CC BY
8
CONTRIBUTION TO STOCHASTIC METHODS OF COMPLEX SYSTEMS
RISK ANALYSIS
David VALIS,
Ph.D.; University of Defence, Czech Republic; david.valis@unob.cz
Abstract: The paper deals with risk assessment of complex systems. As we investigate situations regarding military applications the fragments of risk management are very important for us. Risk and dependability characteristics of military battle equipment have the same importance for us as those measures which have to serve to perform battle missions itself. There is no time on the battle field to solve unpredicted and unexpected situations caused by high risk level or unreliability which might lead to loss of both equipment and crew. Due to high level of risk we face on the battlefield many systems have to be robust enough or have to be redundant to succeed.
Key words: Risk, Dependability, Management, Complex systems
1. INTRODUCTION
As we know there is number of characteristics which might be investigated and solved regarding military applications. Some of them are typically related to performance of the object although others are related to supporting characteristics. The supporting characteristics do not mean that they play second class role but usually are not preferred as much as those related to performance. In branch of our interest we talk about risk, dependability and its attributes. The common and well known dependability characteristics are often announced and used for various calculations as well as describe the item itself. We typically know these characteristics from different types of tests performed during development and testing phase. Such characteristics are related to so called inherent dependability - inherent availability. Apart of these specifications we need to know also the real behaviour in the battle field - in real deployment while completing mission. In the real deployment we talk about characteristics related to "so called" operational dependability - operational availability. These characteristics are not calculated theoretically but their calculation is based on practical and real possible situation. Such as real picture about technical item behaviour namely military battle vehicles is the most important for us. Several measures join the set of "dynamic dependability" characteristics. To be able to carry out the dynamic dependability analysis we have to know the edge conditions and our limitations for that. Dynamic in this terms means to have the information we need just in time. We may choose several possibilities for getting the time related characteristics regarding the military battle vehicle for instance. As dependability analysis serve for failures investigation we use them for getting more information about an event which in terms of risk understanding means the initial source. If we know the source of potential harm we consequently may work with the basic and well known tools for risk identification, assessment, analysis and finally evaluation. As battle vehicles are supposed to complete missions in very adverse and hostile conditions with very high level of success required and many times also in very diversified areas we have to look after the quality characteristics very well. We count among them both risk and dependability analysis which are very closely connected and their characteristics and measures serve for determination of proper picture for battle vehicle behaviour. With running time we are not happy enough with the measures and characteristics got from tests. We would like to get more precise and so called absolute (dynamic) characteristics regarding risk and dependability. That is why we have been looking for new approaches and methods suitable for this purpose. One of the most appropriate seems to be the Markov analysis. Beyond of dynamic characteristics we also need to know the potential risk level in case of unexpected event occurrence both during training phase and during real deployment while completing a mission.
If we talk about dynamic dependability and risk characteristics we take into account those events which have the major impact onto vehicle's function - a failure. The only failures we assess are the failures from internal reasons. We do not count the possible failures caused by external reasons - in case of battle
vehicles caused by hit or attack while performing a mission. In following parts we deal with all above mentioned issues.
2. RISK ON BATTLE FIELD AND ITS ASSESSMENT
In our lives we can recognise and we know plenty of circumstances which may generate existence of a risk. As we talk about a risk we subconsciously feel something wrong, negative, and unpleasant. We feel endanger or possible a hazard, endanger, jeopardy, imperilment, etc. The more we know about risk and its fractions the harder we cope with it/them. In some situations we can not do anything else than get used it. In another cases we may avoid it, reduce it or ignore it. There are many ways how to observe a risk and how to handle with it. The whole discipline dealing with risk has the name "Risk management" and its fragments have the crucial importance for us. Due to dealing with military battle vehicles we have to recognise a bit more than standard risk spectrum - risk profile we usually see regarding civilian vehicles. As the battle vehicles have to perform their mission in very difficult environment under very adverse conditions the spectrum of possible impacts is very high. We talk about sources of risk. A battle vehicle has the potential to be in collaboration with more than one source of risk both internal and external. It does not really matter if the vehicle carries out training or if it is in real deployment. Of course the real deployment may bring more consequences in case of an event occurrence. A failure in training does not need to be necessarily as crucial as in case of real mission. A failure occurrence either in training or in real mission puts the vehicle into involuntary situation which is raised due to military tasks it has to fulfil. Due to very high possibility to be immediately attacked in the battle the risk arisen is also very high. Regarding the above mentioned we use following description of risk for further work.
