1
Bayesian Networks: a Modeling Formalism for System Dependability
For complex systems, it is assumed that the system and the components have a finite number of states or operating levels. If the number of states is reduced to 2, then a binary hypothesis is used; otherwise the system and its components are multi-state. In this case, the evaluation of the reliability of the system becomes difficult, as it must take into account the effects of combinations of failures that are not independent of the multi-state nature of the system components. The result is the development of numerous modeling scenarios that become tedious for the analyst. In such cases, standard modeling procedures are insufficient, mainly due to their basis in Boolean logic or their need for (computationally expensive) randomized simulations.
As mentioned in [BOU 99], the modeling methods that come from artificial intelligence such as Bayesian networks (BN) can provide an effective support in control or maintenance areas, or in risk reduction for industrial systems. BN have powerful modeling and analysis capabilities. They provide a formal framework to handle or process probabilistic events by representing them using discrete random variables [PEA 88, JEN 96]. The relationships between them are represented by conditional probabilities. BN models are based on a powerful formalism of expressing complex dependence and independence between multi-state random variables. This formalism is, therefore, well suited to the representation of complex multi-state systems.
The application of BN in dependability analysis is a recent development. Their popularity has grown in the field of reliability analysis since the late 1990s [TOR 98, KAN 99]. According to [WEB 12b], up to 200 papers among 7,000 references have covered this field during the last decade.
Many of the significant papers in the application of BN to dependability have focused on demonstrating the equivalence between BN and conventional methods used in probabilistic risk assessment (PRA). For instance, Torres-Toledano’s works [TOR 98] state the pro and cons of BN with respect to reliability block diagrams (RBD). Bobbio’s works [BOB 01, BOB 03] explain how a fault tree can be transformed into a BN. In addition, [BOU 05b, BOU 05a, BOU 06, POR 10] describe the dynamic fault trees in dynamic BN and [WEB 02, WEB 03, WEB 06, BEN 06] link DBN with Markov chains.
At the same time, new modeling methods using BN modeling capabilities have emerged. One of the first papers [MAH 01] has proposed a methodology using BN for the assessment of infrastructure reliability. This methodology allows us to model two important characteristics of large structures: the modeling of multiple failure sequences and the correlations between the critical states at the component level.
The following papers [MUL 04, LÉG 09, MED 13, MED 15] have focused on a new methodology that is used to build BN models and to justify BN models for the reliability and risk analysis of complex systems. The publication of [BEN 13] has offered a method of construction for BN structure based on the cuts, to assess the performance of multi-state systems. These papers give clear motivation for using BN in dependability compared with conventional modeling methods.
Several survey papers [LAN 07, LAN 08, WEB 12b] have provided a good overview of BN applications in the domain of dependability. Unfortunately, this modeling formalism is not yet fully accepted in industry. The French Institute of Risk Management (IMdR) has supported several projects to promote BN modeling. The IMdR P04-7 project [MUN 07] assesses the appropriateness of BN modeling for seven dependability problems posed by industrialists and the IMdR P09-2 project [GUY 09] addresses the issue of BN modeling validation.
1.1. Probabilistic graphical models: BN
In this section, the BN formalism is introduced as a probabilistic graphical model [PEA 88]. Mathematical objects are based on graph theory and probability theory. A BN represents a factorized model of a joint probability distribution of several discrete random variables. Graph theory provides the algorithms required to analyze graphical property. Probability theory brings a formalism to quantify the dependencies between variables by introducing conditional probability laws.
1.1.1. BN: a formalism to model dependability
The probabilistic graphical model (PGM) considered here is a directed acyclic graph (DAG). A DAG comprises nodes and directed edges. Nodes can be classified into two classes: parent nodes and child nodes. A parent node is a node with outgoing edges while a child node is a node with incoming edges. A parent node is called a root node if it has no incoming edges. A child node is a leaf node if it has no outgoing edge. Each parent node x in a graphical probabilistic model is assigned a marginal probability distribution P(x) and each child node E is associated with a conditional probability P(E|pa(E)), where pa(E) is the set of all parent nodes of E. For instance, in Figure 1.1 pa(E2) = x2, x3 and pa(E1) = x1.
PGM is defined by the structure of the graph and the probabilistic parameters. According to the graph structure shown in Figure 1.1, the a priori probability laws are: P(x1), P(x2) and P(x3); while the conditional probabilities are P(E1|x1), P(E2|x2, x3) and P(y|E1, E2). The conditional probabilities are defined by a conditional probability table (CPT) as a matrix giving the probability distribution of the variable with respect to the Cartesian product of its parent variable states. For instance, the conditional probability P(y|E1, E2) is given in Table 1.1 for the 
states of y, according to the 
states of E1 and the 
states of E2.
