Centralized Fault Detection of Complex Uncertain Hybrid Systems ⁎

Centralized Fault Detection of Complex Uncertain Hybrid Systems ⁎

14th IFAC Workshop on Discrete Event Systems 14th IFAC Workshop on Discrete Event Systems May - June 1, 2018.on Sorrento Italy 14th IFAC Workshop Disc...
Download PDF
1MB Sizes 0 Downloads 39 Views
Report

14th IFAC Workshop on Discrete Event Systems 14th IFAC Workshop on Discrete Event Systems May - June 1, 2018.on Sorrento Italy 14th IFAC Workshop Discrete Event Systems 14th 30 IFAC Workshop DiscreteCoast, Event Systemsonline at www.sciencedirect.com May 30 - June 1, 2018.on Sorrento Coast, Italy Available May 30 30 June 1, 2018. 2018.on Sorrento Coast, Italy 14th IFAC Workshop DiscreteCoast, EventItaly Systems May -- June 1, Sorrento May 30 - June 1, 2018. Sorrento Coast, Italy

ScienceDirect

IFAC PapersOnLine 51-7 (2018) 76–81

Centralized Centralized Fault Fault Detection Detection of of Complex Complex  Centralized Fault Detection of Complex Uncertain Hybrid Systems Centralized Fault Detection of Complex Uncertain Hybrid Systems Uncertain Hybrid Systems  Uncertain Hybrid SystemsKeliris, Constantinos Heracleous, Christodoulos

