Quantitative Risk Analysis Model of Integrating Fuzzy Fault Tree with Bayesian
Network
Van Fu WANG, Min XIE, Kien MingNG
Department of [ndustrial & Systems Engineering,
National University of Singapore,
10 Kent Ridge Crescent, Singapore
Abstract - In this paper, a new quantitative risk analysis
model of integrating fuzzy fault tree (FFT) with Bayesian
Network (BN) is proposed. The first step involves describing
a fuzzy fault tree analysis technique based on the Takagi and
Sugeno model. The second step proposes the translation
rules for converting FFT into BN. Based on this, the
integration algorithm is demonstrated by an offshore fire
case study. The example clearly shows that FFT can be
directly converted into BN and the classical parameters of
FFT can be obtained by the basic inference techniques of
BN. By using the advantages of both techniques, the model
of integrating FFT with BN is more flexible and useful than
traditional fault tree model. This new model not only can be
used for describing the causal effect of accident escalation
but also for computing the occurrence probability of
accident based on historical data and fuzzy logic.
Keywords - Quantitative Risk Analysis Model, Fuzzy
Fault Tree, Bayesian Network
I. [NTRODUCTION
In conventional fault tree analysis (FTA), the probabilities of the basic events are treated as exact values. However, in many cases, it is generally difficult to
estimate the precise probabilities of basic events from the
past experiences. So, it is necessary to develop a new method to capture the imprecision of failure data for use
in the FT A. [t may be more appropriate to use fuzzy numbers instead of the exact probability values [1] Extensive research has been conducted through applying fuzzy sets theory in FTA. Reference [2] is the earliest to
research fuzzy fault tree (FFT), which treated
probabilities of basic events as trapezoidal fuzzy numbers, and applied the fuzzy extension principle to determine the
occurrence probability of TE. Reference [3] analyzed fuzzy reliability using L-R type fuzzy numbers. [n order
to facilitate the calculation of Singer's method, revised
methods to analyze the fault tree (FT) by specifically
considering the failure probabilities of basic events as triangular fuzzy numbers is proposed [4]. Reference [5] adopted possibility theory to analyze FFT. Intuitionistic
fuzzy methods are used to analyze FT on printed circuit board assembly [6]. Reference [7] presented a method that overcomes the drawbacks of traditional FTA through
fuzzy fault tree analysis (FFTA) based on possibility measures and fuzzy logic. A novel FT A technique based
on the Takagi and Sugeno (T -S) model is proposed [8]. Since the proposed TS-FT A is derived from fuzzy logic
This paper is sponsored by Singapore's Agency for Science, Technology and Research (A*STAR) and Poland's Ministry of Science and Higher Education(MSHE) (SERC grant number 0721340050)
978-1-61284-4577-0085-9111/$26.00 ©2011 IEEE
Yi Fei MENG
Department of Chemical Engineering,
China University of Petroleum,
Qingdao 266555, PR China
and the T -S model, it can readily handle fuzzy
information and uncertainties in the relationships among
events. It is obvious from the above reviews that FFT A has
been applied to many real problems effectively. FFTA can offer an efficient method of representing the fault causes
and cope with the existence of several faults at the same time. However, FFTA does not have the same capability
of incorporating the evidence into the reasoning that Bayesian Network (BN) has. Moreover, FFTA is entirely
deterministic and no evidence can be given without reevaluating the FT [9].
BN model is a tool used to manage uncertainty using
probability [10]. A fundamental assumption for BN is that
the strength of the interaction/influence among the graph
nodes is uncertain, and thus this uncertainty is represented by assigning a probability of existence to each of the links
joining the different nodes[ll].Updating the probability is
possible when observation is performed on the system
[12]. Reference [13] proposed the conversion thinking
from FT to BN. This conversion algorithm is innovative but their probability calculation of FT and BN are insufficient. Reference [14] extended FTs by defining the
time-to-failure of FT as deterministic functions of the
corresponding input components' time-to-failure.
BN can provide a relatively simple and updatable fire
dynamic model that can accommodate uncertainty of the
relationships among basic events [15, 23]. However, BN is unable to determine accurately how the failures cause the undesired fault, which is the advantage of FT [9]. Thus, in this paper, we attempt to extend the use of FFT to be integrated with BN, for which the probability
calculation is more flexible and convenient.
[I. METHODOLOGY
A. Fuzzy Fault Tree Analysis
Because the exact causes of accident may not always be known in many cases, the conventional gates of FT are
not suitable when there are uncertainties in the
relationships among events. To handle these uncertainties, a new gate based on the Takagi and Sugeno (T -S) model
is presented. The failure possibility of the TE can be computed by the T -S model from the fuzzy possibilities of the basic events, discussed as follows.
