Enabling hazard identification from requirements and reuse-oriented ...
Recommend Documents
Title: Contractor Hazard Identification and Control Table. No. DEE ESWB ...
Suggested Control Measure. 1. ... All personnel to wear appropriate PPE (
hearing.
the Zone 2A design criteria in UBC 1997 should be employed. Further
recommendations on seismic hazard levels in the Arabian Peninsula can be
found in the ...
Jun 8, 2016 - night clubs, circuses, zoos, gyms); medical institutions (hospitals, clinics, dispensaries, pharmacies, medical and health centers, spas, health ...
Index,â Seismology and Geology,2014,36(4), pp.1106-1115. [5] liu lina, xu chong. Landslide Hazard Assessment of 2013 Lushan earthquake zone Supported by ...
... Ocean Engineering, Pusan National University,. Busan, Korea, F. Cheng, Lloyd's Register, London, UK, and M. S. Kim, Lloyd's Register Asia, Busan, Korea.
Anna BiaÅk-BieliÅska, Joanna Maszkowska,. Alan Puckowski and ...... [11] Reemtsma T, Jekel M. (Eds) Organic Pollutants in the Water Cycle. Wiley-VCh Verâ.
Jun 30, 2011 - ... Pont de Nemours, Newark, Delaware; **Unilever, Vlaardingen, Netherlands; \^Bayer, Wuppertal, .... substance, the percentage of exposed people that develop ..... phasized that such lists are not comprehensive and do not.
CAESAR and VEGA SARpy. A positive result can be accepted if all the prediction models give the same results and alerts on the compound for carcinogenic and ...
Additional information is available at the end of the chapter. 1. Introduction ... The physicochemical properties and chemical structures of selected SAs are presented in Table 1. ..... The acid-base equilibrium of sulphonamides ..... Environmental R
Take this Fact Sheet with you. RTK Substance number: 0653. Date: September
1996 Revision: July 2002. -------------------------------------------------------------------------.
Thionyl Chloride can affect you when breathed in. * Thionyl Chloride is a
CORROSIVE CHEMICAL and contact can severely irritate and burn the skin and
eyes.
An item on behalf of a business/organization that is ... Purolator reserves the right to accept customer identification
May 1, 2015 - A non-photo identification that includes the voter's name and address is also acceptable. Forms of non-pho
resolution better than 500 meters are publicly available for only 10 percent of the global land surface. EOS REQUIREMENTS. EOS is NASA's main contribution ...
nents of voter-identification requirements argue that they place a disproportionate ... not, compliance requires prior knowledge and preparation. Typically this ...
Vorsitzender: Univ.-Prof. Dr. Erwin Grill. Prüfer der Dissertation: 1. Univ.-Prof. Dr.
Johannes Buchner. 2. Priv. ... acid synthesis and in the posttranslational
modification of proteins important for ..... Niemann-Pick C1 (NPC1) protein plays
a c
Problem Identification and Decomposition within the Requirements Generation
Process. Ahmed S. Sidky, Rajat R. Sud, Shishir Bhatia and James D. Arthur.
Work performed under U.S. Geological Survey contract. 1434-92-C-40004. available to ... striving to improve access to suitable digital topographic data for EOS ... data set with higher resolution (100-meter horizontal and. 1- to 10-meter ..... contro
TOPICS IN WIRELESS COMMUNICATIONS. I. Enabling Technologies . Beyond 36: Vision, Requirements, and. YUI'IQSOO Kim, Byung Jang Jeong, Jaehak ...
Carnegie Mellon University. Pittsburgh ... [email protected][email protected]. ABSTRACT ... technique for the design of collaborative and awareness tools. Categories ...... sertation, Graduate School of Industrial Administration, Car-.
the availability and linkability of personal data at the. Figure 2: Problem-Based Method for the Identification of. Privacy-Relevant Information Flows domains of ...
ios, possibly potentially known only by specific experts, is excep- ..... characteristics of vapor cloud explosions, flash fires and BLEVEs. New York:.
1Faculty of Public Health, Thammasat University, Pathumthani, Thailand, 12121. ABSTRACT ... (Health and Safety Executive, 2015). Industrial workers.
HAZARD SUMMARY. * p-Anisidine can affect you when breathed in and by
passing through your skin. * p-Anisidine can irritate the skin and eyes causing a
rash ...
Enabling hazard identification from requirements and reuse-oriented ...
Lotus 1-2-3 in many application domains. It is only recently that case-based reasoning was introduced into HAZOP, and few efforts have been reported so far.