Figure 1.1. Bayesian network model
Table 1.1. Generic definition of a conditional probability table
DEFINITION 1.1.– A PGM represents the joint probability distribution of a set of random variables by using the conditional dependence/independence relationship between them. A DAG is used to represent the variables and the dependence relationships between them. Each variable is characterized by a probability distribution defined conditionally based on its parent’s variables in the graph.
1.1.2. Inference mechanism
Like several other modeling tools, BN are interesting for their graphical aspect. However, the probabilistic inference mechanism is more interesting and is the actual strength of the tool. Thanks to this inference, a BN is able to compute the marginal probability distribution of any variable according to:
- – the realizations or measurements of observed variables (evidence);
- – the likelihood regarding the state of certain variables;
- – an a priori knowledge about the probability distribution of unobserved variables;
- – the conditional probability distribution between variables.
The inference mechanisms are explained in [JEN 96, PEA 88] and are outside the scope of this book. Nevertheless, several inference mechanisms exist to compute the exact probabilities or the approximate probabilities for very complex systems. The inference algorithms are used to integrate new information in the model as soft or hard evidence. This information modeled as new observations on some variable states is a way to compute the impacts of situations on target variables. In maintenance or risk management, it is interesting to integrate specific situations or compute the impacts of some scenarios or maintenance actions. In all inference mechanisms, Bayes theorem is used to propagate the probabilities on the variables and to update the probabilities of all the variables given the observations of states or likelihoods of states.
In computer science, current research focuses mainly on inference efficiency to handle increasingly complex models and to increase the number of variables handled. For the exact inference, efficient algorithms use the BN structure to solve the non-deterministic polynomial-time-hard (NP-hard) problem to compute an a posteriori probability distribution of random variables [PEA 88, PEO 91, JEN 90, SHA 96, MAD 99, FAY 00, ALL 03]. The best known algorithms are based on the junction tree. For a detailed explanation, refer to [JEN 96, pp.76]. The newest algorithms attempt to reduce the memory requirements and to increase the computing speed to deal with larger models [JAE 02, WUI 12]. In dependability analyses, these abilities help model industrial-scale systems.
1.2. Reliability and joint probability distributions
BN are often of interest in the modeling of the dependability of systems. They allow a factorized model of the dependencies between the component states and the system states.
1.2.1. Multi-state system example
For a better understanding of BN applied to dependability modeling problems, let us analyze the multi-state system in Figure 1.2. This system contains three valves (V1, V2 and V3). Its goal is to distribute a fluid. In this system, the components each have three states: a functioning state Ok and two disjoint failure states, i.e. remains closed Rc and remains open Ro [WEB 03]. Discrete variables (x1, x2 and x3) model the states of the valves (V1, V2 and V3). The probability of each of the states is given for each variable in Table 1.2.
Figure 1.2. Multi-state system with three valves
Table 1.2. Probability distributions of component states
| Ok | Rc | Ro | |
| P (x1) | 0.31655 | 0.22782 | 0.45563 |
| P (x2) | 0.19748 | 0.32095 | 0.48157 |
| P (x3) | 0.14159 | 0.3678 | 0.49061 |
1.2.2. Joint distribution
For any system, a probability is defined for each state corresponding to the Cartesian product between the states of each component and the system states to define the joint probability [SHA 96, p. 2]. The advantage of this representation is to show all the possible situations (working or failure). The main drawback is the size of the Cartesian product that increases rapidly and becomes excessive for the analyst, particularly in industrial-scale systems.
Tables 1.3 and 1.4 provide the application of the multi-state system with three valves. The joint probability is defined by P(y, x1, x2, x3), where y represents the system states and xi represents the states of the components in the three-valve system. If the system is functioning, then y = Ok, otherwise y = Hs.
1.2.3. Reliability computing
The system reliability depends on the components’ reliability (x1, x2 and x3) and the relation between the system reliability, y, and the component states. This relation is the structure function. The joint probability distribution P(y, x1, x2, x3) can be computed on any structure function. In the case of the three-valve system, the reliability can be computed from the joint probability distribution. The reliability is then given by marginalization P(y = Ok) = 0.345721859, which is the sum of all state combinations, where the system state is Ok. Note that it is possible to compute all conditional probabilities from the joint probability distribution.
