0.3, and (c) a trapezoidal fuzzy number trapa,b,c,d .
Our definition of fuzzy element is very general. Many works in the literature
restrict the form of the function x : X → [0, 1] to make computation more con-
venient, especially for X = R, i.e., for so-called fuzzy numbers. Thus there exist
triangular, trapezoidal, Gaussian, etc. fuzzy numbers [7].
x−a
b−a , if a < x ≤ b,
1, if b < x < c,
trapa,b,c,d [x] = d−x
, if c ≤ x < d,
d−c
0, otherwise.
multiple values x with f (x) = y. Each of these values x ∈ f −1 (y) have been
assigned a fuzzy value x. Zadeh’s extension principle takes the best value from
x ∈ f −1 (y), i.e. for which x[x] is maximal. For functions of multiple arguments
this works exactly the same.
The key problem with fuzzy operations is that for many common operations,
Zadeh’s extension principle destroys the shape of their operant. E.g. For example,
due to their non-linearity, the quotient of two trapezoidal fuzzy numbers is not
trapezoidal; the same is true for their product.
Some works approximate operations by a fuzzy number of the same type as
the operations. Such approximations yield outcomes that are easy to visualize,
but are not exact [3].
Definition 3. Let x ∈ F(X) and α ∈ [0, 1]. An α-cut or α-level x(α) of x equals
Example 2. The α-cuts of trapezoidal and guassian fuzzy number are given by:
(α)
trapa,b,c,d = [(b − a)α + a, d − (d − c)α]
(α) √ √
gaussm,d = m − d −2 ln α, m + d −2 ln α
The elements of the set of α-cut lie in the red interval shown in Fig. 2
6 Dang et al.
The following result shows that we can use these interval operations to cal-
culate Zadeh extensions, by describing the resulting fuzzy number in terms of its
α-cuts. Note that many existing fuzzy number types such as triangular, trape-
zoidal, Gaussian, satisfy its assumptions.
Lemma 1. Let x, y be two piecewise continuous, convex fuzzy numbers, and let
⋄ be an arithmetic operation in {+, −, ·}. Then the α-cuts of the fuzzy number
⋄y are given by
xe
Example 3. Consider two triangular fuzzy numbers tri1,2,3 , and tri3,4,6 . We wish
to calculate addition, subtraction, and multiplication of the two fuzzy numbers
using their α-cuts. We have the equation describing α-cuts of tri1,2,3 , and tri3,4,6 ,
(α) (α)
for any α ∈ [0, 1]: tri1,2,3 = [1 + α, 3 − α], and tri3,4,6 = [3 + α, 6 − 2α]
√
−2√+ 1 + x, if 3 ≤ x ≤ 8,
(tri1,2,3 e· tri3,4,6 )[x] = 6− 2 2x , if 8 < x ≤ 18, (2)
0, otherwise.
4 Fault trees
In this section, we briefly review the terminology of (static) fault trees. A more
comprehensive overview can be found, e.g., at [12].
Definition 5. [10] A fault tree is a tuple T = (V, E, t), where (V, E) is a rooted
directed acyclic graph, and t is a map t : V → {BE, OR, AND} such that t(v) = BE
if and only if v is a leaf for all v ∈ V .
The root of T is denoted RT . For a node v ∈ V , we let ch(v) be the set of
all children of v. The set of BEs (basic events) is denoted BET .
A safety event is a set of BEs that occurs simultaneously. We denote such an
event by its corresponding binary vector f⃗ ∈ BBET . The extent to which a safety
event leads to overall system failure is determined by the structure function: for
a node v ∈ V and a safety event f⃗, the structure function ST (v, f⃗) is a Boolean
stating whether f⃗ propagates through v.
Definition 6. Let T be a FT. The structure function ST : V × BBET → B of T
is defined, for a node v ∈ V and a safety event f⃗ ∈ BBET , by
⃗
W
Vw∈ch(v) ST (w, f ) if t(v) = OR,
ST (v, f⃗) = ⃗
w∈ch(v) ST (w, f ) if t(v) = AND, (3)
fv if t(v) = BE.
