relational approach to fault diagnosis based matra marconi ......relational approach to fault...

Relational approach to fault diagnosis based

on a functional model

D. Cayrac," D. Dubois,* M. Haziza" & H. Prade^

" Advanced Software Engineering Department,

Matra Marconi Space, 31 Rue des Cosrnonautes,

31077 Toulouse Cedex, France

6 IRIT, Institut de Recherche en Informatique de

ABSTRACT

Matra Marconi Space has been developing operational expert systems forspacecraft fault diagnosis using hybrid approaches, including techniques related tomodel based approach and fault trees. Keeping in mind the operational constraintsof exhaustivity and efficiency that guided the initial choices, the reasoningparadigms developed are now refined, to improve the solutions reached. The paperdescribes some of the techniques implemented so far, and proposes extensions tothe relational approach to automated diagnosis, in order to include more of theavailable knowledge to refine the representation of influences, by distinguishingcertain and possible influences, and through a gradation of the uncertaintyintroduced.

I. INTRODUCTION

Matra Marconi Space (MMS) has been investigating and experimentingspacecraft diagnostic support systems for eight years. The DIAMS satellite faultisolation system shell concept was developed in the framework of a projectconducted by Matra Espace under CNTES contract. This project, initiated in 1985,led to the development of a prototype expert system dedicated to the Telecom 1Attitude and Orbit Control System [10], and to the present Telecom 2 ExpertSystem [11], covering a whole spacecraft (platform and interfaces with thepayload), which was installed in the Spacecraft Control Center at the beginning of1993 [1], [4] The DIAMS concept is also bcinu reused in other projects like forinstance ARIANEXPERT (2] and RENDEZ-VOUS EXPERT [3].

The achievement of the development of large scale systems allowed MMS tovalidate the approach chosen and the appropriateness of the concepts developed.However, in the representation of the knowledge involved, the comprehensivenessand efficiency was privilcdged against the fineness (depth). Simplified

Transactions on Information and Communications Technologies vol 1, © 1993 WIT Press, www.witpress.com, ISSN 1743-3517

698 Artificial Intelligence in Engineering

representations well suited to the practical problems faced in space industry wereintroduced as a first approximation. A progressive refinement of the models and ofthe reasoning paradigms selected (for instance to include the handling ofuncertainty and time) is now being considered in the definition of a new generationof knowledge based systems [5].

After a brief description of the MMS approach in section II, we focus insection III on one part of the diagnostic process, namely fault isolation in a so-called"functional Knowledge Island". It uses the relational approach based onknowledge extracted dynamically from models containing local fault propagationinformation. After identifying some underlying assumptions of this approach(III.4), we propose a first extension of the relational model (section IV), allowingthe distinction between two kinds of influences : the ones that are certain, and theones that are only possible. A further refinement based on two-fold fuzzy sets,allowing graduality in the certainty of the influence relations and of the presence /absence of the manifestations and is then introduced in section V to rank theremaining hypotheses. Directions of further research are then defined in sectionVI, including the introduction of temporal aspects in the diagnostic paradigm.

II. SPACE DIAGNOSTIC SYSTEMS, MMS APPROACH

1. Diagnostic system main functionalities

In orbit, satellites (S/C) communicate with their Control Centers by thetelemetry flow (from S/C to ground), and by telecommanding (from ground toS/C). Part of the telemetry is dedicated to the monitoring of the S/C : it provides apartial description of its current state, and constitutes the only information availableabout the S/C state for diagnosis. The Spacecraft Control Center (SCC) ensures afunction of anomalies detection during all the in-orbit lifetime of the satellite. Oncean anomaly has been detected by the SCC real time monitoring computers, andpossibly after an "emergency" procedure has been executed to put the satellite ina safe configuration, it is necessary to locate as precisely as possible and as quicklyas possible the origin of the anomaly in order to better ensure the safety of themission.

Beyond near real time fault isolation, the Diagnostic Expert Systems are usedfor the training of the Control Center staff facing a rapid increase of thecomplexity of monitoring and controlling tasks (for instance, the satelliteTelecom 2 is observed by more than 1600 telemetries, vs approximately 600 forTelecom 1, the previous generation).

2. Diagnostic system architecture

DIAMS is based on a set of complementary representations of the system (e.g.the spacecraft and its sub-systems), and of our knowledge about its behaviour.They are broken down into Knowledge Islands (KI) corresponding to manageablepieces of the different domains of expertise such as :

- qualitative models of behaviour,- hierarchical functional decompositions of the system, with identification

of commands, observables, etc,- models of the evolution of some parameters as functions of time,- the time dependent automatic reconfiguration logic,- heuristic (shallow) knowledge for solving the more common problems.