Table 1.3. Joint probability distributions modeling the three-valve system, part 1
| Scenarios | y | x1 | x1 | x1 | P(y, x1, x2, x3) |
| 1 | Ok | Ok | Ok | Ok | 0.008851116 |
| 2 | Ok | Ok | Ok | Pf | 0.022992022 |
| 3 | Ok | Ok | Ok | Po | 0.030669157 |
| 4 | Ok | Ok | Pf | Ok | 0.01438508 |
| 5 | Ok | Ok | Pf | Pf | 0 |
| 6 | Ok | Ok | Pf | Po | 0.049844368 |
| 7 | Ok | Ok | Po | Ok | 0.021584119 |
| 8 | Ok | Ok | Po | Pf | 0.056067794 |
| 9 | Ok | Ok | Po | Po | 0.074789071 |
| 10 | Ok | Pf | Ok | Ok | 0 |
| 11 | Ok | Pf | Ok | Pf | 0 |
| 12 | Ok | Pf | Ok | Po | 0 |
| 13 | Ok | Pf | Pf | Ok | 0 |
| 14 | Ok | Pf | Pf | Pf | 0 |
| 15 | Ok | Pf | Pf | Po | 0 |
| 16 | Ok | Pf | Po | Ok | 0 |
| 17 | Ok | Pf | Po | Pf | 0 |
| 18 | Ok | Pf | Po | Po | 0 |
| 19 | Ok | Po | Ok | Ok | 0.012739958 |
| 20 | Ok | Po | Ok | Pf | 0.033093839 |
| 21 | Ok | Po | Ok | Po | 0 |
| 22 | Ok | Po | Pf | Ok | 0.020705336 |
| 23 | Ok | Po | Pf | Pf | 0 |
| 24 | Ok | Po | Pf | Po | 0 |
| 25 | Ok | Po | Po | Ok | 0 |
| 26 | Ok | Po | Po | Pf | 0 |
| 27 | Ok | Po | Po | Po | 0 |
1.2.4. Factorization
From the Cartesian product of states, a factorized version of the joint probability distribution can be computed by introducing conditional independence. Components x1, x2 and x3 are state independent. Thus, the expression becomes P(x1, x2, x3) = P(x1). P (x2). P(x3). Nevertheless, the functioning state of the system (y = Ok) depends on the state of components x1, x2 and x3. The joint probability distribution can be rewritten in the following factorized form:
Table 1.4. Joint probability distributions modeling the three-valve system, part 2
| Scenarios | y | x1 | x1 | x1 | P(y, x1, x2, x3) |
| 28 | Hs | Ok | Ok | Ok | 0 |
| 29 | Hs | Ok | Ok | Pf | 0 |
| 30 | Hs | Ok | Ok | Po | 0 |
| 31 | Hs | Ok | Pf | Ok | 0 |
| 32 | Hs | Ok | Pf | Pf | 0.037367275 |
| 33 | Hs | Ok | Pf | Po | 0 |
| 34 | Hs | Ok | Po | Ok | 0 |
| 35 | Hs | Ok | Po | Pf | 0 |
| 36 | Hs | Ok | Po | Po | 0 |
| 37 | Hs | Pf | Ok | Ok | 0.006370119 |
| 38 | Hs | Pf | Ok | Pf | 0.016547283 |
| 39 | Hs | Pf | Ok | Po | 0.022072492 |
| 40 | Hs | Pf | Pf | Ok | 0.010352895 |
| 41 | Hs | Pf | Pf | Pf | 0.026893105 |
| 42 | Hs | Pf | Pf | Po | 0.035872829 |
| 43 | Hs | Pf | Po | Ok | 0.01553402 |
| 44 | Hs | Pf | Po | Pf | 0.040351808 |
| 45 | Hs | Pf | Po | Po | 0.05382545 |
| 46 | Hs | Po | Ok | Ok | 0 |
| 47 | Hs | Po | Ok | Pf | 0 |
| 48 | Hs | Po | Ok | Po | 0.044144015 |
| 49 | Hs | Po | Pf | Ok | 0 |
| 50 | Hs | Po | Pf | Pf | 0.05378503 |
| 51 | Hs | Po | Pf | Po | 0.071744083 |
| 52 | Hs | Po | Po | Ok | 0.031067358 |
| 53 | Hs | Po | Po | Pf | 0.080701844 |
| 54 | Hs | Po | Po | Po | 0.107648537 |
Equation [1.1] is the factorized form of the joint probability distribution P(y, x1, x2, x3). The conditional probability distribution P(y|x1, x2, x3), which is deterministic, remains unwieldy. Nevertheless, the conditional probability distribution may be factorized again by introducing intermediate variables, as done in fault trees. For instance, the system can be divided into two stages, as shown in Figure 1.3. Two variables E1 and E2 are introduced that characterize the states of the system stage. E1 characterizes the possibility of controlling the flow in stage 1 and E2 in stage 2.