8 Dang et al.
(a) (b)
Fig. 3: A fault tree for a road trip (a), and its BDD representation (b). The road
trip fails if both phone and car fail; car fails if either engine or battery fails.
A safety event f⃗ that reaches the root RT i.e. ST (RT , f⃗) = 1 is called a cut
set. The set of all cut sets of T is denoted CT .
Fault trees are used for quantitative probability analysis as follows: suppose
each BE v is assigned a probability p(v), the unreliability of the system is the
probability that the system as a whole fails. This is the probability that a random
safety event F⃗ (distributed according to the BE probabilities) propagates to the
root.
Example 4. Consider the FT from Fig.3a. Let p(a) = 0.8, p(b) = 0.1, and p(c) =
0.4, then f⃗ ∈ BBET is written as fa fb fc . The cut set is represented as CT =
{111, 110, 101}, and thus the unreliability is
U (T ) = 0.8 · 0.1 · 0.4 + 0.8 · 0.1 · 0.6 + 0.8 · 0.9 · 0.4 = 0.368.
The bottom-up algorithm is fast, but only works when T is a tree. The
reason is that the probability laws in (6) only hold when the pvi are independent
probabilities, which will not generally be true if the vi share children. For DAG-
structured FTs, a different approach is used.
5 Fuzzy unreliability
The concept of failure possibility arises in unreliability analysis when the fail-
ure probabilities are not exactly known. Instead of having a fixed real value,
the failure possibility can be defined by a fuzzy number/ element on interval
[0, 1], with any shape of membership function. The failure possibility of a basic
event i denoted as pi . We first give an example of how this affects unreliability
calculation, before giving the general definition.
Example 6. Consider the road trip FT T from Fig.3a. Its unreliability function
UT : [0, 1]3 → [0, 1] is given by
UT (pa , pb , pc ) = pa pb pc + pa (1 − pb )pc + pa pb (1 − pc )
= pa pc + pa pb − pa pb pc .
10 Dang et al.
U
eT (⃗p)[y] = sup min{pa [pa ], pb [pb ], pc [pc ]}
pa ,pb ,pc ∈[0,1] :
pa pc +pa pb −pa pb pc =y
We notice that b has one single probability value pb = 0.1 with pb [pb ] ̸= 0,
and c has only pc = 0.4 with pc [pc ] ̸= 0. Substituting those probabilities and
their confidences to the expression above, then
1, if y = 0.368,
sup min pa [pa ], 1, 1 = 0.7, if y = 0.23,
pa :
0.4pa +0.1pa −0.04pa =y 0, otherwise,
U
eT (⃗p)[y] = sup min pv [pv ].
v∈BET
⃗∈[0,1]BET :
p
UT (⃗
p)=y
The following result shows the validity of this approach. It is proven analo-
gously to a similar result for attack trees in [5].
Fuzzy Fault Trees Formalized 11
Fig. 4: A DAG FT
Fig. 5: BDD calculation
Example 8. Consider the BDD shown in Fig.5, with variable order u < v < w,
and pu = pw = {0.5 7→ 1} and pv = {0 7→ 1, 1 7→ 1}. We label v as v1 and v2 for
distinction in the calculation. Let fuzzy attribution as in the previous example.
The fuzzy unreliability of top event is
On the other hand, similar to Ex. 6 one can calculate ŨT (⃗p) = {0.25 7→ 1, 1 7→ 1}.
This shows that the BDD method does not work for fuzzy unreliability.
7 Experiments
Figure 6 displays the resulting fuzzy unreliabilities of the systems CSD and
LSTF, respectively. In each subfigure, we plot the crisp unreliability obtained
from crisp BEs values (crisp unreliability), fuzzy unreliability obtained from
fuzzy BEs triangular possibility (u_tri), trapezoidal possibility (u_trap), Gaus-
sian possibility (u_gauss), and the their combination (u_mix). We observe that
the system unreliability is not the same type as the operands BEs possibilities.
This is obvious since calculation of unreliability requires fuzzy multiplications
which is a nonlinear operation. The method overcomes the complexity of per-
forming exact fuzzy multiplication [16] or using nonlinear programming [17]. In
addition, it provides more precise solution than the product estimations of fuzzy
numbers and the conventional discretisation approach [13].
References
1. Alefeld, G., Mayer, G.: Interval analysis: theory and applications. Journal of Com-
putational and Applied Mathematics 121(1), 421–464 (2000)
14 Dang et al.
2. de Barros, L.C., Bassanezi, R.C., Lodwick, W.A.: The Extension Principle of Zadeh
and Fuzzy Numbers, pp. 23–41. Springer, Berlin, Heidelberg (2017)
3. Basiura, B., Duda, J., Gaweł, B., Opiła, J., Pełech-Pilichowski, T., Rębiasz, B.,
Skalna, I.: Fuzzy Numbers, pp. 1–26. Springer Inter. Publishing, Cham (2015)
4. Couso, I., Borgelt, C., Hullermeier, E., Kruse, R.: Fuzzy sets in data analysis:
From statistical foundations to machine learning. IEEE Computational Intelligence
Magazine 14(1), 31–44 (2019)
5. Dang, T.K.N., Lopuhaä-Zwakenberg, M., Stoelinga, M.: Fuzzy quantitative attack
tree analysis (2024)
6. Dubois, D., Prade, H.: Fuzzy real algebra: Some results. Fuzzy Sets and Systems
2(4), 327–348 (1979)
7. Jezewski, M., Czabanski, R., Leski, J.: Introduction to Fuzzy Sets, pp. 3–22.
Springer International Publishing, Cham (2017)
8. Lin, C.T., Wang, M.J.J.: Hybrid fault tree analysis using fuzzy sets. Reliability
Engineering & System Safety 58(3), 205–213 (1997)
9. Lopuhaä-Zwakenberg, M.: Fault tree reliability analysis via squarefree polynomials
(2023)
10. Lopuhaä-Zwakenberg, M., Budde, C.E., Stoelinga, M.: Efficient and generic algo-
rithms for quantitative attack tree analysis. IEEE Transactions on Dependable and
Secure Computing pp. 1–18 (2022)
11. Mahmood, Y.A., Ahmadi, A., Verma, A.K., Srividya, A., Kumar, U.: Fuzzy fault
tree analysis: a review of concept and application. International Journal of System
Assurance Engineering and Management 4, 19–32 (2013)
12. Ruijters, E., Stoelinga, M.: Fault tree analysis: A survey of the state-of-the-art in
modeling, analysis and tools. Computer Science Review 15-16, 29–62 (2015)
13. Schmucker, K.J.: Fuzzy sets, natural language computations, and risk analysis
(1983)
14. Singer, D.: A fuzzy set approach to fault tree and reliability analysis. Fuzzy Sets
and Systems 34(2), 145–155 (1990)
15. Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., Railsback, J.:
Fault tree handbook with aerospace applications (2002)
16. Tanaka, H., Fan, L.T., Lai, F.S., Toguchi, K.: Fault-tree analysis by fuzzy proba-
bility. IEEE Transactions on Reliability R-32(5), 453–457 (1983)
17. W. M. Dong, H.C.S., Wongt, F.S.: Fuzzy computations in risk and decision anal-
ysis. Civil Engineering Systems 2(4), 201–208 (1985)
18. Yazdi, M., Nikfar, F., Nasrabadi, M.: Failure probability analysis by employing
fuzzy fault tree analysis. Int. J. Syst. Assur. Eng. Manag. 8, 1177–1193 (02 2017)
19. Zadeh, L.: Fuzzy sets. Information and Control 8(3), 338–353 (1965)