Supervisory Control and Analysis of Partially-observed Discrete Event Systems

Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations. In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis. The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed. In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties

Failure Diagnosis and Prognosis of Safety Critical Systems: Applications in Aerospace Industries

Many safety-critical systems such as aircraft, space crafts, and large power plants are required to operate in a reliable and efficient working condition without any performance degradation. As a result, fault diagnosis and prognosis (FDP) is a research topic of great interest in these systems. FDP systems attempt to use historical and current data of a system, which are collected from various measurements to detect faults, diagnose the types of possible failures, predict and manage failures in advance. This thesis deals with FDP of safety-critical systems. For this purpose, two critical systems including a multifunctional spoiler (MFS) and hydro-control value system are considered, and some challenging issues from the FDP are investigated. This research work consists of three general directions, i.e., monitoring, failure diagnosis, and prognosis. The proposed FDP methods are based on data-driven and model-based approaches. The main aim of the data-driven methods is to utilize measurement data from the system and forecast the remaining useful life (RUL) of the faulty components accurately and efficiently. In this regard, two dierent methods are developed. A modular FDP method based on a divide and conquer strategy is presented for the MFS system. The modular structure contains three components:1) fault diagnosis unit, 2) failure parameter estimation unit and 3) RUL unit. The fault diagnosis unit identifies types of faults based on an integration of neural network (NN) method and discrete wavelet transform (DWT) technique. Failure parameter estimation unit observes the failure parameter via a distributed neural network. Afterward, the RUL of the system is predicted by an adaptive Bayesian method. In another work, an innovative data-driven FDP method is developed for hydro-control valve systems. The idea is to use redundancy in multi-sensor data information and enhance the performance of the FDP system. Therefore, a combination of a feature selection method and support vector machine (SVM) method is applied to select proper sensors for monitoring of the hydro-valve system and isolate types of fault. Then, adaptive neuro-fuzzy inference systems (ANFIS) method is used to estimate the failure path. Similarly, an online Bayesian algorithm is implemented for forecasting RUL. Model-based methods employ high-delity physics-based model of a system for prognosis task. In this thesis, a novel model-based approach based on an integrated extended Kalman lter (EKF) and Bayesian method is introduced for the MFS system. To monitor the MFS system, a residual estimation method using EKF is performed to capture the progress of the failure. Later, a transformation is utilized to obtain a new measure to estimate the degradation path (DP). Moreover, the recursive Bayesian algorithm is invoked to predict the RUL. Finally, relative accuracy (RA) measure is utilized to assess the performance of the proposed methods

Failure diagnosis and prognosis in stochastic discrete-event and cyber-physical systems

