A Design Method for Failure-Proof Systems

A DESIGN METHOD FOR FAILURE-PROOF SYSTEMS

FP3 - 5:00

Hen-Geul Yeh California State Polytechnic University, Pomona 3801 West Temple Avenue Pomona, CA 91768 Sumnary

A method for the failure detection, estimation, distinction and compensation of a linear discrete system is analyzed and discussed. The method is based on the application of Kalman filtering, multiple hypothesis testing and recursive estimation to build a failure-proof system. Introduction In a general sense, failure is any unexpected change which reduces the effectiveness of a particular system. This problem has received increasing attention in recent years. Most of the available techniques are based on one or more of the assumptions: the failure type is known, or the failure location is known (1], [2], [3], [4]. In this paper, four types of most possible failure are considered for the design of a failure-proof system. As mentioned in [4], the design of such a system includes these necessary steps: detection, estimation, distinction, and compensation.

Mathematical Model of Problem

where n(k) is a Gaussian white noise sequence with distribution N[O,V(k)]. If a failure has occurred at time k = 0, then the alternate hypothesis Is given by: H1: y(k) = G(k,0)e + n(k); k > e (6) where n(k) is the same sequence as for Ho, e represents the vector of the system or sensor failure, and G(k,B) defines the effect on the residual at time k due to a unit failure at time 0. In this case y(k) is still Gaussian with covariance V(k), but it now has an (unknown) mean value given by G(k,)e. The weighting function G(k,0) can be derived upon the specific type of failure which occurs. There are four types of failure, namely, measurement impulse, measurement step, dynamics impulse, and dynamics step considered in this paper as defined by equations (4) and (2), respectively. The corresponding weighting functions Gi(k,O), i=l, 2, 3, 4, are given in (1].

Let's define a new sequence, n(k), as follows n(k) = V'-/2(k)y(k) (7) The sequence n(k) has the following properties:

Consider the linear difference equation of the system dynamics as follows:

x(k+l)

4(kl,k)x(k)

+

r(k)w(k)

+

B(k)ex

(k+l )

failure Bkml k,) impulse failure

where

*{I(k,63)

step

(1) (2)

where x(k) eRn is the state vector, with a Gaussian initial condition with distribution N[,PoP], w(k) is a Gaussian white noise sequence with distribution In N[O,Q(k)] and ex(k) is a failure vector i n the syste dynamics. 6(k,O) is a Kronecker delta function and I(k,e) represents a step function.

by:

The observation of the state vector is describekd

y(k+l) * H(k+l) x(k+l) (k+l )

_O(k){I(k:e)

where

0(k)

+

v(k+l)

+

D(k+l)ey

ke) fimpulse failure step failure

(3)

(4)

where y(k)eRP is the observation vector and v(.k) is a Gaussian white noise sequence with distribution N[O,R(k)] and independent of w(k). The sequence ey(k) represents a sensor failure vector. The matrices B(k) and D(k) characterize how the various failure types impact the system dynamics, or the sensor, or both.

Under the assumption that no failure has occurred, a Kalman filter for the system and observation defined by equations (1) and (3) can be implemented. The sequence y(k) generated by the Kalman filter will be referred to as the measurement residuals.

E

Ho: y(k)

=

n(k)

(5)

=

k)nT(k) l

=

V-1/ (k)G(k i)eif H0 I

if Ho

(V-1/2(k) )T+

if

Vl/t2(k)G(k,e)eeTGT(k,O)e

I

Hl

(8)

(9)

The covariance matrix of n(k) is a uwit matrix which shows that the components of n(k) are independent. Taking this advantage, we choose the decision rule as follows:

Q(k)

=

T(j)

j=k-M+l

Ho

xt

(10)

where Q(k) is distributed as a chi-squared variate with Mp degree of freedom if the hypothesis Ho is true. The data window of width M controls the computational requirement, and Q(k) displays a distinct change in magnitude when k changes from k < e to k > e. The value of a is based on the probability of missing alarm (Type I error) and is determined by the system designer. The failure occurrence time is defined when Ho is rejected.

Estimation Once a failure has been detected, the failure vector e is estimated. The recursive estimation algorithm given by [5] is applied.

e&(k,e) = ^i(k-l,6)

+

Mi(k,e)G{(ke)V1(k)

(11

* LYkK)-bi kK,tjei kK- I ,O) j .f

I

S

_[.. _ I a

Mi(k,e) = {I-Mi(k-le)GT(k,e).

[Gi(k,0)Mi(k-l ,o)G{(k ,6)+V(k)1] . G (k,6)1 Mi.(k-1 se)

Detection

Following the work of [1], [2], [3], and [4], the hypothesis that no failures have occurred will be the null hypothesis, Ho, and is written:

E[n(k)]

where 1=1,2,3,4. These four types of failures generate four different types of estimated residuals. Based on 1219

(12)

equation (6), we have

Y1(k,8) = i=1,2,3,4

distinguishing between failures is defined as follows:

Gj(k,e)ei (k,e),

(13)

k > a

n1(k,e) =

Distinction As indicated in [4], the dynamic and measurement failures can take on various forms and will occur at random times. It is appropriate to discuss a failure distinguishability condition- for distinguishing between the failure occurred at dynamic system and the failure occurred at measurement system. Since the residual sequence generated by Kalman filter is referred as the observation sequence and its statistics are used to distinguish between failures, it is apparent that if two or more failure types have the salme values and statistics, then they are indistinguishable. Theorem 1. A time-invariant, observable system described by equations (1) and (3) subjected to the failure type either measurement step or dynamics impulse is indistinguishable if and only if both -the transition matrix 4(k) and the measurement matrix H(k) are identity matrix. The proof of this theorem. is given in [4].

E[ni(k,6)=4()] T

y(k)

-

91(k,o)

i=l ,2,3,4 The following theorems characterize the statisticss for the various failure types, assuming that only one type "mi" failure occurs.

Theorem 2. If the system described by equations (l) and (3) have distinguishable failures and we know 6 exactly, then only one of the random sequences c1(k,6) (i=l,2,3,4), named M(k), is a Gaussian zero mean sequence, and

= -11 ikOA e~~ ~~~~~,/ ( .(, 3})-1/^(ke)A (Y.(k,e) ) 1/+i

,(k,e)

(20) i=m (21) ifm

i(=M

(22)

i$mn

Using the sequence n1(k,6), a set of hypothesis tests can be used to distinguish between failures. For the ith failure type, the null hypothesis is taken to be H:

E[ni(k,B)] * 0

(23)

and the alternative hypothesis is taken to be

H1:

EVni(k,e)]

(24)

' 0

Note that the covariance matrix of rm(k) is an identity matrix. Using the same argument as failure detection, we choose the decision rule as follows:

Li (k) = (14)

k > e

f(k,)(VT(k,e)

E(ni(k,O)-n*(,)

The primary variables needed to distinguish between failures are defined as follows: =

(k,e)

This sequence has the following properties:

where Y(k,O) is called parallel estimate of residuals. These redundant estimations will be used to distinguish between the type of failures.

qi(k,e)

(Vi(k,e)) 11%

k

[ jk,6)nT.(k,e)

Hi1-

x,(k-e+l)p

H 0 i1

(25)

where t (k) is distributed as a chi-squared variate with (k-0+l)p degree of freedom if the hypothesis Hm is true. The value of a1 is based on the probabil-0 ity of missing alarm (type I error) and is determined by the system designer. Since we assume only one type of failure occurs, the final decision will not be made until only one of ti(k) is accepted by hypothesis test H0. The only one accepted by hypothesis test will be recognized as the occurred failure type in the system.

Compensation

Proof is given in Yeh (4].

Two extreme concepts of compensation should be discussed. First, the failure in the system is accepted and the state estimation should be updated to follow the effects of failure. Second, the failure in the system is not accepted, the state estimation should be kept as the original design (i.e., the failure is required to be removed from the system). In favor of the first philosophy, [2] has proposed three adaptive filtering methods for compensating failure which has occurred in state as an impulse failure. If one is in favor of the second philosophy, the following technique can be applied. Since we know 6 and em and the type of failure, we would like to adjust our new residual sequence to be %(k,e) with covariance matrix as equation (15). These new variables have-been computed by equations (14) and (15), respectively.

These equations offer us the most important statistics about the new sequences c1(k,8) and will be applied to distinguish between the type of failures. Let's define a general covariance of cW(k,0) as follows:

failure-proof system for the failure in linear discrete systems is presented. In order to obtain a good estimate of em and a high degree of confidence for distinguishing between failures, the compensation will be delayed. This tradeoff is the central issue in the

a)

i=m, E[C (k,6)4j(j,0)Fm(1,6)6kj

b)

ifhn, E[R(j,6) +

kT(k,O)

Fm(i.6)6kj

=

(15)

Ai(J,o)A1 (kke)

(l6

where

Fm(j,e)

Ai(k,e)

=

=

V(j)-Gm(J,e)Mm (j,EB)Gm(JT8) Gm(k,e)em-Gi(k,e)mi(k9e) . 1 T -1 G(j,e)V (j)Gm(j,e)eI

Vi(k,e)

=

(17)

kF [(

JL(18)

V(k)-Gi(k,e)Mi(k,6)GI(k,e)

(19)

Obviously, for i=m,Vm(k,0) is exactly the covariance Cm(k,e). For i#n, the norm of V1(k,0) is less than or equal to that of Fi(k,e). The testing variable for of

In this paper, a complete design method of the

choice of decision rule and the threshold. References 1. 1220

Stubberud, A. R., G. H. Xia, and H. G. Yeh, "A Method for the Detection and Isolation of System

Failures," IEEE CDC, pp. 1038-1041, 1980. 2.

Willsky, A. S. and H. L. Jones, "A Generalized Likelihood Ratio Approach to State Estimation in Linear Systems Subject to Abrupt Changes,n IEEE Trans. AC, Feb. 1976.

3. Caglayan, A. K., "Simultaneous Failure Detection and Estimation in Linear Systems," IEEE CDC, pp. 1038-1041, Dec. 1980. 4.

Yeh, H. G., "Techniques of the Detection, Estimation, Distinction, and Compensation of Failures in Linear System," Ph.D. dissertation, Univ. of Calif., Irvine, 1982.

5.

Chang, C. B. and K. P. Dunn, "On GLR Detection and Estimation of Unexpected Inputs in Linear Discrete Systems," IEEE Trans., AC, June 1979.

1221