Artificial Intelligence in Engineering 699

A diagnostic session starts when the user inputs a set of anomalies. Initialinvestigation procedures, mostly based on a decision tree in the presentimplementation of the system, are used to restrict the exploration of the othermodels (e.g. functional model) to relevant local areas. Connections with thefunctional model are reached when tests become complex, involving large numbersof telemetries and needing reference states with which the current situation iscompared [12].

III. CONCRETE APPROACH TO FUNCTIONAL DIAGNOSTIC

I. Rationale for a hybrid fault model

Fitting closely with the design knowledge of the satellite, the structure of thefunctional model represents interactions between the functional units of the system,possibly down to the component level. Interactions are qualitative, and can standfor all kinds of physical influences (e.g. electrical, control signals, thermalinfluences, etc). For instance, in an electrical KI, a functional model can be basedon switching diagrams. The representation formalism of a functional KI has to beeasily understandable by both the domain expert and by the user, allowing easiervalidation, incremental refinements, and the generation of explanations during thereasoning.

One key point in this model based approach is that, because the systemsmodeled are highly complex, the functional elements do not have a generaldescription of their behaviour. In other words, the model is not built to provide aprediction of the possible behaviour of the system in general. It is a qualitativerepresentation of the local fault propagation between the functional units of thesystem.

2. Overview of the contents of a functional Knowledge Island

A Knowledge Island of the Functional Domain Model is mainly composed of:- Functional units U representing elementary functions of the part of the

spacecraft being investigated. For instance : sensor, actuator, battery charger, etc.- Directed links L connecting the units, and representing the possible

influence(s) of a unit on one or several others (e.g. signals transmitted on wires,etc).

- Observation points T are associated 10 some of the links. They correspond toobservables of the spacecraft (usually a single telemetry).

Figure 1. Example : Simplified view of part of a functional Knowledge Island

L1

A set of possible abnormal qualifications is attached to each link. Three mainkinds of qualifications are identified :

. absence of an expected event,

. presence of an unexpected event (or presence of an expected event at thewrong time)

U1L2 > U2

(TOL3 I >

©L4 T ^

U3



. out of range value of an event.These basic classes of qualifications are completed and refined when necessary.

Manifestations m representing observable abnormal influences betweenfunctional units. They are defined by a pair (Observable, Qualification), e.g. mi =(Tg, temperaturejow) (here, "low'* is interpreted as "below a given threshold").A set of tests is associated to each observation point, allowing its qualification, andthus the determination of the presence or absence of the associatedmanifestation(s).

A qualitative propagation function is associated to each unit. The propagationfunction of a unit defines how anomalies in the unit inputs impact its outputs. Thenominal behaviour of the unit is assumed in the definition of this function. It canbe used deductively, to generate the consequences on the unit outputs of anabnormal qualification in its input(s), or abductively, to generate possibleexplanation(s) of abnormal output(s) in term of abnormal input(s). No uncertaintyis presently represented in the system.

3. Diagnostic session in a functional Knowledge Island

A diagnostic session in a functional KI may be decomposed into threefundamental tasks : hypotheses generation, analysis, and discrimination. During thefirst two tasks, a "discrimination matrix" is built, defining a relation between thepossible disorders (columns of the matrix) explaining the symptom(s) observed,and their manifestations (rows), consequences on the observablcs of the KIinvestigated.

a/ Hypotheses generation

A disorder d is defined by a set of pairs (Link, Qualification) that explains asymptom. It is most often an abnormal signature of the outputs of a functionalunit. In this case, it is the characterisation of a fault mode of this unit from anouside point of view.

The system generates a set of disorders £> explaining the manifestation(s)initially given (abnormal observation(s), or suspect link pointed out by thebehavioural investigation procedures). This result is achieved abductively throughbackward propagation of the abnormal qualifications, possibly to the limits of theKI. Only abnormal qualifications in a given context are propagated (a thread ofpropagation ends as soon as the influence propagated is normal in the consideredconfiguration of the spacecraft). The disorders d]...dk of the links crossed that canexplain the abnormal influences arc collected to form the set of candidate disorders£> ; they constitute the columns of the discrimination matrix.

Example : from the symptom mi = (Tg, temperaturc_low), the systemgenerates the following suspects : di = {(L$, temperaturejow)}, d2 = ((W,pulse_absent)} dg = {(Lg, tension_low)|, d4 = ((L2, zero)}, di is the trivialsuspect: it represents a failure in Ug. In this simple example, all the disorders arecomposed of only one pair (Link, Qualification).

b/ Hypotheses analysis

The system determines which observablcs T of the KI investigated would beaffected by each hypothetical disorder d, and the resulting manifestations M(d)+ =

The observable consequences are generated through forward



propagation of the abnormal qualifications, possibly to the limits of the KI. The setcM> of manifestations collected constitutes the rows of the discrimination matrix.Only abnormal qualifications in a given context are propagated.

Example : M(d])+ = (mi ), M(d])+ = (mi= (mi,m2,m3), with m2 = (Ti, pulse.absent),

c/ Hotheses discrimination

M(d])+ = {mi,T], tensionjow).

M(d4)

The principle of the diagnosis is then to enter a discrimination routine betweenthe hypotheses d. This discrimination is performed through the request ofinformation about observable parameters T (either to the user or to data analysisapplications).

A hypothetical manifestation m is chosen in cX, according to various criteria,like the discrimination power of the test, the reliability of the measure, its cost(effort required to acquire the information), etc. The test is then performed, givingthe qualification of the link, and the presence or absence of the manifestation m.

The disorders for which expected manifestations are not present are discarded.For instance, if d] causes mg (mg e M(di)) and mg is absent, then d4 is discarded.Conversely, for a given test, all disorders that do not predict the presence of amanifestation are removed if the manifestation turns out to be present. For instance,if d] does not cause ir\2 (m] £ M(d%)) and m? is present, then d% is discarded.

This process is repeated until the suspects cannot be further discriminated.

Figure 2. Discrimination matrix associated to the example,and discrimination among the possible causes of m4 :

diX

d2XX

daX

X

d4XXX

miW2rrh

PT\2 present ^

dpXX

d.XXX

mi

™2rrb

nr>3 absent ^ mi

4. Underlying assumptions of the present approach - possible extensions

- The single fault assumption is made throughout the diagnostic process, as it isvalid within the scope of use of the system.

Presently, discrimination in the matrix is based on the duality of corroborations/ discrepancies :

- on the one hand, disorders for which an expected consequence (abnormalstate of an observation) is absent (the observation is normal) are discarded. Theimplied meaning of the relation (d|, mj) represented by a mark in the matrix is thus"anomaly mj is a necessary (certain) consequence of disorder dj". All influencesappearing in the matrix are thus assumed to be certain.

- on the other hand, disorders for which an unexpected consequence (abnormalstate of an observation) is present (the observation is abnormal) are also discarded.This time, the implied meaning of the absence of the relation (di, mj) is thus"disorder dj cannot possibly cause anomaly mj". All influences are thus assumedto be represented in the matrix.



Therefore, the present implementation of the relational approach relies on theassumptions that in the model of the spacecraft, the set of consequences of adisorder is complete (all possible influences are described) and that all theconsequences defined in this set are certain. This assumption was made on the basisof efficiency constraints (it gives the maximum discrimination power to thealgorithm) and of knowledge acquisition considerations. During the knowledgeacquisition phase, the experts were specifically asked to give only reliable (in thesense of certain) influences. Such a strong constraint helped to identify a solid coreof the exploitable knowledge. However, it did not mean that the influences notmentioned by experts should be considered as impossible, as in DIAMS model.

This assumption is acceptable for a first level of diagnosis that has proven to bevery efficient in dealing with complex models containing tens of thousands ofcomponents. However, two types of influences (possible and certain) should bedistinguished in an extended version, to allow a better representation of the systemand improve the solutions given. An interesting further refinement of the relationalapproach would be to introduce graduality in the possibility / certainty of theconsequences of disorders.

IV. INTRODUCTION OF THE DISTINCTION BETWEEN POSSIBLE ANDCERTAIN INFLUENCES

We now study some of the possible extensions of the diagnostic paradigmchosen in DIAMS, i.e. the discrimination matrix, which is strongly related to therelational approach [15]. Our goal is first to define how discrimination can workwhen a distinction is made between possible and certain influences, and secondlyto see what pragmatic benefits can be expected from this introduction.

1. Crisp relational approach with introduction of possible / certain influences :

Reminder of the notations : 2) is the set of possible disorders (d|, ..., dj, ..., d%)

built during the hypotheses generation phase, and M> denotes the set of the npossible manifestations (mj, ..., m;, ..., m^} gathered during the hypothesesanalysis phase.

To each dj we associate the set M(d;)+ of manifestations which are entailed, orif we prefer caused, produced, with certainty by the presence of dj alone. m\ eM(dj)+ means that m\ is always present when dj alone is present. Conversely, wedefine the set M(dp' of manifestations which cannot be caused by dj alone, m; eM(dp~ means that m; is never present when dj alone is present.

Let M+ be the set of manifestations which are present, and M" be the set ofmanifestations which are absent. A manifestation m\ is determined as present orabsent by the calculation and qualification of the corresponding observable Tk .

Given the set M+ of present manifestations, the problem is to find whatdisorders) may have produced the manifestations in M+. We will make the singlefault assumption, as it is valid within the application. More general situations aredescribed in [9].



a/The completely informed case

We first consider the completely informed case where :(i) all the observables are calculated and qualified, and all manifestations are eithercertainly present or certainly absent :We suppose that M+ n M~ = 0 and M+ u M~ =cM».(ii) the set of manifestations which appear when a disorder is present is perfectlyknown. We suppose that if me M(d)+ it means that m is not caused by d: Vd,M(d)+ = M(d)'. We thus have Vd e £> M(d)+nM(d)~=0 and M(d)+uM(d)~= ,M(d)+ = M+) (1)

Note that M(d)+ = M+ M(d)+ = M(d)~ = M~.

b/DIAMS : incomplete observations

The hypothesis (i) that all the observables are calculated and qualified is notapplicable in the context of our application. Although most of the raw data isindeed available (the telemetry flow), its detailed analysis is usually performed onlyfor specific observations. Moreover, the qualification of some observable may bevery difficult : for some complex observables, like ihe evolution over time of aparameter, the data analysis systems and the users may be unable to decide whetherthe manifestation is present or not.

When complete information is not available about the presence or absence ofthe manifestations, the set M+ of manifestations which are certainly present and theset M" of manifestations which are certainly absent no longer form a partition of ; indeed we have M+ n M~ = 0 but M+ u M~ * , M+ c M(d)+ c Mh) (2)

Note that when M+ = M" , this equation reduces to (1).

The discrimination rules described in III.3.C can be derived from (2) :- a disorder d for which an expected manifestation m is not present is discarded :3 m, m e M(d)~*~ and m e M' (i.e. m e iVT).- a disorder d for which an unexpected manifestation is present is discarded :3 m, m e M+ and m e M(d)+.



c/Incomplete observations, incomplete information on the causal relations

Similarly, for some d, we sometimes do not know if a manifestation m followsor not from d ; in that case, m g M(d)+ and m £ M(d)~ : manifestation m is only apossible consequence of d. In other words, m may be present or absent when d ispresent. The union of the set M(d)+ of manifestations which are certainly producedby d alone and the set M(d)~ of manifestations which certainly cannot be causedby d alone, no longer covers M>, i.e. 3d, M(d)+ u M(d)~ # , but, we always haveM(d)+ n M(d)- = 0.

d belongs to the set D of potential disorders which alone can explain both M+and M"" if and only if d does not produce with certainty any manifestation which iscertainly absent in the evidence, and no observed manifestations must be ruled outby d. Formally we have :

D = (d € £), M(d)+ c fvF and M(d)~ c M+) (3)This also writes :

D = (d e £), M(d)+ n M~ = 0 and M(d)~ nM+ = 0) (4)

Clearly (3) reduces to (1) in the completely informed case since then M" = M+and M(d)~ = M(d)+. Note that if for some d M(d)+ = 0 = M(d)~, then d e D, i.e. adisorder for which absolutely no knowledge is available about its effects can alwaysbe considered as potentially responsible for observed manifestations. As expectedwhat is present and what is absent play symmetrical roles, exchanging + and - in(3). It should be noted that the above model does not make the closed worldassumption.

[16] (see also [15]) have extensively studied a relation-based formulation ofdiagnosis problems. In their model they assume the knowledge of a relationbetween disorders and manifestations, such that the fact that the pair (dj,m;) satisfiesthis relation "means d; may directly cause m\. Note that this does not mean that djnecessarily causes m], but only that it might", as stated in [15] : they define a

relation R by (d,m) e R m G M(d)~. Moreover, in their basic theory, the set M+of "manifestation known to be present" is supposed to be available. Consequentlyour core relational diagnostic model subsunr ' R^ggia's, in the incompletelyinformed case.

2. Extension of DIAMS

a/Extension of the discrimination matrix

The extension of the discrimination matrix to reflect the distinction introducedin the previous section is straightforward : each relation (d,m) is qualified either ascertain or as possible. If the relation does not exist, it means that d cannot cause m.(We choose to represent explicitly the possible influences rather than theimpossible ones because in practice, the former are much less numerous). M(d)+and M(d)- are thus represented explicitly.

b/ New discrimination rules

Equation (3) allows us to derive new discrimination rules in the extendedmatrix. As before, a test (corresponding to a row of the matrix) is selected through



a heuristic procedure similar to the one described in II.3.c. In this crisp approach,the possible states of an observation remain divided in three classes : manifestationabsent, m e M", manifestation present, m e M+, or ignorance about whether themanifestation is present or not, m g M" and m e M+. If the test cannot beanswered, it is ignored since it does not affect the set of current hypotheses.

Each relevant disorder d (column of the matrix) is then examined with respectto the result of the test. It is either discarded (it cannot be the cause of the observedsymptoms) or kept (it may be the cause), according to the following discriminationrules, directly derived from equation (3) :

Figure 3 : new discrimination rules, distinguishing possible and certain consequences

d such that m is a certainconsequence of d:m e M(d)+

d such that m is apossible consequence of d :

m*M(d)+and mgM(d)-d such that m is an

impossible consequence ofd i m e M(d)-

manifestation absentm € M'

d discarded

no change

no change

manifestation presentm e M+

dkept

dkept

d discarded (on the basisof the single fault

assumption}

Figure 4 : new discrimination matrix for the example, new discrimination process

dgn

N n

17*2 present ^

dpNN

d.NNn

minipnrh

(Tl3 absent

doNN

d<NNn

mim%ma

n stands for possible consequence, N for necessary (certain) consequence.d4, which was discarded by DIAMS, is now a remaining hypothesis.

b/Benefits and limitations

The introduction of the distinction between possible and certain influences isinteresting in the second and third phases of the diagnosis : hypothesis analysis anddiscrimination. (In the first phase, hypotheses generation, all possible causes of thesymptoms observed have to be taken into account).

This improvement of the representation will :

- facilitate the knowledge acquisition phase : the notion of influence is clarified,and the distinction between impossible / possible / certain influences is intuitive.Furthermore, at knowledge acquisition time, the benefits of the constraint that wasput on the experts (sec III.4), that is to give only completely reliable influences, canbe kept, while improving the knowledge gathered : it is possible to express not onlysure relationships, but also impossible ones.

- make the models more realistic, and thus eliminate a potential source oferrors, namely the abusive elimination of a suspect when one of its expectedconsequences (which is only a possible consequence) is not present. For instance, ifa consequence mj of dj is only possible (not necessary), d| should not be discardedif mj is turns out to be normal (as it was the case before).



- make the model more complete by allowing the representation of influencesthat are only possible, and thus give rational support for discarding a disorder d;when mj is present (the observation is abnormal) and (dj, mj) does not exist(meaning that the influence is impossible). (Of course, in this case, the single faultassumption must be valid).

However, it will most often generate more remaining suspects at the end of thediscrimination than when the previous (sometimes adventurous) discriminationstrategy was used.

Disorders which would be discarded by DIAMS strategy but which remaincandidates in the extended version are those for which a manifestation m that isnow expressed as possible (m g M(d)+, m e M(d)~)

- is absent (meM+) but was previously expressed as certain in DIAMS, or- is present (me M~~) but was previously implicitly expressed as impossible.

It is thus useful to introduce degrees of possibility / necessity of the influencesto rank the remaining suspects.

V. INTRODUCTION OF UNCERTAINTY DEGREES IN THE RELATIONALAPPROACH : A NEW MODEL BASED ON TWOFOLD FUZZY SETS

In this section, we propose a graded counterpart of the model presented for thenon-complctely informed case in Section IV.2.

1. Fuzzy relational approach

M+ and M~ are now fuzzy sets of manifestations which are respectively moreor less certainly present, and more or less certainly absent. However we keep therequirement M+ n M~ = 0 (where the intersection is defined by the minoperation), i.e. we cannot be somewhat certain of both the presence and theabsence of the same manifestation simultaneously.

Similarly, M(d)+ and M(d)~ denote the fuzzy sets of manifestations which arerespectively more or less certainly present and more or less certainly absent whendisorder d alone is present. Obviously, we also assume Vd, M(d)+nM(d)~ = 0.

By complementation (defined by jip = 1 - jip), we obtain the fuzzy sets M",

M(d)' of manifestations which are more or less possibly present in the consideredsituation, when d is present. This corresponds to the usual duality between what is(more or less) certain, i.e. necessarily true, and what is (more or less) possibly true.Indeed a pair of dual possibility and necessity measures FI and N are related by therelation FI(A) = 1 - N( A), for any event A (see [1] for instance). Note that M+ cM", M(d)+ c M(d)- in the sense of fuzzy set inclusion (inequality between themembership functions). An even stronger inclusion holds. Since M+ n M~ = 0, wehave

l } (5)

i.e. the support of M+ is included in the core of M* ; the same holds for M(d)+,M(d)~. This is in agreement with the fact that for crisp events A, we have N(A)>0 =>



F1(A)=0 => FI(A)=1 since then one of A or A, at least, should be completelypossible ; see [7] for instance.

A pair of fuzzy sets (F,G) such that F n G = 0 is called a twofold fuzzy set [6].Twofold fuzzy sets (F,G) have been introduced for modelling incompletely knownsets, i.e. sets which characteristic function is ill-known. F represents the elementswhich more or less belong to this ill-known_set and G represents the elements whichmore or less possibly belong to it. But FuG might not cover the whole referential.

Similarly, the pairs (M(d)+, M(d)~) define a twofold fuzzy relation on £) x M, .The extension to fuzzy sets of the equation (4), which gives the set D = (d e £> ,M(d)+ n M~ = 0 and M(d)~ n M+ = 0) of potential disorders explaining bothM+ and M~, can be done using the max-min consistency of two fuzzy sets. Theconsistency operation evaluates to what extent their intersection is not empty, i.e.the degree to which F n G * 0. [18]. It is defined by cons(F,G) =maxu(min(jip(u),(u,Q(u))) The degree to which M(d)+ n M~ = 0 is 1-

cons(M(d)+,M~).

D can thus be defined by

Vde £),̂ g(d) = min(l-cons(M(d)+,M-), l-cons(M(d)-,M+))

= 1 - max(cons(M(d)+,M~), cons(M(d)-,M+)) (6)

(6) clearly expresses that a disorder d is all the less a candidate explanation thatthe fuzzy set of its more or less certain effects overlaps the fuzzy set ofmanifestations more or less certainly absent, or as the fuzzy set of effects which aremore or less certainly absent when d is present overlaps the fuzzy set ofmanifestations which are more or less certainly present. More theoreticalconsiderations can be found in [9].

Figure 5 : illustrations of the notions oftwofold fuzzy set and consistency of two fuzzy sets

(M +, M 1 is a twofold fuzzy set : M+nM =0 consistency of M + and M(d)~

2. Extension of DIAMS

a/Extension of the discrimination matrix

The extension of the discrimination matrix to reflect the distinction introducedin the previous section is similar to the one described in II.3.A : each relation (d,m)is qualified cither with a degree of possibility less than 1 (and an implicit degree ofnecessity equal to 0) or with a degree of necessity greater than 0 (and an implicitdegree of possibility equal to 1). If the relation "docs not apply, it means that dcannot cause m (equivalent to (d,m) with (0,0) qualification).



b/New discrimination strategy

From this extension and on the basis of equation (6), we can define a newdiscrimination strategy leading to the definition of membership degrees jig(d) ofpossible disorders d to the set of plausible disorders.

The membership degree u,g(d) expresses "how well" the disorder d explainsthe present and absent manifestations. The remaining disorders can now be rankedaccording to the degree of explanation they offer to the manifestations present andabsent.

The update of the membership function of D when a new observable isqualified is computationally inexpensive. For each d, two partial computations aand p are saved and updated at each iteration. They are initialised with :

a =(3 =

Let us assume that the presence of m^, which was completely unknown(u, +(mk) = u. (m%) = 0) becomes known (modification of either fî (̂m̂ ) or

M-M-(mk) to U-RF(mk) or ̂(m0). Before the update, ̂+(m0 = ̂.(m̂ ) = 0

do not play any role in the computation of jig : the membership function remainsthe same ifm% is removed from the list of possible manifestations (incidentally, thisproves that the representation of ignorance is adequate).

a and (3 are respectively updated to :and

The updated membership function is :V d e a, ̂ ig(d) = 1 - maxCa"̂ , g/*̂ )̂ (9)

c/ Impact on the discrimination power

Depending on the way the gradually is introduced in the relations and in theobservations, the introduction of the representation of gradual uncertainty can giveeither a greater or a lower discrimination power than in the previous case wherepossible and certain influences and manifestations were distinguished but nograduality introduced (discrimination power expresses the capacity to discardhypotheses of disorders). The difference lies in the way the refinements are madeduring the knowledge acquisition, and in the way the manifestations are qualifiedas present / absent.

Two cases can be identified :

(i) "internal refinement", where. consequences that were previously expressed as certain or impossible become

somewhat certain or somewhat impossible, and where possible consequencesremain completely possible.

. manifestations expressed as certainly present and certainly absent are nowrespectively somewhat certainly present and absent, and where manifestations whichcould not be determined present or absent remain completely possibly present, butnot certain at all.



In the external refinement, the crisp M(d)+, M(d)~, M+, M~ of section IV form thesupport of their fuzzy counterparts.

(ii) "external refinement", whereconsequences previously expressed as certain and impossible remain

respectively certain and impossible, and where some possible consequences are nowexpressed as either somewhat certain or somewhat impossible.

. manifestations expressed as certainly present and certainly absent remainrespectively certainly present and absent, and where manifestations expressed aspossibly present are now either somewhat certainly present or somewhat certainlyabsent.In the external refinement, the crisp M(d)+, M(d)", M+, M' of section IV form thecore of their fuzzy counterparts.

Figure 6 : Illustration of the notion of internal / external refinement

M(d)" M(d)*

impossible possible certain j,consequences of d (crisp case)

M(d)+ Mfd)*

internal refinement external refinement

Let C(F) and S(F) denote respectively the core and the support of the fuzzy set F.

Let be defined by (d)= 1 - max(cons(M(d)+,M-), cons(M(d)-,M+)).

In the case (i) of internal refinement :Dcris =(de £), S(M(d)+) n S(M~) = 0 and S(M(d)~) n S(M+) = 0}, from (4).

de D,'crisp cons(M(d)+, M~) = 0 and cons(M(d)~, M+) = 0max(cons(M(d)+, M~),cons(M(d)-, M+) = 01 - max(cons(M(d)+, M~),cons(M(d)-, M+) = 1

forms the core of Df

In case of internal refinement, extra suspects may be generated through theintroduction of gradual uncertainty, and all the suspects identified in the crisp caseremain suspect, with membership degree 1. This situation is generally not veryinteresting, although it prevents from wrongly discarding possible causes.

Figure 6 : Example of internal refinement of our example :

n,ono

0*2,1N,0.8

no

0-3,1mno

04,1N,0.6N,0.6

The remaining hypoheses are the same as in the non gradual case (in this simpleexample, however, no extra suspects are generated), and they are equally possible :the introduction of gradually by internal refinement did not give any benefit.

In the case (ii) of external refinement :DcrisD =(de £>, C(M(d)+) n C(M~) = 0 and C(M(d)-) n C(M+) = 0), from (4).d e Dcrisp


1 - max(cons(M(d)+, M-),cons(M(d)~, M+) > 0) = 1' i.e. Dcrisp forms the support of

In case of external refinement, we do not get any extra suspect through theintroduction of gradual uncertainty. On the contrary, the discrimination power isenhanced by the ranking of the remaining disorders.

Figure 7 : Example of external refinement of our example :

nono n,o

N,0.5II.O

n,o.7

Introduction of graduality by external refinement allowed the ranking of the remaininghypoheses : d2 is a better explanation than d4.

In summary, a greater discrimination power will be achieved if the followingconditions hold when the relation is built:

* the influences that were certain remain completely certain,* the influences that were impossible remain completely impossible,* other influences (that were only possible) are expressed as somewhatcertain or somewhat impossible.

In an extreme case, the maximum discrimination power (which was reached byDIAMS) can be obtained, when all the influences and manifestations are eithersomewhat certain or somewhat impossible. (DIAMS is the crisp case of thissituation : all influences and manifestations are cither certain or impossible).

In a real application, both internal and external refinement cases are likely to bejointly present, in the cause-effect relation and/or in the manifestations. Thisconsideration should be taken into account for the elaboration of the knowledgeacquisition procedures, and for the training of the users.

c/ Benefits of the introduction of gradual uncertainty

From a discrimination point of view, the benefit of the introduction ofgraduality in the uncertainty of the influences and in the characterisation of theobservables is that it allows a ranking of the solutions given by the system.

Allowing the user to express his/her uncertainty about the interpretation of theobservable is recognized as a need from the user's point of view. Indeed, someobservations involve complex combination and abstraction of elementary pieces ofdata, followed by a high level interpretation of the result.

VI. DIRECTIONS OF FURTHER RESEARCH

1. Links with causal reasoning

It would be interesting to develop a logical framework in which it would bepossible to express both "weighted deductive rules associating manifestations todisorders and weighted evocation rules (in the sense of Pearl, [14]) associatingpossible disorders to manifestations, and perform local reasoning tasks. Causalnetworks could indeed be used to represent the chains of local influences, andcompute the degrees of possibility / necessity of the relations, or be usedcomprehensively lor hypothesis generation, elaboration and discrimination.



2. Introduction of graduality in the intensity of the influences

We introduced graduality in the representation of the certainty of presence /absence of binary manifestations. A similar mechanism could be used to representthe intensity of presence / absence of the manifestations, due to the presence ofcontinuous observables, using a fuzzy binary partion of their assessment scales[17], [13].

3. Introduction of temporal aspects in the relational model

Currently, in the functional model, the system makes the assumption that speedof propagation is "not slow" with respect to the observation frequency : in otherwords we suppose that the reasoning takes place on a time interval at which all thetelemetries that should be affected by the anomaly are abnormal. It would beinteresting to use chronologies of expected manifestations of disorders, as an extraelement for the discrimination. This could correspond to a shift toward a diagnosticparadigm involving causal networks with intermediary nodes.

VII. CONCLUSION

In this paper, we described a pragmatic approach to hybrid model-based /relational diagnosis of complex artefacts. The assumptions underlying the firstoperational version of the system were pointed out, and refinements grounded onpossibilistic logic were proposed that introduce a greater expressivity of the modelsand ensure the validity of the discrimination procedure. Introduction of gradualuncertainty was proposed to enrich the conclusions of the diagnosis. Undergoingexperiments should prove that these refinements are ripe for introduction inoperational complex knowledge based systems. This technique forms a part of amore comprehensive study of the handling of uncertainty, time and incompletenessin a real world diagnostic application [51.

REFERENCES

[1] Brenot J.M., Caloud Ph., Valluy L. "On the Development of an OperationalExpert System for the Telecom 2 Satellite Control Centre", in ESA WPP 025,proceedings of ESTEC Workshop on Artificial Intelligence and KnowledgeBased Systems for Space, Noodwijk, Netherlands, 1991

[2] Brenot J.M., Parrod Y., Aubin D., Parquet C. "ARIANEXPERT : a KnowledgeBased System to analyse Arianc's Mission Data", in ESA WPP 025,proceedings of ESTEC Workshop on Artificial Intelligence and KnowledgeBased Systems for Space, Noodwijk, Netherlands, 1991.

[3] Caloud P., Lecouat F., dc Saint Vincent A., Valluy L. : "On-Board DecisionSupport Systems for Orbital Rendez-Vous Operations", in Proceedings ofIMACS International Workshop on Qualitative Reasoning and DecisionSupport Systems, Toulouse, France, M.Singh, L. Travd-Massuyes cd. 1991.

[4] Caloud P., Valluy L., Gasquet A., Brcnot J.M, : "On the design anddevelopment choices to bring to operation a diagnostic expert system for theTelecom 2 satellite". Proceedings of Tooldiag International Conference onFault Diagnosis Toulouse, France, 1993.

[5] Cayrac D., Haziza H. : "Management of Uncertainty and TemporalDependencies in Real World Diagnostic Systems, Application to the SpaceDomain", Proceedings of Tooldiag International Conference on FaultDiagnosis, Toulouse, France, 1993.



[6] Dubois D., Prade H. 'Twofold fuzzy sets and rough sets — Some issues inknowledge representation". Fuzzy Sets and Systems, 23, pp. 3-18, 1987.

[7] Dubois D., Prade H. (with the collaboration of Farreny H., Martin-Clouaire R.,Testemale C.) "Possibility Theory — An Approach to Computerized Processingof Uncertainty". Plenum Press, New York, 1988 (French editions, Masson, 1985and 1987).

[8] Dubois D., Prade H. "Upper and lower images of a fuzzy set induced by afuzzy relation : applications to fuzzy inference and diagnosis". InformationSciences, 64, pp. 203-232, 1992.

[9] Dubois D., Prade H. : "Fuzzy Relation Equations and Abductive Reasoning".to appear in a special issue of Fuzzy sets and Systems entitled "Equations andRelations on Ordered Structures : Mathematical aspects and Applications", A.Di Nola, W. Pcdrycz, S. Sessa, cds, 1993.

[101 Haziza M. "An Expert System Shell for Satellite Fault Isolation based onStructure and Behaviour", in proceedings of ESTEC Workshop on ArtificialIntelligence and Knowledge Based Systems for Space, Noodwijk, Netherlands,1988.

[11] Haziza M. "DIAMS: an expert system shell for satellite fault isolation - Theuser feedback", in: Proc. of Human-machine interaction and ArtificialIntelligence in Aeronautics and Space conference, pp. 313-331, 1990.

[121 Haziza M. "Towards an Operational Fault Isolation Expert System for FrenchTelecommunication Satellite Telecom 2", : Proc. ESA Symposium "Grounddata systems for spacecraft control", Darmstadt, FRG, pp. 385-392, 1990.

[13] Kitowski J., Bargiel M. "Diagnosis of faulty states in complex physicalsystems using fuzzy relational equations". In : Approximate Reasoning inIntelligent Systems, Decision and Control (E. Sanchez, L.A. Zadch, eds.),Pergamon Press, pp. 175-194, 1987.

[14] Pearl J. "Embracing causality in default reasoning". Artificial Intelligence,35, pp. 259-271, 1988.

[15] Peng Y., Rcggia J.A. "Abdutive Inference Models for Diagnostic Problem-Solving". Springer Verlag, New York, 1990.

[16] Rcggia J.A., Nau D.S., Wang P.Y., Peng H. "Aformal model of diagnosticinference". Information Sciences, 37, pp. 227-285, 1985.

[17] Sanchez E. "Solutions in composite fuzzy relation equations : application tomedical diagnosis in Brouwerian logic". In : Fuzzy Automata and DecisionProcesses (M.M. Gupta, G.N. Saridis, B.R. Gaines, eds.), North-Holland,Amsterdam, pp. 221-234, 1977.

[18] Zadch L.A. "A theory of approximate reasoning". In : Machine Intelligence,Vol. 9 (J.E. Hayes, D. Michics, L.I. Mikulich, cds.), Halstead Press, New York,pp. 149-194, 1979.


relational approach to fault diagnosis based matra marconi ......relational approach to fault...

Documents