Let it exists a certain source of risk, either tangible (environment, object, human being) or intangible (activity). This source can have both positive, but as in our case also negative impact to its surroundings (other tangible or intangible elements). The existence of this impact is not always so important. The existence of such risk (i.e. negative impact) becomes important only when its impact or importance results from an interaction, which exists between an element (individual, group, technical object or activity) and a source (environment or activity).
In this moment it is necessary to realize that risk as such does not exist, if there is no interaction between the source of risk and object (element) that has a certain relationship to this source. It is necessary to take into account that interaction can also have various forms. It may be, for example, a voluntary, involuntary, random, intentional, etc. interaction. The effect of these impacts can be attributed especially to an environment, in which the object occurs during its existence. Any such impacts shall be generally called area of risk.
The important and integral part of all analyses will be precise, quality and sufficient identification of just this source of risk. Without this source we can hardly deal with a risk in a qualified way. Regarding to these facts we may understand that risk can be assessed both qualitatively and quantitatively (of course in both cases as well). Basic expressions which put risk into commonly understandable form and which enables us further dealing with risk are as follows. First and very well known (nowadays classical) description in form of an equation which may serve both for qualitative and quantitative assessment is as follows:
R = P x C (1)
Where: R - Risk;
P - Probability;
C - Consequences.
This expression allows us to carry out both qualitative and quantitative assessments. Problem is that we do not have any numerical expressions with physical unit.
Second very well known form for risk expression is following formula:
P x C
R =-x E [unit ] (2)
M 1 1
Where: R - Risk;
P - Probability;
M - Measures;
E - Exposition.
This expression allows us also to carry out both qualitative and quantitative assessments. Very big advantage is that we may have physical units related to risk for further analysis.
For every element of the above mentioned equations are more or less clear procedures for their determination. We have to understand that the risk assessment as part of risk management is subdivided into two possible ways. In terms of finding solution we either talk about "Logic (sometimes determination) Access" or "Probabilistic Access". In case of probability is the situation more than clear. Although in the English speaking countries we have to distinguish between the terms "Probability" and "Likelihood" the determination is clear enough. In case of exposition we do not have to discus very much the possibility for unit and function determination. We may expect problems in terms of measures or consequences determination. Such decisions are more or less based onto expert expressions. The way is not necessarily bad but it does not give us the possibility to validate or verify a statement made.
From this point of view we recommend using new progressive forms and procedures for measures and consequences determination as well as from our historical experience. As we very often work with language and qualitative measures which are consequently somehow connected to scales (numerical expressions of qualitative expressions) we would like to be sure enough that our decision was not bad and in same circumstances under same conditions one day latter will be made in the same way. Theory of fuzzy probability and fuzzy logic seems to suit to this purpose very well. For more details how to solve such an issue see [6] or [].
From the risk assessment point of view regarding military battle equipment we may be confronted both with two known ways of stochastic distributions. We use for the random variable description distributions known as the counting and the continuous. Both of them have their importance and place both in terms of observed item and consequently risk/dependability analysis. As we want to know the so called absolute/dynamic characteristics regarding observed item we have to distinguish between both of them in the Markov's analysis as well. The detailed description of both of them follows.