Figure 1.3. Multi-state three-valve system with two stages
To maintain all the information about the states, E1 and E2 are defined in three states:
- – Ok, if it is possible to open or close the stage;
- – if the stage failed and is stuck in the closed state and stops the flow;
- – Ro, if the stage failed and is stuck in the open state and allows the flow.
Thus, equation [1.1] becomes:
The probability distributions of the component states given in Table 1.2 are considered to be independent. They can be defined, thanks to the component lifetime or the end of mission, and estimated according to their reliability law (exponential, Weibull, etc.) or given by an expert.
The factorization of independent variables in the model helps simplify the model by a set of conditional probabilities whose size is considerably smaller than that of the joint probability. The conditional probability distributions are given in Tables 1.5, 1.6 and 1.7. Therefore, the BN is a graphical representation of this factorization of joint probability. By adding the graphical representation, the BN gives an easily interpretable model (Figure 1.1). The exact inference algorithms compute the marginal probability of all requested variables, for instance the probability distribution of y:
Table 1.5. Probability distributions of E1 states
| x1 | P(E1 = Ok) | P(E1 = Pf) | P(E1 = Po) |
| Ok | 1 | 0 | 0 |
| Rc | 0 | 1 | 0 |
| Ro | 0 | 0 | 1 |
Table 1.6. Probability distributions of E2 states
| x2 | x3 | P(E2 = Ok) | P(E2 = Pf) | P(E2 = Po) |
| Ok | Ok | 1 | 0 | 0 |
| Rc | 1 | 0 | 0 | |
| Ro | 0 | 0 | 1 | |
| Rc | Ok | 1 | 0 | 0 |
| Rc | 0 | 1 | 0 | |
| Ro | 0 | 0 | 1 | |
| Ro | Ok | 0 | 0 | 1 |
| Rc | 0 | 0 | 1 | |
| Ro | 0 | 0 | 1 |
Table 1.7. Probability distributions of y states
| E1 | E2 | P(y = Ok) | P(y = Hs) |
| Ok | Ok | 1 | 0 |
| Rc | 0 | 1 | |
| Ro | 1 | 0 | |
| Rc | Ok | 0 | 1 |
| Rc | 0 | 1 | |
| Ro | 0 | 1 | |
| Ro | Ok | 1 | 0 |
| Pf | 0 | 1 | |
| Ro | 0 | 1 |
It should be noted that the probability distribution obtained by the BN model is the same as that obtained from the joint probability, such as P(y = Ok).
1.3. Discussion and conclusion
The tables that define the conditional probabilities model the structure function of the system. This structure function is an equation that describes the relation between the component states and the system states. If the structure function is constant, then it implies that the conditional probability distribution is time independent. Defining the conditional probability using a table allows the modeling of any relations between the system states and the component states. If the relation is based on Boolean operation (AND, OR, etc.), then the CPT is deterministic, but more complex relations can be modeled. The reliability of the system is well modeled if the structure function is correctly modeled by the BN and if all scenarios are described. A CPT contains all the knowledge about the relation between the input states and the output states requested by the analysis.
In the classical case of binary state hypothesis, i.e. the system and its components can have two states {Ok, Hs}, the structure function is similar to a Boolean function. The CPT translates this Boolean relation. In this case, there is an exact correspondence between the BN model and a RBD when considering the working case or a fault tree when considering the failure case. Note that for our illustration, a non-binary function with three state components is deliberately chosen, to go beyond usual cases with RBD and fault tree and to exhibit part of the advantages of the BN model.
In our illustration as in all binary cases, there is no uncertainty between the combination of component states and system states. The probabilities of P(y|x1, x2, x3) are equal to 0 or 1. Therefore, CPT is deterministic. Note that this is not necessarily the case, for example, in a non-deterministic model, P(y|x1, x2, x3) ∈ [0, 1]. This case models some situations where there is an uncertainty about the consequence of a component state combination, an uncertain function due to a human factor, an uncertain context, etc.
In this chapter, some of the main advantages of BN techniques have been discussed in an academic and industrial context. It is not necessary to know the joint probability of the system to find the BN model. The analyst can build the model gradually, but he should conduct his analysis with a semantic guide.