Conflict-driven Hybrid Observer-based Anomaly Detection

This paper presents an anomaly detection method using a hybrid observer -- which consists of a discrete state observer and a continuous state observer. We focus our attention on anomalies caused by intelligent attacks, which may bypass existing anomaly detection methods because neither the event sequence nor the observed residuals appear to be anomalous. Based on the relation between the continuous and discrete variables, we define three conflict types and give the conditions under which the detection of the anomalies is guaranteed. We call this method conflict-driven anomaly detection. The effectiveness of this method is demonstrated mathematically and illustrated on a Train-Gate (TG) system

A hybrid automata approach for monitoring the patient in the loop in artificial pancreas systems

The use of automated insulin delivery systems has become a reality for people with type 1 diabetes (T1D), with several hybrid systems already on the market. One of the particularities of this technology is that the patient is in the loop. People with T1D are the plant to control and also a plant operator, because they may have to provide information to the control loop. The most immediate information provided by patients that affects performance and safety are the announcement of meals and exercise. Therefore, to ensure safety and performance, the human factor impact needs to be addressed by designing fault monitoring strategies. In this paper, a monitoring system is developed to diagnose potential patient modes and faults. The monitoring system is based on the residual generation of a bank of observers. To that aim, a linear parameter varying (LPV) polytopic representation of the system is adopted and a bank of Kalman filters is designed using linear matrix inequalities (LMI). The system uncertainty is propagated using a zonotopic-set representation, which allows determining confidence bounds for each of the observer outputs and residuals. For the detection of modes, a hybrid automaton model is generated and diagnosis is performed by interpreting the events and transitions within the automaton. The developed system is tested in simulation, showing the potential benefits of using the proposed approach for artificial pancreas systems.Peer ReviewedPostprint (published version

Set-membership parity space hybrid system diagnosis

In this paper, diagnosis for hybrid systems using a parity space approach that considers model uncertainty is proposed. The hybrid diagnoser is composed of modules which carry out the mode recognition and diagnosis tasks interacting each other, since the diagnosis module adapts accordingly to the current hybrid system mode. Moreover, the methodology takes into account the unknown but bounded uncertainty in parameters and additive errors (including noise and discretisation errors) using a passive robust strategy based on the set-membership approach. An adaptive threshold that bounds the effect of model uncertainty in residuals is generated for residual evaluation using zonotopes, and the parity space approach is used to design a set of residuals for each mode. The proposed fault diagnosis approach for hybrid systems is illustrated on a piece of the Barcelona sewer network.This work has been funded by the Spanish Ministry of Science and Technology through the CICYT project WATMAN [grant number DPI2009-13744]; the Spanish Ministry of Economy and Competitiveness through the CICYT project SHERECS [grant number DPI2011-26243]; EFFINET [grant number FP7-ICT-2012-318556] of the European Commission.Peer Reviewe

Discrete and hybrid methods for the diagnosis of distributed systems

Many important activities of modern society rely on the proper functioning of complex systems such as electricity networks, telecommunication networks, manufacturing plants and aircrafts. The supervision of such systems must include strong diagnosis capability to be able to effectively detect the occurrence of faults and ensure appropriate corrective measures can be taken in order to recover from the faults or prevent total failure. This thesis addresses issues in the diagnosis of large complex systems. Such systems are usually distributed in nature, i.e. they consist of many interconnected components each having their own local behaviour. These components interact together to produce an emergent global behaviour that is complex. As those systems increase in complexity and size, their diagnosis becomes increasingly challenging. In the first part of this thesis, a method is proposed for diagnosis on distributed systems that avoids a monolithic global computation. The method, based on converting the graph of the system into a junction tree, takes into account the topology of the system in choosing how to merge local diagnoses on the components while still obtaining a globally consistent result. The method is shown to work well for systems with tree or near-tree structures. This method is further extended to handle systems with high clustering by selectively ignoring some connections that would still allow an accurate diagnosis to be obtained. A hybrid system approach is explored in the second part of the thesis, where continuous dynamics information on the system is also retained to help better isolate or identify faults. A hybrid system framework is presented that models both continuous dynamics and discrete evolution in dynamical systems, based on detecting changes in the fundamental governing dynamics of the system rather than on residual estimation. This makes it possible to handle systems that might not be well characterised and where parameter drift is present. The discrete aspect of the hybrid system model is used to derive diagnosability conditions using indicator functions for the detection and isolation of multiple, arbitrary sequential or simultaneous events in hybrid dynamical networks. Issues with diagnosis in the presence of uncertainty in measurements due sensor or actuator noise are addressed. Faults may generate symptoms that are in the same order of magnitude as the latter. The use of statistical techniques,within a hybrid system framework, is proposed to detect these elusive fault symptoms and translate this information into probabilities for the actual operational mode and possibility of transition between modes which makes it possible to apply probabilistic analysis on the system to handle the underlying uncertainty present