T-S model include a set of IF-THEN fuzzy rules, which
can be used to describe the relationships among events.
267
So it can be used to construct the T -S Gate. Consider the I th rule of the T -S model [16]: Suppose the magnitude of
the failure possibility of the basic events Xv x2, ... , Xn and super events Y are denoted respectively by: (xi, xL ... , xt1), (x�, x�, ... , X�2), ... , (x�, x�, ... , x�n) and
yl, y2,... , yky , which satisfy the following equation:
o ::; xi < xi < ... < xt 1 ::; 1 o < xi < x� < ... < X�2 ::; 1
o ::; xA < x� < ... < x�n ::; 1 o ::; y1 < y2 < ... < yky::; 1
Then the T -S gate can be represented by the following fuzzy rules, Rule I (I = I, 2, ... ,m) :
If Xl is xiI, and X2 is X�2, . . . , and Xn is xhn, then the possibility of y1 is pl(y1) , y2 is pl(y2) , ... , yky is pi (ykY) , where i1 = 1,2, ... , k1; i2 = 1,2, ... , k2; in =
1,2, ... ,kn; m is the number of fuzzy rules, m =
k 1k2 ... kn· In order to obtain the fuzzy rules, the possibility
magnitude of basic events should be defined according to the historical data and/or experts' experience. And then the fuzzy failure possibilities of TE can be obtained from the basic events using fuzzy logic.
Suppose the possibility magnitude of basic events is x' = (x�, x;, ... , x�), the fuzzy failure possibilities of the TEs can be obtained by the T -S gate [8],
where,
ill
p(y1) = L>� (x')pl(y1) 1= 1
ill
p(y2) = I p�(x')pl(y2) 1= 1
ill
p(yn) = I p�(x')pl(yn) 1= 1
(:1.* ( ') =
rr)=l [lex)) t-'I X " ill rrn (') LI=l j=l [l Xj
and [lex)) is the membership of xj for the corresponding fuzzy set.
Suppose the fuzzy possibility of the basic events is: p(xi 1 )(i1 = 1,2, ... ,k 1) p(x�2)(i2 = 1,2, ... ,k2) ... p(xhn)(in = 1,2, ... , kn), then the possibility of the rule I is : pi = p(xi1) p(X�2) ... p(xhn) (I = 1,2 ... m) .
The fuzzy possibility of the TE is calculated by:
m
p(y 1) = I pl. pl(y1) 1= 1
m
p(y2) = I pl. pl(y2) 1= 1
m
p(yn) = I pl. pl(yn) 1= 1
The "AND" and "OR" gates in the conventional FT A can be implemented by the T -S gate. The "AND" gate can be represented by the following fuzzy rule: If Xl is 1, and X2 is 1, and . . . , and Xn is 1, then the possibility ofy1
= 0 is 0, y2 = 0 is 0, ... , the possibility ofyky = 1 is 1.
The "OR" gate can be represented by the following rules: { Rule I (I = 1, 2, ... , m) :
If XI is 1 , then the possibility of y1
= 0 is 0, y2 = 0 is 0 , ... , the possibility of yky = 1 is 1.
B. Bayesian Network
BN is a probabilistic graphical model that represents a set of random variables and their relations via a directed acyclic graph (DAG) [17]. BNs are known to be useful in assessing the probabilistic relationships and identifying probabilistic mappings between system events [18]. The graphical structure of a BN depicts a qualitative illustration of the interactions among the random variables. Numerically, a BN represents the joint probability distribution among the modeled variables [19]. The variables of a BN are defined as the causes of accidents, while the links represent the interaction of the failure events. The conditional independence assertions about the variables, represented by the absence of arcs, allow decomposition of the underlying joint probability distribution. This significantly reduces the complexity of inference tasks on the BN [14].
Let G = (V, E) be a DAG and X = (Xv) v L V be a set of random variables indexed by V. X is a BN with respect to G if its joint probability density function can be written as a product of the individual density functions, conditional on their parent variables [20]:
P(x) = n P(xvlxpa(v)) VEV
where, pa (v) is the set of parents of v. For any set of random variables, the probability of any member of a joint distribution can be calculated from conditional probabilities using the chain rule as follows:
P(X1 = xv .. · , Xn = xn) = rr�=l P(Xv = Xv/XV+1 =
xv+v ... ,Xn = xn)
268
From the joint probability distribution P(X1 =x1, ... ,
Xn=xn), various marginal and conditional probabilities
can be computed [21].
C. Translation rules for converting fuzzy fault tree to Bayesian network
Generally, traditional FT can be converted into a BN,
and that inference technique of BN may be used to obtain classical parameters of FT [13]. The dynamic FT can also
be mapped into an equivalent discrete-time Bayesian
network [24]. Similarly, FFT can also be transformed into
Bayesian network for convenient analysis. Specifically, a FFT can be transformed into an
equivalent BN as follows: • Each basic event of the FFT is converted into a
corresponding child node in the BN. The child nodes are triple (high/medium/low) and let the failure
magnitude of corresponding state be 1,0.5 and °
respectively (arbitrary values stand for different states );
• Each child node in the BN is assigned the same prior
probability as the possibility magnitude of the corresponding basic event in the FFT;
• For each gate of the FFT, a relevant parent node in
the BN is created;
• Child nodes in the BN are connected to the parent
node as the basic events are connected to the
associated gates in the FFT; • Each parent node of the BN is assigned to the same
conditional probability table (CPT) as the relevant fuzzy T -S gate in the FFT. The Boolean functions
modeled by the gates in the FFT are modeled by
parent nodes in the BN;
X6
ignition 1M 1
X7 X8
X5
Jet fire ITO
@
><4
• The parent nodes in the BN are connected as the relevant gates are connected in the FFT.
III. CASE STUDY
A. Fuzzy fault tree analysis In this section, the integration algorithm mentioned
above is demonstrated by an offshore fire case study. Firstly, the most credible fire scenario for compressor unit of offshore production is analyzed using FFT A:
flammable gas continuously release from compressor or
its pipeline of offshore platform and it would cause a jet
fire if the released gas is ignited along with releasing. The
jet fire may cause other units to fail [22]. Secondly, the
FFT is converted to BN and the BN model is analyzed using software. Finally, the occurrence probability of jet
fire scenario and the posterior probabilities of all basic events are predicted by BN inference.
FFT is constructed to analyze causal effect of the jet fire in Fig.l.
The failure magnitude of the basic events is defined according to historical data and experts' experience, e.g.,
High, Medium and Low correspond to 1, 0.5 and °
respectively. The possibilities of basic events and yearly
failure frequency of each basic event, where the magnitude of possibility of basic events is 1, are shown in Table I.
Those frequency data of basic events were collected
from Offshore Reliability Data Handbook and World
wide Offshore Accident Databases. Suppose the fuzzy possibilities of all basic events failing with a magnitude of
0.5 are the same as that with a magnitude of 1. Taking M1 as example, how the IF-THEN fuzzy rules can
constitute a T-S gate is demonstrated in Table II.
X2 X12
Xl ><9 Xl0 X"
Figure I. Fuzzy fault tree of Jet fire
TABLE!. X5 Release from upstream pipeline 0.024 0.952
BASIC EVENTS OF FAULT TREE X6 Ignition due to explosion energy 0.075 0.85 X7 Ignition due to surrounding heat 0.1 0.8
Basic events possibility possibility X8 Ignition due to electric spark 0.125 0.75 ofX=1 ofX=O X9 Release junction of pump and pipeline 0.005 0.99
XO Release from downstream pipeline 0.003 0.994 XIO Release from rotor 0.03 0.94
XI Compressor failed causing release 0.035 0.93 XII Pump failed to operate 0.075 0.85
X2 Release from impeller 0.05 0.9 XI2 Release from casing 0.1 0.8
X3 Release from seal 0.06 0.88 X4 Release from casing of compressor 0.025 0.95
269
TABLE II.
T-SGATEMI
P(M1 = 0) = Lf�l pl. pl(Ml = 0) = Lf�l pi (X6) . pl(X7)' pl(X8)· pl(Ml = 0) = 0.6183.
MI The fuzzy possibilities of other T -S gates are
----:-R_ul_e_
--::X_6 __
----::X_7 ___ X:-8 __ ----,.I-,-::-__
--:O,..,
.5:------::
0:-:-::
__ calculated using the same method, The calculation results
I 0 0 I 0.65 0.2 0.15 are shown in Table III. 2 0 0 0.5 0.25 0.5 0.25 3 0 0 0 0 0 1 4 0 0.5 I 0.85 0.1 0.05 5 0 0.5 0.5 0.55 OJ 0.15 6 0 0.5 0 0.l5 0.4 0.45 7 0 I I 0.9 0 0.1 8 0 I 0.5 0.8 0.1 0.1 9 0 1 0 0.7 0.2 0.1 10 0.5 0 I 0.8 0.1 0.1 II 0.5 0 0.5 0.6 0.4 0 12 0.5 0 0 0.2 0.5 OJ 13 0.5 0.5 I I 0 0 14 0.5 0.5 0.5 0.7 OJ 0 15 0.5 0.5 0 0.6 0.4 0 16 0.5 I I 0.95 0 0.05 17 0.5 I 0.5 0.8 0.1 0.1 18 0.5 1 0 0.7 0.3 0 19 I I I I 0 0 20 I I 0.5 I 0 0 21 1 1 0 1 0 0 22 I 0.5 I I 0 0 23 I 0.5 0.5 I 0 0 24 1 0.5 0 1 0 0 25 I 0 I I 0 0 26 I 0 0.5 I 0 0 27 1 0 0 1 0 0
The fuzzy possibility of Ml can be obtained according
to T -S model as follows:
P(M1 = 1) = Lt�l pl. pl(Ml = 1) = Lt�l pl(X6) . PIX7, PIX8'PIMl=1=O,2079;
P(M1 = 0.5) = Lf�l pl. pl(Ml = 0,5) = Lf�l pl(X6) . pl(X7)' pl(X8) . pl(Ml = 0.5) = 0,1738;
TABLE III.
FUZZY POSSIBILITY OF EACH T -S GATE
T -s gate High(l) Ml 0.2079 M2 0.0693 M3 0.0572 M4 0.094 M5 0.0168 TO 0.0755
Medium(0.5) 0.l738 0.0837 0.0362 0.0867 0.179
0.0951
Low(O) 0.6183 0.847
0.9066 0.8193 0.8042 0.8294
B. Converting fuzzy fault trees to Bayesian networks
The BN corresponding to the above FFT is depicted in
Fig.2. The CPTs of BN are the same as the above T-S gate of FFT, The CPT of node "ignition" is the same as the data of Ml gate, which is shown in Table II. The
CPTs of other nodes are calculated using the same method, After all CPTs are elicited, we can perform the probability analysis using Bayesian inference,
From the Bayesian inference, we can know that the fuzzy possibility of TE is:
P(Io = 1) = 0.0824 P(Io = 0,5) = 0.0998
P(Io = 0) = 0.818 The conditional probabilities of basic events are presented
in Table IV,
Figure 2. Bayesian network ofJet fire
TABLEIY. X4 0,025 3J7 0.0002898 CONDITIONAL PROBABILITY OF BASIC EVENTS X5 0.024 3.29 0.0002918
X6 0.075 0 0.02431 Prior Probability(X Posterior Entropy reduction X7 0,1 4.17 0.01316 at high state) Probability (%) X8 0,125 43 0.0822
XO 0,003 0.41 3.58ge-005 X9 0.005 0.62 2.944e-005 Xl 0.035 4.71 0.0004035 XIO 0,03 3.72 0.0001785 X2 0,05 7.17 0.0008902 XII 0,075 9.68 0.0006508 X3 0,06 8.09 0.0007129 X12 0.1 12.4 0.0006254
270
From Table IV, it can be seen that event X5, X6 and
X7 give more contribution to the occurrence of the eventual accident. This analysis shows that particular attention should be paid to "explosion energy",
"surrounding heat" and "electric spark", as these events
are most likely to cause eventual jet fire.
IV. CONCLUSION
In this paper, we presented an approach of making FFT
to be logically and probabilistic ally integrated with BN.
The case study clearly shows that FFT can be directly
converted into BN and the classical parameters of FFT
can be obtained by the basic inference techniques ofBN. The use of fuzzy logic in FFT A allows fuzzy
information such as linguistic information to be incorporated. It can deal with uncertainties of the failure causes, due to insufficient knowledge of the relationships
among basic events. Therefore the FFTA is more suitable
for analyzing the failure causes than the traditional FT A. BN is useful for assessing the probabilistic relationships
and identifying probabilistic mappings between basic events. It can also be used for predicting the marginal
posterior probabilities of each basic event, which are often used to identify the criticality of basic events. Controlling the occurrences probability of these crucial events would
considerably reduce the probability of eventual accidents. The model of combining FFT and BN is more flexible
and useful than traditional FT model. This novel model
not only can be used for describing the causal effect of accident escalation but also for computing the probability of accident based on historical data and fuzzy logic.
REFERENCES [I] M.Celik, S. M. Lavasani, and 1. Wang, "A risk-based modelling
approach to enhance shipping accident investigation," Safety Science, Vol. 48, pp. 18-27,2010.
[2] H.Tanaka, L. T. Fan, F. S. Lai, and K. Toguchi, "Fault tree analysis by fuzzy probability," IEEE Transactions on Reliability, Vol. 32, pp. 453-457, 1983.
[3] D. Singer, "A fuzzy set approach to fault tree and reliability analysis," Fuzzy Sets and Systems, Vol. 34, pp. 145-155, 1990.
[4] L. Chen, G. L. Wang, and H. R. Meng, "Fault tree analysis of an oil well pump," Acta Petroleum Sinica, Vol. 16, pp. 145-151, 1995.
[5] H. Z. Huang, X. Tong, and M. Zuo, "Posbist fault tree analysis of coherent systems," Reliability Engineering and System Safety, Vol. 84, pp. 141-148,2004.
[6] M. H. Shu, C.H. Cheng, and 1. R. Chang, "Using intuitionistic fuzzy fault-tree analysis on printed circuit board assembly," Microelectronics Reliability, Vol. 46, pp. 2139-2148, 2006.
[7] H. Ping, H. Zhang, and M. J. Zuo, "Fault tree analysis based on fuzzy logic," In: Annual Reliability and Maintainability Symposium, pp. 77-82,2007.
[8] H.Song, and H. Y. Zhang, "Fuzzy fault tree analysis based on T-S model with application to INS/GPS navigation system," Soft computing, Vol. 13, pp. 31-40,2009.
[9] M.Lampis, and J. D. Andrews, "Bayesian Belief Networks for System Fault Diagnostics," Quality and Reliability Engineering International, Vol. 25, pp. 409-426, 2009.
[10] H.Cheng, and G. V. Hadjisophocleous, 'The modeling of fire spread in buildings by Bayesian network," Fire Safety Journal, Vol. 44, pp. 901-908,2009.
[II] O.Doguc, and J.E. Ramirez-Marquez, "A generic method for estimating system reliability using Bayesian networks," Reliability Engineering and System Safety, Vol. 94, pp. 542-550,2009.
[12] M. Fontana, and T. Maag, "Fire risk assessment based on Bayesian networks," in: Proceedings of the Fifth SFPE Conference on Performance-Based Codes and Fire Safety Design Methods, pp. 238-249,2004.
[13] L. Bobbio, M. Portinale, and E. Minichino, "Improving the analysis of dependable systems by mapping fault trees into Bayesian Networks," Reliability Engineering and System Safety, Vol. 71, pp. 249-260,2001.
[14] D. Marquez, M. Neil, and N. Fenton, "Improved reliability modeling using Bayesian networks and dynamic discretization," Reliability Engineering and System Safety, Vol. 95, No.4, pp. 412-425,2009.
[15] H. Bashari, C. Smith, and O.J.H. Bosch, "Developing decision support tools for rangeland management by combining state and transition models and Bayesian belief networks," Agricultural Systems, Vol. 99, pp.23-34, 2008.
[16] L.X. Wang, "Adaptive fuzzy systems and control: design stability analysis," PTR Prentice-Hall, Englewood, 1994, pp. 1-10.
[17] R. Detcher, and R. Mateescu, "Mixtures of deterministicprobabilistic networks and their search space," In: Proceedings of the 20th conference on uncertainty in artificial intelligence, pp.120-129,2004.
[18] Q. Shijun, AM. Agogino, S. Song, 1. Wu, and S. Sitarama, "A fusion of Bayesian and fuzzy analysis for print faults diagnosis," In: Proceedings of the 16th conference on computers and their applications, pp. 229-32, 2001.
[19] A G. Eleye-Datubo, A Wall, A Saajedi, and 1. Wang, "Enabling a powerful marine and offshore decision-support solution through Bayesian Network technique," Risk Analysis, Vol. 26, No.3, pp. 695-721,2006.
[20] 1. Williamson, "Bayesian Nets and causality: philosophical and computational foundations," New York, Oxford University Press, 2005.
[21] P. Trucco, E. Cagno, and F. Ruggeri, "A Bayesian Belief Network modeling of organizational factors in risk analysis: A case study in maritime transportation," Reliability Engineering and System Safety, Vol. 93, pp.823-834, 2008.
[22] F. I. Khan, R. Sadiq, and T. Husain, "Risk-based process safety assessment and control measures design for offshore process facilities," Journal of Hazardous Materials, Vol. 94, pp. 1-36,2002.
[23] Y. P. Wu, Q.P. Hu, K.L. Poh, S.H. Ng, and M. Xie, "Bayesian networks modeling for software inspection effectiveness," in Computational Intelligence and Its Applications, pp. 219-244, 2009.
[24] H. Boudali, and 1. B. Dugan, "A discrete-time Bayesian network reliability modeling and analysis framework," Reliability Engineering & System Safety, Vo1.87, No.3, pp.337-349, 2005.
271