In this dissertation we study the problem of fault diagnosis in both discrete event systems and cyber physical systems. Discrete event systems (DESs) are event-driven systems with discrete states that evolve in response to abrupt occurrences of discrete changes (called events). The stochastic DESs are used to characterize the quantitative behavior of the system, by modeling the uncertainty on the occurrence of events as random variables with certain distribution. A stochastic DES is similar to the Markov chain models, with the difference being that, in stochastic DESs, the transition is labeled with the event while the event information is omitted in a Markov chain. Many physical systems, such as manufacturing systems, communication protocols, reactive software, telephone networks, traffic systems, robotics and digital hardware, can be modeled as DESs at a certain level of abstraction. Fault diagnosis is to detect the occurrence of a fault so as to enable any fault tolerant actions. It is a crucial and challenging problem that has attracted considerable attentions in the literature of software engineering, automotive systems, power systems and nuclear engineering. In this dissertation, we propose the online detection schemes for stochastic DESs and also introduce the notions of missed detections (MDs) and false alarms (FAs), or equivalently, false-negatives and false-positives, for the schemes. The idea is that given any observation (of partially observed events), the detector recursively computes the conditional probability of the nonoccurrence of a fault and issues a fault decision if the probability of the nonoccurrence of a fault falls below an appropriately chosen threshold, and issues no-decision otherwise. We establish that S-Diagnosability is a necessary and sufficient condition for achieving any desired levels of MD and FA rates, where the notion of S-Diagnosability was proposed by Thorsley, et al. in 2005, requiring that given any tolerable ambiguity level &rho and error bound &tau , there must exist a delay bound n such that for any fault trace, its extensions, longer than n and probability of ambiguity higher than &rho, occur with probability smaller than &tau . Algorithms for determining the detection scheme parameters of detection threshold and detection delay bound for the specified MD and FA rates requirement are also presented, based on the construction of an extended observer, which computes, for each observation sequence, the set of states reached in the system model, along with their probabilities and the number of post-fault transitions executed. This dissertation also studies the fault diagnosis in cyber physical systems, where the dynamics of the physical systems over discrete sample instances are described by stochastic difference equations, and the nonfault behaviors are specified by linear-time temporal logic (LTL) formulas over sequences of requirement variables that are functions of inputs and states (just as the outputs). We first introduce the notion of an input-output stochastic hybrid automaton (I/O-SHA), and then show that it can be used to model the refinement of a given discrete-time stochastic system against its LTL specification so as to identify the system behaviors that satisfy the nonfault specification versus the ones that violate it in form of reachability of a fault location. For this we propose a refinement algorithm that refines the system model in form of discrete-time stochastic equations with respect to its specification model in form of a Buchi acceptor, and the resulting refinement can be modeled as an I/O-SHA. We further show that the fault detection problem then reduces to a state estimation problem for the I/O-SHA. The performance of the detection protocol is evaluated in terms of its FA and MD rates. We additionally propose the notion of S-Diagnosability for I/O-SHA, which can guarantee the existence of detectors that can achieve any desired FA and MD rates. We further consider the fault prognosis problem, where the goal is to predict a fault prior to its occurrence, for stochastic DESs. We introduce m-steps Stochastic-Prognosability, or simply Sm-Prognosability, requiring for any tolerance level &rho and error bound &tau , there exists a reaction bound k &ge m, such that the set of fault traces for which a fault cannot be predicted k steps in advance with tolerance level &rho, occurs with probability smaller than &tau . Similar to the fault diagnosis problem, we formalize the notion of a prognoser that maps observations to decisions by comparing a suitable statistic with a threshold, and show that Sm-Prognosability is a necessary and sufficient condition for the existence of a prognoser with reaction bound at least m (i.e., prediction at least m-steps prior to the occurrence of a fault) that can achieve any specified FA and MD rate requirement. Moreover, we provide a polynomial algorithm for verifying Sm-Prognosability

Contrôle et diagnostic décentralisés des systèmes à évènements discrets approche multi-décisionnelle