Fault diagnosis of hybrid systems with applications to gas turbine engines

Stringent reliability and maintainability requirements for modern complex systems demand the development of systematic methods for fault detection and isolation. Many of such complex systems can be modeled as hybrid automata. In this thesis, a novel framework for fault diagnosis of hybrid automata is presented. Generally, in a hybrid system, two types of sensors may be available, namely: continuous sensors supplying continuous-time readings (i.e., real numbers) and threshold sensitive (discrete) sensors supplying discrete outputs (e.g., level high and pressure low). It is assumed that a bank of residual generators (detection filters) designed based on the continuous model of the plant is available. In the proposed framework, each residual generator is modeled by a Discrete-Event System (DES). Then, these DES models are integrated with the DES model of the hybrid system to build an Extended DES model. A "hybrid" diagnoser is then constructed based on the extended DES model. The "hybrid" diagnoser effectively combines the readings of discrete sensors and the information supplied by residual generators (which is based on continuous sensors) to determine the health status of the hybrid system. The problem of diagnosability of failure modes in hybrid automata is also studied here. A notion of failure diagnosability in hybrid automata is introduced and it is shown that for the diagnosability of a failure mode in a hybrid automaton, it is sufficient that the failure mode be diagnosable in the extended DES model developed for representing the hybrid automaton and residual generators. The diagnosability of failure modes in the case that some residual generators produce unreliable outputs in the form of false alarm or false silence signals is also investigated. Moreover, the problem of isolator (residual generator) selection is examined and approaches are developed for computing a minimal set of isolators to ensure the diagnosability of failure modes. The proposed hybrid diagnosis approach is employed for investigating faults in the fuel supply system and the nozzle actuator of a single-spool turbojet engine with an afterburner. A hybrid automaton model is obtained for the engine. A bank of residual generators is also designed, and an extended DES is constructed for the engine. Based on the extended DES model, a hybrid diagnoser is constructed and developed. The faults diagnosable by a purely DES diagnoser or by methods based on residual generators alone are also diagnosable by the hybrid diagnoser. Moreover, we have shown that there are faults (or groups of faults) in the fuel supply system and the nozzle actuator that can be isolated neither by a purely DES diagnoser nor by methods based on residual generators alone. However, these faults (or groups of faults) can be isolated if the hybrid diagnoser is used

State Estimation of Timed Discrete Event Systems and Its Applications

Many industrial control systems can be described as discrete event systems (DES), whose state space is a discrete set where event occurrences cause transitions from one state to another. Timing introduces an additional dimension to DES modeling and control. This dissertation provides two models of timed DES endowed with a single clock, namely timed finite automata (TFA) and generalized timed finite automata (GTFA). In addition, a timing function is defined to associate each transition with a time interval specifying at which clock values it may occur. While the clock of a TFA is reset to zero after each event occurs and the time semantics constrain the dwell time at each discrete state, there is an additional clock resetting function associated with a GTFA to denote whether the clock is reset to a value in a given closed time interval. We assume that the logical and time structure of a partially observable TFA/GTFA is known. The main results are summarized as follows. 1. The notion of a zone automaton is introduced as a finite automaton providing a purely discrete event description of the behaviour of a TFA/GTFA of interest. Each state of a zone automaton contains a discrete state of the timed DES and a zone that is a time interval denoting a range of possible clock values. We investigate the dynamics of a zone automaton and show that one can reduce the problem of investigating the reachability of a given timed DES to the reachability analysis of a zone automaton. 2. We present a formal approach that allows one to construct offline an observer for TFA/GTFA, i.e., a finite structure that describes the state estimation for all possible evolutions. During the online phase to estimate the current discrete state according to each measurement of an observable event, one can determine which is the state of the observer reached by the current observation and check to which interval (among a finite number of time intervals) the time elapsed since the last observed event occurrence belongs. We prove that the discrete states consistent with a timed observation and the range of clock values associated with each estimated discrete state can be inferred following a certain number of runs in the zone automaton. In particular, the state estimation of timed DES under multiple clocks can be investigated in the framework of GTFA. We model such a system as a GTFA with multiple clocks, which generalizes the timing function and the clock resetting function to multiple clocks. 3. As an application of the state estimation approach for TFA, we assume that a given TFA may be affected by a set of faults described using timed transitions and aim at diagnosing a fault behaviour based on a timed observation. The problem of fault diagnosis is solved by constructing a zone automaton of the TFA with faults and a fault recognizer as the parallel composition of the zone automaton and a fault monitor that recognizes the occurrence of faults. We conclude that the occurrence of faults can be analyzed by exploring runs in the fault recognizer that are consistent with a given timed observation. 4. We also study the problem of attack detection in the context of DESs, assuming that a system may be subject to multiple types of attacks, each described by its own attack dictionary. Furthermore, we distinguish between constant attacks, which corrupt observations using only one of the attack dictionaries, and switching attacks, which may use different attack dictionaries at different steps. The problem we address is detecting whether a system has been attacked and, if so, which attack dictionaries have been used. To solve it in the framework of untimed DES, we construct a new structure that describes the observations generated by a system under attack. We show that the attack detection problem can be transformed into a classical state estimation/diagnosis problem for these new structures

Feasible, Robust and Reliable Automation and Control for Autonomous Systems

The Special Issue book focuses on highlighting current research and developments in the automation and control field for autonomous systems as well as showcasing state-of-the-art control strategy approaches for autonomous platforms. The book is co-edited by distinguished international control system experts currently based in Sweden, the United States of America, and the United Kingdom, with contributions from reputable researchers from China, Austria, France, the United States of America, Poland, and Hungary, among many others. The editors believe the ten articles published within this Special Issue will be highly appealing to control-systems-related researchers in applications typified in the fields of ground, aerial, maritime vehicles, and robotics as well as industrial audiences