Enabling Hazard Identification from Requirements and Reuse-oriented HAZOP Analysis Olawande Daramola, Tor Stålhane, Guttorm Sindre Department of Computer and Information Science Norwegian University of Science and Technology {wande, stalhane, guttors}@idi.ntnu.no,
Inah Omoronyia Irish Software Engineering Research Centre. [email protected] identifying potential safety concerns that are inside the requirements document. The second is to create a platform for the reuse of knowledge from previous HAZOP analysis in subsequent projects, in order to reduce the amount of human effort needed while conducting HAZOP. The proposed approach could be of significant benefit in the context of safety analysis of product line systems or variant systems, where the systems share a significant degree of commonality. Also, the approach could be valuable in the context of system development models that are iterative or incremental in nature where there is a need to continually revise requirements and design specifications during the period of development. Our approach is based on the combination of three core technologies: • Case-based reasoning (CBR) which is a model of instance-based learning that enables the reuse of previously gained knowledge in resolving a new case [6]. The CBR paradigm could help us to reduce the complexity of HAZOP because it inherently supports knowledge acquisition, knowledge retrieval, knowledge reuse, and knowledge retention, which provides a basis for achieving a reduction in the amount of human effort needed in HAZOP. • Ontology which is the semantic representation of the shared formal conceptualization of a domain that provides a platform for the standardization of terms and vocabulary in the domain [7]. Ontology is considered a valid solution approach because it has potential to facilitate (1) formalized semantic description of relevant domain knowledge for identification of system hazards; (2) enables the interoperable transmission of knowledge among HAZOP teams. • Natural language processing (NLP) which is the processing and analysis of natural language text. NLP in combination with ontology enables the extraction of useful knowledge from natural language requirements documents for the early identification of potential system hazards. A prototype tool called KROSA (Knowledge ReuseOriented Safety Analysis) that demonstrates the novel integration of these three technologies has been created to validate the plausibility of our approach. This paper gives description of the proposed framework, and the evaluation of a prototype tool - KROSA using domain experts at ABB Norway. The rest of this paper is organized as follows. Section 2 presents background and related work, while section 3 gives the description of our proposed framework. Section 4 presents the evaluation of the KROSA tool, while section 5 gives the conclusion of the paper and presents our future research outlook.
Abstract - The capability to identify potential system hazards and operability problems, and to recommend appropriate mitigation mechanisms is vital to the development of safety critical embedded systems. Hazard and Operability (HAZOP) analysis which is mostly used to achieve these objectives is a complex and largely human-centred process, and increased tool support could reduce costs and improve quality. This work presents a framework and tool prototype that facilitates the early identification of potential system hazards from requirements and the reuse of previous experience for conducting HAZOP. The results from the preliminary evaluation of the tool suggest its potential viability for application in real industrial context. Key words - HAZOP analysis, hazard identification, ontology, requirements, case-based reasoning, natural language processing
I. INTRODUCTION An important aspect of the development of safetycritical embedded systems is the identification of safety concerns of a system and making adequate provisions to reduce the likelihood of occurrence of hazards. Consequently, it is important to identify hazards during the early stages of system development such as requirements engineering rather than at later stages when the cost of mitigation or error correction could be significantly higher. Hazard and Operability (HAZOP) study is one of the most widely used safety analysis techniques [1]. HAZOP is used to study hazards and operability problems by investigating the effects of deviations from prescribed design intent in order to mitigate the occurrence of adverse consequences. It involves a creative anticipation of hazards and operation problems, and recommendation of appropriate safeguard mechanisms by a team of experts. However, HAZOP is a time consuming, costly and a largely human-centred process [2, 3, 4]. The HAZOP process is inherently subjective relying on the professional experience, observation, judgement and creativity of the experts involved. Some of the crucial challenges of HAZOP which are still open research issues are: (1) how to reduce the level of subjectivity; (2) how to reduce the amount of human effort; (3) how to promote reuse of valuable knowledge gained in previous HAZOP analyses; and (4) how to facilitate sharing and transfer of HAZOP experiences among HAZOP teams [4, 5]. These challenges motivate the need for a framework that could enable early identification of hazards and reuse-oriented HAZOP analysis. The first objective of this work is to provide a decision support tool that could assist the human expert in the process of