De nos jours, les systèmes technologiques sont devenus très complexes (matériel informatique, logiciel, système de télécommunication, usine manufacturière, etc.), et cette complexité croît continuellement de sorte que les anciennes techniques intuitives utilisées pour leur conception, leur étude et leur réalisation deviennent inadaptées. À cause de cette complexité croissante, la probabilité pour qu'une erreur (ou panne) inattendue survienne est de plus en plus grande. Plus encore, quelques erreurs peuvent provoquer des accidents très graves causant des pertes économiques ou humaines. C'est dans ce cadre que les méthodes formelles ont été développées pour l'analyse, la conception et la réalisation des systèmes logiciels et électroniques quelque [i.e. quelle que] soit leur complexité. Ainsi, l'étude des systèmes à événements discrets (SED) a été introduite avec l'objectif de développer des méthodes formelles pour répondre à des besoins pressants, tels que le contrôle, le diagnostic, le pronostic, le test et la vérification des comportements discrets des systèmes technologiques. Cette thèse considère et généralise les études du contrôle et du diagnostic décentralisés des SED. Le principe commun du contrôle et du diagnostic décentralisés des SED est la prise de décision décentralisée, qui est basée sur l'utilisation d'une architecture décentralisée. Cette dernière est constituée de plusieurs décideurs locaux qui observent partiellement un SED et prennent des décisions locales qui sont ensuite fusionnées par un module de fusion D. Ce dernier, en se basant sur une fonction de fusion, calcule à partir des décisions locales une décision globale. Le système englobant les décideurs locaux et le module de fusion s'appelle un décideur décentralisé. L'ensemble de tous les décideurs décentralisés ayant D comme module de fusion est appelé D-architecture. La principale contribution de cette thèse est de proposer une nouvelle approche de prise de décision décentralisée, appelée multi-décision et qualifiée de multi-décisionnelle. Le principe de la multi-décision est basé sur l'utilisation de plusieurs (disons p) décideurs décentralisés (DD[indice supérieur j)[indice inférieur j=1,...,p] qui fonctionnent simultanément et en parallèle. Chaque DD[indice supérieur J] a une architecture décentralisée parmi celles qu'on trouve dans la littérature. C'est-à-dire que chaque DD[indice supérieur J] est constitué d'un ensemble de décideurs locaux ([Dec[indice supérieur J][indice inférieur i])[indice inférieur i=1,...,n] dont les décisions locales sont fusionnées par un module de fusion D[indice supérieur j] afin d'obtenir une décision globale. Dans l'architecture multi-décisionnelle, les décisions globales des p (DD[indice supérieur j])[indice inférieur j=1,...,p] sont fusionnées par un module D afin d'obtenir une décision effective qui respecte une propriété désirée Pr. L'intérêt de la multi-décision est que l'architecture ((DD[indice supérieur j])[indice inférieur j=1,..., p], D) constituée des différents (DD[indice supérieur j])[indice inférieur j =1,...,p] et de D généralise chacune des architectures DD[indice supérieur j]. C'est-à-dire que l'ensemble des SED auxquels on peut appliquer ((DD[indice supérieur j])[indice inférieur j=1,...,p], D) englobe les différents SED auxquels on peut appliquer les différents DD[indice supérieur j] séparément. Nous avons étudié l'approche multi-décisionnelle sur deux exemples de prise de décision : le contrôle supervisé et le diagnostic. On obtient alors le contrôle et le diagnostic multi-décisionnels. Dans les deux cas, l'approche multi-décisionnelle nécessite une décomposition de langages infinis (c.-à-d., contenant un nombre infini de séquences), qui est connue comme étant un problème difficile. Pour résoudre ce problème, on a proposé, dans le cas particulier des langages réguliers, une méthode qui transforme la décomposition d'un langage infini X en une décomposition d'un ensemble fini d'états marqués. Pour arriver à cela, on a dû s'imposer une restriction en ne considérant que les décompositions de X qui respectent une condition spécifique. Cette condition présente l'avantage de rendre les conditions d'existence de solutions vérifiables. Nous avons ainsi développé des algorithmes pour vérifier les conditions d'existence de solutions pour le contrôle et le diagnostic multi-décisionnels. Ces algorithmes ont le même ordre de complexité que les algorithmes qui vérifient les conditions d'existence de solutions pour le contrôle et le diagnostic décentralisés. Il est important de noter que les conditions d'existence obtenues pour une architecture multi-décisionnelle ((DD[indice supérieur j])[indice inférieur j=1,..., p], D) sont moins contraignantes que celles obtenues pour chacune des architectures DD[indice supérieur j]

Property Enforcement for Partially-Observed Discrete-Event Systems

Engineering systems that involve physical elements, such as automobiles, aircraft, or electric power pants, that are controlled by a computational infrastructure that consists of several computers that communicate through a communication network, are called Cyber-Physical Systems. Ever-increasing demands for safety, security, performance, and certi cation of these critical systems put stringent constraints on their design and necessitate the use of formal model-based approaches to synthesize provably-correct feedback controllers. This dissertation aims to tackle these challenges by developing a novel methodology for synthesis of control and sensing strategies for Discrete Event Systems (DES), an important class of cyber-physical systems. First, we develop a uniform approach for synthesizing property enforcing supervisors for a wide class of properties called information-state-based (IS-based) properties. We then consider the enforcement of non-blockingness in addition to IS-based properties. We develop a nite structure called the All Enforcement Structure (AES) that embeds all valid supervisors. Furthermore, we propose novel and general approaches to solve the sensor activation problem for partially-observed DES. We extend our results for the sensor activation problem from the centralized case to the decentralized case. The methodology in the dissertation has the following novel features: (i) it explicitly considers and handles imperfect state information, due to sensor noise, and limited controllability, due to unexpected environmental disturbances; (ii) it is a uniform information-state-based approach that can be applied to a variety of user-speci ed requirements; (iii) it is a formal model-based approach, which results in provably correct solutions; and (iv) the methodology and associated theoretical foundations developed are generic and applicable to many types of networked cyber-physical systems with safety-critical requirements, in particular networked systems such as aircraft electric power systems and intelligent transportation systems.PHDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/137097/1/xiangyin_1.pd

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen