1406 IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 42, NO. 4, AUGUST 1995
Development of an On-Line Fuzzy Expert System for Integrated Alarm Processing in Nuclear Power Plants
Seong So0 Choi, Ki Sig Kang, Han Gon Kim, and Soon Heung Chang, Member, ZEEE
Abstract-An on-line fuzzy expert system, called alarm fil- tering and diagnostic system (AFDS), was developed to provide the operator with clean alarm pictures and system-wide failure information during abnormal states through alarm filtering and diagnosis. In addition, it carries out alarm prognosis to warn the operator of process abnormalities.
Clean alarm pictures that have no information overlapping are generated from multiple activated alarms at the alarm filtering stage. The meta rules for dynamic filtering were established on the basis of the alarm relationship network. In the case of alarm diagnosis, the relations between alarms and abnormal states are represented by means of fuzzy relations, and the compositional inference rule of fuzzy logic is utilized to infer abnormal states from the fuzzy relations. The AFDS offers the operator related operating procedures as well as diagnostic results. At the stage of alarm prognosis, the future values of some important critical safety parameters are predicted by means of Levinson algorithm selected from the comparative experiments, and the global trends of these parameters are estimated using data smoothing and fuzzy membership. This information enables early failure detection and is also used to supplement diagnostic symptoms.
The AFDS has been validated and demonstrated using the full- scope simulator for Yonggwang Units 1, 2. From the validation results, it can be concluded that the AFDS is able to aid the operator to terminate early and mitigate plant abnormalities.
I. INTRODUCTION 0 PERFORM their tasks effectively, operators must T be able to process large amounts of information of
various degrees of importance and different formats. Among this information, alarms are the principal means to detect abnormalities in nuclear power plants (NPPs). Conventional alarm systems activate alarms directly from plant analog and binary data. The use of individual setpoints for process parameters and the annunciation of each violation separately are still prevalent in most plant control rooms. In these systems, the basic approach is to set alarms everywhere and let the operator filter and interpret them. However, when a plant- wide malfunction occurs, there is an enormous alarm influx. So, it becomes difficult for even proficient operators to filter fired alarms and identify plant disturbances.
To overcome the problems associated with conventional alarm systems, various efforts for the development of alarm processing systems (APS s) have been undertaken. Several
Manuscript received January 6, 1995; revised April 17, 1995. The authors are with the Korea Advanced Institute of Science and Technol-
ogy, Department of Nuclear Engineering, Yusong-gu, Taejon 305-701, Korea. IEEE Log Number 9412916.
alarm filtering schemes such as alarm trees [l] or cause- consequence trees  were proposed to identify and prioritize alarm information. However, these schemes require a signif- icant effort to develop the trees, and if the configuration of a plant is changed, it is very difficult to modify the asso- ciated trees. Improved filtering schemes have been proposed and implemented with advanced computer technologies. They include expert systems concepts , temporal reasoning , and alarm generation model .
A number of techniques for diagnostic reasoning have been suggested. The representative schemes are expert system reasoning under uncertainty, numerical simulation techniques, artificial neural networks (ANNS), and model-based reason- ing. Many of the past expert systems perform diagnosis with deterministic, shallow knowledge but such systems are apt to lead to incorrect conclusion. To supplement this weakness, a number of reasoning techniques under uncertainty have been developed using certainty factors  , Bayesian network , and fuzzy logic , . Numerical simulation techniques using mathematical reference models have also been proposed [ 101. By comparing measured process variables with corresponding calculated values from reference models, this approach is able to detect and localize slowly developing faults quickly. A recent idea is to incorporate an ANN into a diagnostic domain. This may yield great benefits in terms of speed and robustness and be implemented easily without the effort of modeling [ 1 11. In addition, qualitative model-based reasoning, which is based on the physics principles and deep knowledge, has been developed . The advantages of this approach are its ability to diagnose unexpected events and its robust knowledge base. However, problems remain because this technique is to be limited in the class of problems to which it can be applied and may be computation-intensive.
An on-line fuzzy expert system, called alarm filtering and diagnostic system (AFDS), was developed for the purpose of dynamic alarm filtering, overall plant-wide diagnosis, and alarm prognosis. The main objective of the system is to aid the operator by providing clean alarm pictures and compact information about plant abnormalities. The target plants for the AFDS are Yonggwang Units 1, 2.
The AFDS was implemented on a SUN SPARC 2 work- station. Its knowledge base and inference engine were pro- grammed by using the Quintus@ prolog and C languages and the user interface was implemented by the X window system for graphical presentation. The AFDS was developed using modular architecture and integrated with the OASYSTM (on-
0018-9499/95$04.00 @ 1995 IEEE
CHOI et al.: DEVELOPMENT OF AN ON-LINE FUZZY EXPERT SYSTEM FOR INTEGRATED ALARM PROCESSING IN NUCLEAR POWER PLANTS 1407
line Operator Aid SYStem)  which was installed in the simulator for the target plants.
In Section 11, the overall structure of the AFDS is described. In Section 111, the development strategies of the system are described, including its alarm filtering, diagnostic, and prog- nostic scheme. The validation and demonstration of the AFDS are presented in Section IV.
11. OVERALL STRUCTURE OF THE AFDS
The AFDS is designed to perform both dynamic filtering of multiple fired alarms and overall system-wide diagnosis when an abnormal state occurs. In addition, it executes alarm prognosis to warn the operator of process disturbances in advance and it generates high-level alarms which can be used as auxiliary diagnostic information. The alarm filtering and diagnostic knowledge bases are organized as object- oriented concepts. Object-oriented programming is a powerful technique used in artificial intelligence (AI). It provides the advantages of modularity, expressiveness, and data abstraction. This approach reduces the development and maintenance costs because the knowledge base can be easily built and modified. The diagnostic process uses the compositional inference rule of fuzzy logic which is appropriate for manipulating insufficient or uncertain symptoms.
The functional structure of the AFDS is shown in Fig. 1. As shown in the figure, this system can be used in an on-line state for supporting the operator as well as in an off-line state for training operators. It consists of the following seven parts: data acquisition module, system manager, plant database, alarm filtering module (AFM), alarm diagnostic module (ADM), alarm prognostic module (APM), and user interface. Detailed descriptions of the AFM, the ADM, and the APM are given in the next section. The functions of the other parts are as follows:
1) The data acquisition module receives plant analog data, binary data, and alarm data through an RS232C cable from the real-time, full-scope simulator of the target plants.
2) The system manager controls the operation state (on- line or off-line) according to the operators selection and stores on-line data acquired through the data acquisition module in the plant database. During an off-line state, alarm data are obtained by using a mouse. In addition, the required data are sent to the other modules and the results of each module are directed to the user interface.
3) The plant database contains past on-line data which are called history data. These data are necessary for several purposes such as alarm loop solving and trend estimation.
4) The user interface presents various information to the operator in a graphical and text format. The AFDS adopts two levels of display in a hierarchy. It is based on the evaluation experiments of the HALO (Handling of Alarms using Logics) which is the advanced alarm system developed at OECD Halden Reactor Project. In the experiments, one conclusion was that a two- level display was optimal because a three-level display
A PM on-line data
M o w I Plant I
B Usu Interface Fig. 1. Functional structure. of the AFDS.
was cumbersome and time-consuming to use in stressed situations [ 141.
111. DEVELOPMENT STRATEGIES OF THE AFDs
A. Alarm Filtering Scheme
The purpose of the AFM is to prioritize multiple fired alarms dynamically. It de-emphasizes those alarms that are irrelevant to the current plant mode or do not contribute significant new information. It emphasizes those alarms that have high static importance or a causal function. This module is composed of the filtering knowledge base and filtering inference engine.
I) Filtering Knowledge Base: The filtering knowledge base is constructed using an alarm relationship network as the structure of knowledge organization and a frame as the method of knowledge representation. The alarm relationship network is developed by creating instances of alarm frames, which are the nodes of the network. To check the consistency and completeness of the network, the network checking program was developed. This checking program examines loop relations in the network in order to avoid infinite inference during filtering using meta rules. The frame is a data structure whose components are called slots. Slots have names and accommodate information of various kinds. In frame representation, facts are clustered around objects. Object, here, means either a concrete physical object or a more abstract concept such as a class of objects. In the AFM, an alarm frame in the knowledge base consists of six slots whose names are identifier, static importance, relevant mode,
1408 IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 42, NO. 4, AUGUST 1995
TABLE I CATEGORY OF CONVENTIONAL ALARMS
characteristic Example alarm
ROD CONlROL URGENT FAILURE
facilities AFW SIGNAL MOTOR DRlVE AClUAlFD DSL GEN AM ROU DURING ESFAS
level precursor, direct precursor, and loop alarm respectively. The information contained in each slot is as follows:
1) The identifier is an alarm tag. 2) The static importance is a property for giving high
priority to those alarms which are important in itself in a plant safety and availability aspect. These kinds of alarms are classified into three categories on the basis of the review of the main control room design of Yonggwang Units 1, 2 . Some examples of these kinds of alarms are shown in Table I.
3) The relevant mode validates the alarms related to current plant operating mode and inhibits others which are called standing alarms. The most common way of identifying operating modes is to check the status of some important process parameters, e.g., power, reactor coolant average temperature, and reactivity. In the AFDS, six plant oper- ating modes are recognized. There are: power operation, startup, hot standby, hot shutdown, cold shutdown, and refueling.
4) The level precursor uses the relationship among the alarms that usually occur when there are two or more setpoints on the same process parameter. Suppose alarm As setpoint is at one level, while alarm Bs setpoint is at another level such that A should normally be activated first. Then, A is called a level precursor to B. As activation should always occur before Bs and Bs deactivation should always occur before As.
5) The direct precursor uses causal relations among two or more alarms. Suppose alarm A is a possible cause for the activation of alarm B. Then, A is called a direct precursor to B. If both are active, B will be de- emphasized with respect to A, focusing attention on the
Level Precursor - I I P E R PRV PV-445A OPENING -
~ ~~~ ~
(a) Direct Precursor
OPENING TEMP HIGH
Fig. 2. Example of precursor relation.
TABLE 11 ALARM FILERING META RULES
I Ruleno. 1 Rule description I I Rule1 I [IF] therearestandingalarms I I [THEN] lower the priorities of these alarms to the third level
Rule 2 PF] there are level precursors against an alarm I I [THEN] lower the priorities of the level precursors to the I
second level there are d m t precursors against an alarm Rule 3 I [IF]
I I [THEN] lower the priority of the alarm to the second level I
lower the priority of the consequential alarm to the second level using history data
possible cause. An example of the precursor relation is shown in Fig. 2.
6) The loop alarms are defined as two alarms whose causal relation depends on a specific process condition. Because their relation depends on a plant specific condition, it is impossible to identify a causal alarm between the loop alarms by using only alarm data. So, in the AFM, the history data which are the past analog data are used to analyze causal relations.
For example, the sample frame which expresses a PRZR LEVEL HIGH alarm is as follows (see table at bottom of
The filtering knowledge base also contains strategic rules formalized in an [IF-THEN] format for alarm filtering. As shown in Table 11, four meta rules were established for filtering.
alarm( identifier PRZR LEVEL HIGH
relevant-mode [power-operation] level-precursor direct-precursor [OVERPOWER DT ALERT
[PUR CONT LEVEL HIGH HEATERS ON]
LOOP 1 RC T AVG HIGH . .] [CHARGING FLOW CONT FLOW HILO VOL CONT TK LEVEL HIGHLOW. . -3).
CHOI et al.: DEVELOPMENT OF AN ON-LINE FUZZY EXPERT SYSTEM FOR INTEGRATED ALARM PROCESSING IN NUCLEAR POWER PLANTS 1409
2) Filtering Inference Engine: The filtering inference en- gine processes fired alarms with their alarm frames and the filtering meta rules. For this reasoning, forward chaining, which searches from data to goals, is used. Through the execution of the meta rules on the frames of multiple fired alarms, both consequential alarms which have low static importance and standing alarms are lowered in priority. The priority of the AFM is divided into three levels. The first level alarms are those which are causal alarms or important alarms statically. Consequential alarms that may result from causal alarms belong to the second level if they are not important in a plant safety and availability aspect...