Also, they were essentially rule-based expert systems and were not designed to facilitate the reuse of experience [1]. Relatively few other automated tools for HAZOP in other domains have been reported in the literature [1]. This situation possibly reveals the fact that the HAZOP procedure in most cases is done manually, but aided by the use of spreadsheet software packages such as MS Excel and Lotus 1-2-3 in many application domains. It is only recently that case-based reasoning was introduced into HAZOP, and few efforts have been reported so far. [3] presents a report on development of a HAZOP analysis management system with dynamic visual model aid. The system is based entirely on CBR with no ontology support for HAZOP. In [5], a case-based expert system for automated HAZOP analysis called PHASUITE was developed. The PHASUITE system caters to the modification of existing HAZOP models and creation of new ones based on the knowledge in existing models. It is also equipped with diagnostic reasoning capability, and is suitable mainly for process generic HAZOP. It makes use of a suite of informally specified ontologies. PHASUITE is specialised for application in the chemical industry domain. The PetroHAZOP [2], has specific application for the chemical domain, and was developed to cater to both process generic and non-process generic HAZOP. The system uses an integration of CBR and ontology for the automation of both process generic and non-process generic HAZOP procedures. The PetroHAZOP [2] and PHASUITE [5] systems, are the ones most related to our work since they are based on integration of CBR and ontology. However, none of them have the capability to provide automated support for hazard identification at the requirements engineering stage of system development, or are designed to have any bearing or relevance to requirements engineering as envisioned by our approach. Additionally, unlike the two aforementioned tools that are specialized for the chemical industry domain, our approach is a generic one that can be adapted to support several types (process, software, human, or procedure) of HAZOP analysis in different application domains, given the existence a relevant domain ontology. Hence, the novelty of our approach is the attempt to enable early identification of systems hazards right from the requirements engineering phase of system development, and the reuse of experience in order to reduce the complexity of HAZOP.
II. BACKGROUND AND RELATED WORK In this section, we give a brief overview of the general HAZOP process, and related work. A. Overview of the HAZOP Process A hazard and operability study (HAZOP) is a structured and semi-formalised team based procedure that is focussed of the study of a system under design in order to identify and evaluate potential hazards that may constitute risks to personnel or equipment, or prevent efficient operation of the system. A HAZOP study is undertaken by a HAZOP team through a series of brainstorming sessions in order to stimulate creativity and reveal potential hazards in the system and their cause–effect relationships [1, 2]. HAZOP is based on the assumption that a problem can only arise when a system deviates from its design and operational intents. Hence, the HAZOP study entails a detailed walkthrough of the Process & Instrumentation diagram models of a system to spot every likely deviation from its intended operation using a set of guidewords. Generally, guidewords represent variations of known system parameters that may cause deviation from design intentions. They are chosen and interpreted based on particular design representation and context. Examples include: No, Not, More, Less, Before, After, Late, Too Often, Early etc. Examples of parameterguidewords pairs include: Arrive Late, Arrive Early, No Flow, Not Sent, Sent After etc. Guidewords are carefully selected to stimulate reasoning about all potential system hazards. A point of observation as pertain to a system or process that can be a source of a potential hazard is called a study node. As each deviation is derived, the HAZOP team then discuss potential causes, consequences and safeguards, and give appropriate recommendations to forestall or mitigate its occurrence. Typically, it takes about 1–8 weeks for a HAZOP team with 4–8 members to conduct HAZOP depending on the size and complexity of the system in question. It is widely accepted that HAZOP analysis is an extremely time consuming process [1, 2, 5]. More on the procedure of HAZOP study and ideals of HAZOP team membership composition can be found in [8]. B. Related Work Previously a number of attempts to solve some of the problems of HAZOP analysis have been reported in the literature [2, 4, 5]. A significant number of HAZOP expert systems and HAZOP system prototypes have been reported in [1]. These include HAZOPEX, Batch HAZOPExpert, HAZOP Diagraph Model (HDG), STOPHAZ, OptHAZOP, EXPERTOP, HAZOPTool and COMHAZOP. A common trend for all of these attempts is that their implementation and application were focussed on the chemical process industry (CPI), the domain where HAZOP originated from.
III. The FRAMEWORK ARCHITECTURE The architectural framework of our proposed approach is an integration of three core technologies of NLP, CBR, and Ontology. A view of the architecture is shown in Fig. 1. The core system functionalities are depicted as rectangular boxes while the logic, data, and knowledge artifacts that enable core system functionalities are depicted using oval boxes.
4
Document Pre-processing
Boilerplate Requirements
Processed Requirements
HAZOP ontology
Study node recommendation
NL Processor Ontology Library
Domain ontologies
CBR MODULE Knowledge Retrieval
Knowledge Query
Knowledge Retention
Adaptation Procedure
Case Library
Figure 1. Architectural Framework for Reuse-Oriented HAZOP
3. The safety of the steam boiler is taken care of by a safety valve that opens to air. The release pressure for the safety valve is fixed, based on the boiler’s strength. We will now use the following predefined sample boilerplates: BP1: The shall BP2: The shall be able to using BP3: If then the shall The requirements can then be transformed to a semiformal form as follows: 1. The shall be able to [ to ] – BP1 2. The shall be able to [ using()] – BP2 3. If [ greater than ] then the shall [ ] - BP3 More on boilerplate requirements can be found in [9, 10]. Through the rest of this subsection we will explain the various components of the framework as shown in the diagram. Ontology Library: The ontology library, HAZOP ontology and Case Library jointly constitute the knowledge model of the framework. The ontology library
The input to the framework is pre-processed requirements document. Pre-processing is a manual procedure that ensures that source documents are transformed into a form that is suitable for the framework. It entails extraction of requirements in form of sentences from source documents, extracting sentences that define system requirements, and replacing information conveyed in figures, diagrams, and tables with equivalent sentences. Also, the requirements could be expressed in semiformalised way using requirement boilerplates1. A boilerplate is a textual template for requirements specification that is based on predefined-patterns, which reduces the level of inconsistency in the way requirements are expressed. Boilerplate requirements can also be more susceptible to treatment by NLP algorithms. Consider the following requirements for a steam boiler that can deliver steam at a predefined pressure to an industrial process: 1. The steam boiler shall deliver steam at a predefined, constant pressure to an industrial process. 2. The water level in the tank is controlled by a feeding pump which pumps water into the tank via a nonreturn valve.
1
www.requirementsengineering.info\boilerplates.htm
5
“start pump” or “stop pump” etc. (action and entity may not necessarily follow each other in a sentence; (2) The action must be an instance of a generic HAZOP action word (such as: stop, close, open, send, reset, cut, receive, start or their synonyms), or one of a set of user specified keywords, while entity is a valid concept in the domain ontology; (3) The entity in (1) belongs to one of the predefined study node types (components, system etc.) as described in the HAZOP ontology. • Component Level(CL): A term contained in a requirement statement is considered a candidate study node if the following criteria are satisfied: (1) the term is a valid concept in the domain ontology; (2) there exists at least one axiom that pertains to the term in the domain ontology which indicates that it could be a study node. In other words, it is one of several types of study nodes as defined by the HAZOP ontology; (3) the term has failure modes or guide words defined on it (such as stuck, omission, commission) in the domain ontology. At the CL level, terms that satisfy the criteria (1), (2) or (1), (2), (3) or (1) and (3) are considered to be candidates. However, a term is ignored if it is (1) same as; (2) equivalent to; or (3) a subclass of another term that has been selected as a potential study node. CBR Module: The CBR component facilitates the knowledge reuse capability of the framework. It emulates the typical workflow of the CBR life cycle which is retrieve, reuse, revise, and retain [6, 11]. Retrieval by the CBR module is performed by displaying a ranked list of cases similar to a target case. Two types of reuse are supported: (1) total reuse - in which case all parts of a case are reused for a new case; (2) partial reuse - in which only parts of an existing case are reused in a target case. Revision can be effected by the HAZOP expert by making modifications to the selected case to suit the new target case. Retention is done through storage of study node information into the case library. The case library is implemented as a MySQL database management system (DBMS) in order to leverage its inherent capabilities for effective case organization, case indexing, case storage and case retrieval.
is a repository of domain ontologies. The domain ontologies (.owl/.rdf) could be those that have been developed for the purpose of safety analysis or an existing ontology that is based on domain-specific safety standards. The domain ontology has two roles: (1) identification of valid domain concepts that are contained in requirements document; and (2) ensuring that standardised terms used in describing HAZOP information during knowledge (case) retention agree with the established vocabulary. HAZOP Ontology: The HAZOP ontology defines in a generic form the concept of a study node, its elements, and the relationships between them. These are: types of study node, description, guidewords, deviations, causes, consequences, risk level, safeguards, and recommendation. The HAZOP ontology was developed using OWL DL language, it consists of 17 classes, 23 object properties, and 43 restrictions (see Fig. 2 and 3). It has two important roles: (1) helping to identify potential study nodes during study recommendation since its specification clearly defines which type of domain concept could be a study node; and (2) validation of the structure of the HAZOP information before it is stored in the case library during case retention. A HAZOP study node must be one of the types defined in the HAZOP ontology. NL Processor: The NL Processor component facilitates the processing of natural language and boilerplate requirements during the process of automatic recommendation of HAZOP study nodes. The core natural language processing operations implemented in the architecture are: • Tokenization: splitting sentences into word parts • Parts of speech tagging: classification of tokens (words) in sentences into parts of speech such as noun, verb, adjective, pronoun etc. • Pronominal Anaphora Resolution: the process of identifying pronouns (anaphors) which have noun phrases as antecedents. This is essential in associating sentences that refer to the same requirement. • Lexical Parsing: creating the syntax tree that represents the grammatical structure of sentences, in order to determine phrases, subjects, objects, and predicates. The Stanford NLP toolkit2 for natural language processing was used to implement all NLP operations. Study Node Recommendation: The procedure for automatic study node recommendation is based on a heuristic algorithm that is derived from basic knowledge of HAZOP. Study node generation is not intended to replace human capability, but rather to create a credible starting point for early hazard identification and to alleviate the amount human effort involved. The algorithm searches for potential study nodes in two ways: • Requirements Level (RL): A requirement statement is considered a candidate if the following criteria are satisfied: (1) The requirement statement contains an action-entity pair such as “open valve”, “close valve”, 2
p1:Study_node p1:hasFunction only p1:Function p1:hasInterface only p1:Interface p1:isSubclassOf only p1:Component p1:isSuperclassOf only p1:Component p1:hasCauses only p1:Cause p1:hasConsequences only p1:Consequence p1:hasContextDescription only p1:Context_Description p1:hasDeviations only p1:Deviation p1:hasRecommendations only p1:Recommendation p1:hasRiskLevels only p1:Risk_level p1:hasSafeGuards only p1:Safe_guard
p1:Event p1:Function p1:Interface p1:Operation p1:Process p1:System Figure 3. Example of Restrictions on Classes in the HAZOP Ontology
individual similarity metrics, where wi denotes the weight assigned to the ith attribute of a case. This is given as [13]:
A. Case Model and Similarity Algorithm for Case Retrieval The case model is an abstraction of the way HAZOP information is represented in the framework. A HAZOP case encapsulates information attributes such as: name of a study node (unique), context description, and set of applicable guidewords, deviations, causes, consequences, risk levels, safeguards, and recommendations. The case model is partitioned into problem part and a solution part. The three elements of a HAZOP case model that constitute the problem part are: contextual description, study node type, and the set of guidewords; the remaining elements of the case model make up the solution part. At the instance of a new (target) case, an algorithm is used to compute the similarity between the problem parts of the new case and all existing relevant cases in the case library to determine suitable candidates for retrieval. The solution part of a chosen retrieved case is then used verbatim or revised as the solution part of the target case. There are several candidate similarity algorithms that can be used for case retrieval depending on the value of attributes of data elements [12]. The similarity algorithm used for comparing cases is based on the degree of intersection between two attributes of a case, which are the set of contextual descriptions and the set of guidewords, while the type of study node is used to determine relevant cases. Similarity between an attribute of new case U and a corresponding attribute of an existing case V is determined by computing the metric:
We have used equal weights (i.e., w1 = w2 = 1) since the parameters are considered as equally important. IV. Evaluation We have developed the KROSA (Knowledge ReuseOriented Safety Analysis) tool, a domain-independent CBR platform for ontology supported HAZOP and FMEA [14] that is based on the Eclipse plug-in architecture (see Fig. 4 and 5). In sequel sub-sections, we discuss how KROSA tool can be integrated into the HAZOP process, and subsequently describe the procedure used for its evaluation. A. Performing HAZOP with KROSA The process of using KROSA for HAZOP is enumerated as follows: Step 1: Pre-processing of source documents to get the requirements into MS Excel or text file format, and devoid of graphics, images and tables. Step 2: Select existing domain ontology or create a new one to be used for the HAZOP. Step 3: Import requirement documents and domain ontology into the KROSA environment. Step 4: Supply set of keywords that best describe the focus of the HAZOP. Step 5: Obtain recommended study nodes from KROSA. Step 6: Expert approves a set of study nodes for the HAZOP by selecting from or adding to the recommendations by KROSA. Step 7: For each approved study node, expert leverages KROSA’s case retrieval, reuse and retention features to generate information for specific study nodes. By so doing
⏐U ∩ V⏐ ⏐U⏐
(1) Where
U ∩ V = {x : x ∈ U and x ∈ V } Case Similarity: Finally, the similarity between two cases is computed by using the weighted sum of the
7
the user attempts to save some effort by using content of the reuse repository to provide information for new study nodes.
and systems should be study nodes as recommended by KROSA. Since the experts were generally not very specific in their recommendations at the CL, recommendations at CL were not considered in arriving at the values in Table 1.
B. Evaluation Procedure KROSA has been subjected to two kinds of evaluation. First an in-house evaluation assessed the quality of its recommendation of study nodes, using requirements specifications obtained from ABB Norway, one of our partners in the ongoing research project. Second a field assessment by industry experts from ABB Norway assessed the usability of KROSA for industrial HAZOP process. The objectives of the field evaluation were threefold: (1) to assess the consistency of the outcome of the tool as judged by the human experts; (2) to assess the potential of the tool to enable reuse-oriented HAZOP; and (3) to determine its usefulness as a support tool for safety analysis. Also, we wanted to identify areas of possible improvement of the tool. In the in-house evaluation, we have worked with three sets of requirements: (1) Rail Lock System (2) Steam Boiler Control system; (3) Adaptive Cruise Control (ACC) System. Three ontologies were used for the experiment, which are: rail lock system ontology, steam boiler ontology and ACC ontology. Two of the ontologies (steam boiler and ACC ontology) had existed prior to KROSA, having been used to support previous ontology-based research project in CESAR3 [10]. These two ontologies have a fairly wide circulation among CESAR partners. The rail lock system ontology was newly created based on information obtained from the specification of the GP Rail Lock System. The three ontologies have the common characteristics that they were developed to be usable for safety analysis in addition to other uses. This is because (1) safety relevant terms were used to describe ontological concepts e.g. object properties such as: isComponent, isConcept, isFailuremode, isInterface etc., exist in the ontologies; 2) the semantic description of components included the definition of generic failure modes like stuck, omission, and commission in many instances. The in-house evaluation compared recommendations by KROSA with those obtained from four safety experts (researchers) – E1E4 who also worked on the same set of requirements. In Table 1, we show the recall and precision scores computed for KROSA relative to the four safety experts’ recommendations by using the metrics given in equations 3 and 4. Although the experts differed in their recommendations, which confirm the subjective nature of HAZOP, yet there exist significant agreements between nodes recommended by KROSA and experts at the requirements level (see Fig. 6 and 7). At the component level (CL), there was a greater degree of agreement because the opinions of the safety experts generally agree that all components, and interfaces between components
For the field assessment, the direct method of expert systems evaluation [15, 16] was used. The direct method for expert system validation entails making qualified human experts to use a system for solving a simple benchmark problem, thereafter based on their experience, the human expert answer a set of questions about the system. The questions are quantitative and based on a 0 (completely false) to 5 (very true) numerical scales. A metric called “Satisfaction Level” that ranges from 0 (least satisfied user) to 5 (most satisfied user) is then computed based on the data obtained from all participants. The satisfaction level is a measure of the likelihood of the system to satisfy a prospective user. The questions, the objective of each question, and the weight associated with each question (which all the participants agreed on) are listed as follows: 1. Is sufficient information provided for guidance and orientation of evaluators prior to conducting the experiment? (Orientation) – (2) 2. Does the KROSA tool reach a conclusion similar to that of a human expert? (Correctness of Result) – (2) 3. Does the KROSA tool provide reasonable justification for its conclusion? (Correctness of Result) – (2) 4. Is the KROSA tool accurate in its suggestions of study nodes? (Accuracy of result) – (2) 5. Is the result complete? Does the user need to do additional work to get a usable result? (Accuracy of result) - (2) 6. Does the result of the system change if changes are made to the system parameters? (Sensitivity) – (1) 7. Is the overall usability of the KROSA tool satisfactory? (Confidence) – (1) 8. Does the KROSA tool give useful conclusions? (Confidence) – (2) 9. Does the KROSA tool adequately support reuse of knowledge for HAZOP? (Support for reuse) – (2) 10. Will the KROSA tool improve as data or experience is inserted? (Support for reuse) – (1) 11. Can limitations of the KROSA tool be detected at this point in time? (Limitation) – (1) 12. Are there yet many limitations to make the KROSA tool usable? (Limitation) – (1) For each question each evaluator gave a score between (0-5). From this we calculated a weighted score for the satisfaction level per evaluator using the metric below:
3
http://www.cesarproject.eu/ - a European funded project from ARTEMIS joint undertaking (JU).
Result = ( گweight x score value) / ( گweight)
8
(4)
These mean score ratings reveal the perception of the experts in terms of the strengths and weaknesses of the current version of the tool. The experts also submitted a detailed report on desired improvements needed to make the tool more usable. Key aspects mentioned as needing improvement were (1) the possibility of providing some form of guidance to users in the selection of most appropriate keywords for study node recommendation; and (2) the need to provide some form of traceability links between cases that have inherited some parts from old cases through reuse. The experts were unanimous in confirming that the tool will be a valuable support for the conduct of HAZOP, with the potential to alleviate the complexity of the HAZOP process by enabling reuse of experience.
A one-day orientation workshop on how to use the tool was conducted for all participants after which they had one full week to interact with the tool. The expert participants also had a detailed user-manual given to them as further guide for using the tool. C. Results Each of the three industry experts that took part in the assessment returned an evaluation report from which we computed a mean weighted score of 3.27 (out of 5) for the KROSA tool in relation to the evaluation objectives of the field assessment. The tool obtained its highest mean score ratings (out of 5) in the aspects of support for reuse (4.08), sensitivity (3.67), confidence (3.25), and accuracy of result (3.25), while the lowest mean score ratings were in the aspects of: limitations (3.0) and correctness of result (2.7).
Figure 5. KROSA’S Case retrieval and retention interface
Figure 4. KROSA’S Study node recommendation interface
Table 1: Showing recall and precision values of KROSA. Recall Steam boiler system (HAZOP on water level) ACC system (HAZOP on speed control) Rail lock system (HAZOP on Communication)
E1 0.57 0.50 0.54
E2 0.50 0.67 0.78
E3 0.50 0.71 0.71
E4 0.60 0.60 0.60
Precision Steam boiler system (HAZOP on water level) ACC system (HAZOP on speed control) Rail lock system (HAZOP on Communication)
E1 0.5 0.80 0.78
E2 0.25 0.80 0.78
E3 0.25 1.0 0.56
E4 0.38 0.6 0.33
9
Figure 6. Recall Metric for KROSA
Figure 7. Precision Metric for KROSA
The experts agreed that the existence of a domain ontology and a case library where previous knowledge are stored in a structured format would help to resolve some of the existing difficulties associated with searching, update, and interoperability of knowledge during HAZOP. They expressed preference for the adoption of KROSA as support tool for HAZOP over the current scenario where MS Excel software is the main tool support for their safety analysis.
This work is significant because a tool that can creditably assist, but not replace the human expert in the conduct of HAZOP analysis has been provided. Considering the fact that hazard identification is a highly creative process that depends on the experience and skill of the human domain expert, KROSA which is the tool prototype of our proposed approach would be vital as a good starting point. Also, from the results of the evaluation, KROSA has demonstrated good potential to facilitate the reuse of previous experience which ultimately leads to reduction in the amount of human effort expended in HAZOP. The tool can even attain higher significance in situations where highly skilled or experienced HAZOP experts are not available by enabling a platform whereby reliable previously documented cases can be reused in new scenarios by less experienced HAZOP team. In further work, we intend to realise the objective of an extensive semantic framework that supports both HAZOP and FMEA. Also the prospects of providing diagnostic reasoning over potential hazards will be investigated in order to facilitate more elaborate automated safety analysis. In addition, since the performance of the semantic framework is dependent on the quality of the domain ontology, we will be looking for ways to extend the framework through semi-automatic creation of usable domain ontologies [18].
V. CONCLUSION Our observation from the preliminary evaluation is that the performance of the KROSA tool depends significantly on the quality of the domain ontology, even though, the input of highly relevant keywords can enhance the appropriateness of the recommended study nodes.. Specific ontology qualities are considered most crucial here, these are [17]: 1) Syntactic quality – the measure of the correctness of terms in the ontology, and the richness of syntax used to describe terms in the ontology; 2) Semantic quality – the measure how well the meaning of terms are defined in the ontology; 3) Pragmatic quality – the measure of the how well it covers the scope of a domain judging by the number of classes and properties it contains, and how accurate and relevant are the information that it provides. A domain ontology that contains large number of concepts that are credible, and are richly described with axioms will be more suitable for KROSA in the task of study node recommendation. Our observation from the in-house experiment was that the KROSA tool had a relatively lower precision for HAZOP of the steam boiler system compared to its performance in the HAZOP for the ACC and Rail lock systems. This we discovered was because the steam boiler ontology has a lower semantic quality compared to the ACC ontology and Rail lock system ontology. Thus, the overall quality of the domain ontology affects the performance of KROSA tool significantly, as it determines the extent to which inferences can be made for identification of study nodes.
REFERENCES [1] [2]
[3]
10
J. Dunjo, V. Fthenakis, J. Vilchez and J. Arnaldos, “Hazard and Operability Analysis. A Literature Review”, J. Hazardous Materials, vol. 173, issues 1-3, pp.19-32, 15 January 2010. J. Zhao, L. Cui, L. Zhao, T. Qui, and B. Chen, “Learning HAZOP Expert System by Case-Based Reasoning and Ontology”, Computers and Chemical Engineering, vol. 33, no. 1, pp. 371-378, 2009. B. Sahar, S. Ardi, S. Kazuhiko, M. Yoshiomi and M. Hirotsugu, “HAZOP Management System with Dynamic Visual Model Aid” , American J. Applied Sciences, vol. 7, no. 7, pp. 943-948, 2010.
[4]
[5]
[6] [7] [8] [9] [10]
[11]
[12]
[13]
[14]
[15]
[16] [17]
[18]
S. Smith, M. Harrison, “Measuring Reuse in Hazard Analysis, Reliability Engineering and Systems Safety”, vol. 89, no. 1, pp. 93-104, 2005. C. Zhao, M. Bhushan, and V. Venkatasubramanian, ”PHASUITE: An automated HAZOP analysis tool for chemical processes Part I: Knowledge Engineering Framework”, Process Safety and Environmental Protection, 83(B6), pp. 509–532, 2005. J. Kolodner, “An Introduction to Case-Based Reasoning”, Artificial Intelligence Review, vol. 6, no. 1, pp. 3-34, 1992. T. Gruber, “A translation approach to portable ontologies”, Knowledge Acquisition, vol. 5, no. 2, pp.199-220, 1993. F. Redmill, M. Chudleigh, J. Catmur, “System Safety: HAZOP and Software HAZOP”, John Wiley & Sons, 1999. E. Hull, K. Jackson, K. Dick, “Requirements Engineering”, Springer, 2004. T. Stålhane, I. Omoronyia, and F. Reichenbach, “Ontologyguided requirements and safety analysis”, Proceedings of Int. Conf. of Emerging Technology for Automation, Tampere, Finland, 2010. A. Aamodt, and E. Plaza, “Case-Based Reasoning: Foundational Issues. Methodological Variations, and System Approaches”, Artificial Intelligence Communications, vol. 7, no. 1, pp. 39–59, 1994. T. Pedersen, S. Pakhomov, S. Patwardhan, & C. Chute (2007), “Measure of Semantic Similarity and Relatedness in Biomedical Domain”, J. Biomedical Informatics, vol. 40. No. 3, pp. 288–299, 2007. A. Ferguson, D. Bridge, “Generalised Weighting: A Generic Combining Form for Similarity Metrics”, In Proceedings of the 11th Irish Conference on Artificial Intelligence & Cognitive Science (AICS’2000), J. Griffith and C. O’Riordan, Eds., 2000, pp. 169–179. O. Daramola, T. Stålhane, T. Moser, S. Biffl, “A Conceptual Framework for Semantic Case-based Safety Analysis”, 16th IEEE Intl. Conf. on Emerging Technologies and Factory Automation, Toulouse France, (To Appear), 2011. O. Daramola, O. Oladipupo, and A. Musa, “A Fuzzy Expert System Tool for Personnel Recruitment”, International J. Business Information Systems, Inderscience, vol. 6 no.4. pp. 444-462, 2010. M. Salim, A. Villavicencio, M. Timmerman, “A Method for Evaluating Expert System Shells for Classroom Instruction”, J. Industrial Technology, vol. 19, no. 1, 2002. A. Burton-Jones, V. Storey, V. Sugumaran, P. Ahluwalia, “A Semiotic Metrics Suite for Assessing the Quality of Ontologies”, Data and Knowledge Engineering, vol. 55, pp. 84-102, 2005. I. Omoronyia, G. Sindre, T. Stålhane, S. Biffl, T. Moser, and W. Sunindyo, “A Domain Ontology Building Process for Guiding Requirements Elicitation”, Lecture Notes in Computer Science, Volume 6182, pp. 188-202, 2010.