3. COUNTING DISTRIBUTION OF OBSERVED VARIABLE AND DEPENDABILITY
Based onto part describing risk assessment above we now have been looking for expression of object behaviour. Such behaviour will give us appropriate picture about real conditions of the object and will allow us to prepare possible mission scenario with such object. From mathematical point of view we may distinguish between two ways of observing object behaviour. Such as behaviour is based onto measures and characteristics used. In this part we would like to describe a possible way for dependability assessment of complex technical system which is represented by counting value in case of observed variable related to a failure. We know the basic characteristics and measures related to object. Also in this case - solving the issue related to counting variable - we use the Markov analysis for getting several characteristics of dynamic dependability. From the "good example" reasons we have chosen automatic cannon which shoots using rounds. Is a failure on a round occurs the part restoration system allows to re-charge faulty round with a new one. We talk about partial repair. The system may basically stay in two states as described bellow using scenarios for their description.
The mission is completed. In the first case there can be a situation when all the ammunition of a certain amount which is placed in an ammunition belt is used up and a round failure occurs or it is used up and a round failure does not occur. In this case a backup system of pyrotechnic cartridges is able to reverse a system into an operational state. Using up can be single, successive in small bursts with breaks between different bursts, or it might be mass using one burst. Shooting is failure free or there is a round failure occurrence n. In case a round failure occurs, a system which restores a function of pyrotechnic cartridges is initiated.
There are two scenarios too - a system restoring a pyrotechnic cartridges function is failure free, or a pyrotechnic cartridge fails.
If a function of pyrotechnic cartridges is applied, it can remove failure m-times. So a number of restorations of the function is the same as the number of available pyrotechnic cartridges. In order to complete the mission successfully we need a higher amount of pyrotechnic cartridges m, or in the worst case the number of pyrotechnic cartridges should be equal to a number of failures.
Another alternative is the situation that a round fails and in this case a pyrotechnic cartridge fails too. A different pyrotechnic cartridge is initiated and it restores the function. This must satisfy the requirements that an amount of all round failures n is lower or at least equal to a number of operational (undamaged) pyrotechnic cartridges m.
The mission is completed in all the cases mentioned above and when following a required level of readiness of a block A.
The mission is not completed. In the second case the shooting is carried out one at a time, in small bursts or in one burst, and during the shooting there will be n round failures. At the time the failure occurs a backup system for restoring the function will be initiated. Unlike the previous situation there will be m pyrotechnic cartridges' failures and a total number of pyrotechnic cartridges' failures equals at least a number of round failures, and is equal to a number of implemented pyrotechnic cartridges M at the most. It might happen in this case that restoring of the function does not take place and the mission is not completed at the same time because there are not enough implemented pyrotechnic cartridges.
The relation of transition among the states can be expressed by the theory of Markov chains.
1. An alternative of a function when the mission is completed.
1 - P(B)
2. An alternative of a
function when the
mission is not completed.
P(C)
Picture 1: Description of transitions among the states
Characteristics of the states:
0 state: An initial state of an object until a round failure occurs with a probability function of a round
P(B). It is also a state an object can get with a pyrotechnic cartridge probability P(C) in case
a round failure occurs p(b) = 1 - P(B), or P(C| B) = P(C - B) .
w w P(B)
m1_mm state: A state an object can get while completing the mission. Either a round failure occurs in probability P(B)= 1 - P(B), or there is a pyrotechnic cartridge failure in probability P(C )= 1 - P(C).
1 state: A state an object can get while completing the mission. It is so called an absorption state.
Transition to the state is described as probability p(c)= 1 - P(C) of a failure of last pyrotechnic cartridge as long as an object was in a state „kn" before this state, or it can be described as probability of a round failure occurrence p(b )= 1 - P(B) as long as an object was in a state 0 before this state and all pyrotechnic cartridges are eliminated from the possibility to be used.
Transitions among different states as well as absolute probability might be put in the following formulae:
P(o) = P(B) + P(CM)+P(Ck20)+ P(CM)+... + P(,Cfcln o) (3)
P(m1 ) = 1 - P(B)
P(mm ) = (1 - P(B ))+(l - P(C))
P(l)= 1
Transition probabilities are described using matrix of transition probabilities P
(4)
(5)
(6)
P =
(7)
p00 p01 _ Pl0 Pu_
The arrows in picture 1 describe that the transition probability may occur with positive value. If we
know the form of transition probability matrix P and original initial distribution of variable p*(0) than we can express the absolute probability of random variable p^n) as follows:
P,(n) = £pk(0)pkl(n), i el (8)
kel
This formula is possible to be expressed also in matrix form as follows:
P(n ) = P( 0 )P (9)
We might describe the behaviour of the item in stationary state in terms of probability using limit probabilitiespj defined as follows:
P, = limpJn), j el (10)
The importance of limit probabilities lies in expressing of weakening of initial conditions. With help of this statement we can get quiet exact picture about behaviour of our item observed. We are either happy enough to know that after going off the initial condition the item will with stay in one state with certain probability. Or we may use the help of absolute probabilities and to determine in which state the item will be after going off specific number of some measured units. This ways allows us to get the dynamic (in time) picture about the object observed.
4. CONTINUOUS DISTRIBUTION OF OBSERVED VARIABLE AND DEPENDABILITY
As we described the counting variable regarding the observed item above we also may use the continuous variable for getting a picture about the object behaviour. We are looking for random function NF X(t), where X(t) gets values from set I={0,1,2}. We call the items from set I as the states of observed process. If the parameter involved (time for instance) t = <0,<x>), than we call the random function NF X(t) as Markov's chain with continuous parameter. We also call such a chain homogenous if following formula is valid:
pij(s,t) = pij (0,s-t) = pij(t-s); s < t. (11)
It is clear from above mentioned formula that the transition probabilities among each states are dependent on difference of arguments t-s and are independent on arguments t and s selves. Such a model is valid for those items and systems which are not capable to perform any operation even in reduced mode when a failure occurs. From the states point of view they immediately transfer from state "0" - operating state to state "1" - disabled state. This form is the most frequently used and for those items or systems with partial performance capabilities is extended of at least one mean state. Items or systems behaving in this way are not very suitable for us due to potential danger of complex inability to perform any function in case of failure. The transitions among states might be described either using probabilities or rates (as displayed bellow). The transitions among states might be any and the model has following form:
qoo qrn__Jii-V
Rm nr?
qio
As well as in the previous part with counting parameter we use the same description for states. The assignment "0" means that the item/system is in operating state and the assignment "1" means that the item/system is in disabled state. Such a description may be applied on different completes (e.g. vehicles) systems (e.g. weapon system) or subsystems (e.g. engine) in frame of military equipment. We are also able to create plenty of different scenarios for each state description.
For transition rate is valid this form: For i = 0 and j = 1 than it will be:
q. =—1— = —1—, (12)
1 MTBF EP(X)
where EP (MTBF - Mean Time Between Failures) - is the mean value of time to failure and ie{0;1}, je{0;1}, whereas j ^ i.
For i = 1 and j = 0 than it will be:
q,,=—^ = —(13) 1 MTTR EO(x)
where EO (MTTR - Mean Time To Reparation) - is the mean value of time to repair and i = 0, j = 1.
We presume following apart of above mentioned mathematical notations. The following formula is valid for the Markov's chain with continuous parameter. We define the transition rate as follows. Lets have h which denotes an increment of the argument t, than value qij where
Pj(h)
qi = lim—--, for i ^ j (14)
h^ro h
whereas Pj denotes transition probability from state iinto state j during an interval with length h, than we call the value qj as transition probability from state i into state j. Using formula (14) the following is also valid: Pj(h) « qij.h. (15)
If the pii(h) denotes transition probability from state i into state j during a time interval t, than we call the value qi, where
qi = lim -—P" (t^ , zde pokladame qi = -qii, (16)
h
as transition rate from state i. Using formula (15) the following form is also valid:
pn(hM-q,h. (17)
Values qt and qj also fulfil condition:
qi = E qy, for all i e I, (18)
where I is a set of states considered Ie{0;1;2;...}
We also would like to introduce the equations for transition probabilities calculation. The forms are as follows:
pj(t) =E pjtjqk,, for ij eI. (19)
kel
We also would like to introduce the equation system for absolute probabilities calculation. The forms are as follows:
pi(t) =E pk(t).qM, kde ieI. (20)
ke l
It is necessary to know the particular transition rates among states for exact calculation above mentioned differential equations. These equations are to give us exact information about the system and especially in what time the system will be in a particular state.
We see as suitable using the theory of "Inherent availability of complex system composed from many mutually independent components" for each measures (like the transition rate for instance) calculation. The results of these differential equations will give us the transition probabilities as well as the absolute probabilities for expressing what time the system will be in what state. Such a piece of information is exactly well related with the dynamic dependability measures. Our decision making would be much harder without this kind of information. That is why we do appreciate such as procedures for dynamic dependability indication especially regarding military vehicles.
5. CONCLUSION
This paper describes the procedures which are suitable for dynamic risk/dependability characteristics assessment. We have been desperately looking for new and progressive methods which allow us to get more precise view on military (battle) equipment. The more information about such as equipment we have the more successful the possible deployment might be.
One of things we have to take into account and not appear like it does not interest us is risk. The risk is very high both in training time and in real deployment as well as the risk profile. The first part of the paper deals with the basic understanding of risk and elementary formulas for its expression. The following parts show the dynamic dependability assessment and investigation both for counting and for continuous situations. We need to be aware using each procedure and respect each conditions in particular procedure.
Both of procedures shown above have been proved in frame of the Czech Armed Forces on respective equipment. In these examples has been confirmed the ability of mathematical procedures to express the system behaviour in terms of the dynamic dependability. The results were corresponding with reality as well as with our expectations.
ACKNOWLEDGEMENT
This contribution has been made with support of "Research Purpose Fund" of Faculty of Military Technology Nr. 0000 401, University of Defence in Brno.
BIBLIOGRAPHY
[1] KROPAC, J.: Vybrané partie z nahodnych procesû a matematické statistiky, Brno: VA v Brne 2002, Skripta S-1971.
[2] KROPAC, J.: Zaklady nahodnych funkci a teorie hromadné obsluhy, Brno: VAAZ 1987, Skripta S-1751/A.
[3] VALIS, D.: Analysis of vetronics application consequences onto military battle vehicles dependability, Brno: VA v Brne 2003, Dissertation thesis.
[4] VALIS, D.: Fundamentals of description, perception and value determination of Risk. Liberec: Technical University 2005.
[5] VALIS, D., Contribution to Reliability and Safety Assessment of Systems. In: Sbornik prispëvkû konference - Opotrebeni Spolehlivost Diagnostika 2006, Brno: Universita Obrany, 31. rijen - 1. listopad 2006, str. 329 - 337, ISBN 80-7231-165-4.
[6] VALIS, D., Assessment of Dependability of Mechatronics in Military Vehicles. In: Sbornik prispëvkû konference - Opotrebeni Spolehlivost Diagnostika 2006, Brno: Universita Obrany, 31. rijen - 1. listopad 2006, s. 309 - 319, ISBN 80-7231-165-4.
[7] VALIS, D., VINTR, Z., Dependability of Mechatronics Systems in Military Vehicle Design. In: Proceedings of the European Safety and Reliability Conference "ESREL 2006" (September 18 - 22, 2006, Estoril, Portugal), London/Leiden/New York/Philadelphia/Singapore: Taylor&Francis Group 2006, p. 1703 - 1707, ISBN 10 0 415 41620 5.