Constantinos Heracleous, Christodoulos Keliris, Constantinos Heracleous, Christodoulos Keliris, Christos G. Panayiotou, M. Polycarpou Constantinos Heracleous,Marios Christodoulos Keliris, Christos G. Panayiotou, Marios M. Polycarpou Constantinos Heracleous, Christodoulos Keliris, Christos G. Panayiotou, Marios M. Polycarpou Christos G. Panayiotou, Marios M. Polycarpou Christos G. Panayiotou, Marios M. Polycarpou KIOS Research and Innovation Center of Excellence (CoE), and and KIOS and Center of (CoE), KIOS Research Research and Innovation Innovation Center Engineering, of Excellence Excellence University (CoE), and andof Department of Electrical and Computer KIOS Research and Innovation Center of Excellence (CoE), Department of and Computer Engineering, KIOS Research andCyprus Innovation Center of Excellence University (CoE), andof Department of Electrical Electrical and(e-mail: Computer Engineering, University of Cyprus, Nicosia, [email protected]; Department of Electrical and Computer Engineering, University of Cyprus, Nicosia, Cyprus (e-mail: [email protected]; Department of Electrical and Computer Engineering, University of Cyprus, Nicosia, Cyprus (e-mail: [email protected]; [email protected]; [email protected]; [email protected]). Cyprus, Nicosia, Cyprus (e-mail: [email protected]; [email protected]; [email protected]; [email protected]). Cyprus, Nicosia, Cyprus (e-mail: [email protected]; [email protected]; [email protected]; [email protected]). [email protected]; [email protected]; [email protected]). [email protected]; [email protected]; [email protected]). Abstract: This paper presents a centralized fault detection scheme for hybrid systems with Abstract: This presents centralized fault detection for hybrid systems with Abstract:uncertain This paper paper presents aaadynamics centralized fault detection scheme scheme for hybrid systems witha nonlinear continuous and measurement noise. The scheme features Abstract: This paper presents centralized fault detection scheme for hybrid systems with nonlinear uncertain continuous dynamics and measurement noise. The scheme features Abstract: This paper presents a centralized fault detection scheme for hybrid systems withaaa nonlinearobserver uncertain continuous dynamics and measurement noise. The scheme features modular based on a modified hybrid automaton framework, that models each subsystem nonlinear uncertain continuous dynamics and measurement noise. The scheme features modular observer based on a modified hybrid automaton framework, that models each subsystem nonlinear uncertain continuous dynamics and measurement noise. The scheme a modular observer observer based on aasystem modified hybrid automaton framework, that models each features subsystem individually and the whole as aahybrid composition of these models. The fault detection scheme modular based on modified automaton framework, that models each subsystem individually and the whole system as composition of these models. The fault detection scheme modular observer based on a modified hybrid automaton framework, that models each subsystem individually and the whole system as a composition of these models. The fault detection scheme employs a filtering approach, that attenuates the effect of measurement noise and allows tighter individually and theapproach, whole system as a composition of these models. Thenoise faultand detection scheme employs filtering that attenuates the of allows tighter individually and theapproach, whole system as a composition of these models. Thenoise faultand detection employs aaa thresholds, filtering approach, that attenuates the effect effect of measurement measurement noise and allows scheme tighter detection and also an algorithm that handles autonomous mode transitions. As aa employs filtering that attenuates the effect of measurement allows tighter detection thresholds, and also an algorithm that handles autonomous mode transitions. As employs a thresholds, filtering approach, the effect of measurement noise and allows tighter detection thresholds, and also alsothat an attenuates algorithm that handles autonomous modeand transitions. Asno result, the proposed approach can detect both discrete and parametric faults guarantees detection and an algorithm that handles autonomous mode transitions. As aa result, the proposed approach can detect both discrete and parametric faults and guarantees no detection thresholds, and also an algorithm that handles autonomous mode transitions. As a result, the proposed approach can detect both discrete and parametric faults and guarantees no false alarms under all circumstances. Simulation results from a two-tank hybrid system example result, the proposed approach can detect both discrete and parametric faults and guarantees no false alarms under all circumstances. Simulation results from aa two-tank hybrid system example result, the proposed approach can detect both discrete and parametric faults and guarantees no false alarms under all circumstances. Simulation results from two-tank hybrid system example illustrate the effectiveness of the proposed scheme. false alarms under all circumstances. Simulation results from a two-tank hybrid system example illustrate the effectiveness of scheme. false alarms all circumstances. Simulation results from a two-tank hybrid system example illustrate theunder effectiveness of the the proposed proposed scheme. illustrate the effectiveness of the proposed scheme. © 2018, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. illustrate the effectiveness offault the proposed scheme. Keywords: Hybrid systems, detection, open hybrid automata, filtering, modeling Keywords: Hybrid systems, fault detection, open hybrid automata, filtering, modeling Keywords: Hybrid systems, fault detection, open hybrid automata, filtering, uncertainty. Keywords: Hybrid systems, fault detection, open hybrid automata, filtering, modeling modeling uncertainty. Keywords: Hybrid systems, fault detection, open hybrid automata, filtering, modeling uncertainty. uncertainty. uncertainty. 1. INTRODUCTION fault diagnosis subject to modeling uncertainty was not fault diagnosis subject to modeling uncertainty was not 1. INTRODUCTION 1. INTRODUCTION fault diagnosis subject to modeling uncertainty was not fully considered with very limited methods available (e.g., 1. INTRODUCTION fault considered diagnosis subject to limited modeling uncertainty was(e.g., not fully with very methods available INTRODUCTION diagnosis subject to limited modeling uncertainty was(e.g., not fully considered considered with very very limited methods available (e.g., Zhao et al. (2017)). fully with methods available Modern large-scale1. systems, such as power systems and fault Zhao et al. (2017)). Modern large-scale systems, such as power systems and fully considered with very limited methods available (e.g., Zhao et al. (2017)). Modern large-scale systems, such as power systems and Zhao et al. (2017)). water systems, are highly automated and complex sysModernsystems, large-scale such as power systems sysand The goal of this work is the development of a centralized water are systems, highly automated automated and complex complex et al. (2017)). The this work is of aa centralized Modern large-scale systems, suchasashybrid power systemssince and Zhao water systems, highly and systems which can are be characterized systems water systems, are highly automated and systems complex sysThe goal goal of of and this fault work detection is the the development development of deterministic centralized monitoring scheme for tems which can be characterized as hybrid since The goal of this work is the development of a centralized monitoring and fault detection scheme for deterministic water systems, are highly automated and complex systems which can be characterized as hybrid systems since they combine both continuous-time dynamics and discrete tems combine which can be continuous-time characterized asdynamics hybrid systems since The goal of and thiswith worknonlinear is the development of deterministic a centralized monitoring fault detection scheme for hybrid systems uncertain continuous time they both and discrete monitoring and fault detection scheme for deterministic tems combine which can be continuous-time characterized hybrid systems since systems with uncertain continuous time they both and discrete event dynamics (see Heracleous etasdynamics al. (2015, 2017)). Be- hybrid they combine both continuous-time dynamics and discrete monitoring andmeasurement faultnonlinear detection scheme for deterministic hybrid systems with nonlinear uncertain continuous time dynamics and noise. The proposed method event dynamics (see Heracleous et al. (2015, 2017)). Behybrid systems with nonlinear uncertain continuous time dynamics and measurement noise. The proposed method they combine both continuous-time dynamics and discrete event dynamics (see Heracleous et al. (2015, 2017)). Because of the hybrid nature of such complex engineering event dynamics (see nature Heracleous et al. (2015, 2017)). Be- hybrid systems with nonlinear uncertain continuous time dynamics and measurement noise. The proposed method features a modular observer, based on a modified open cause of the hybrid of such complex engineering dynamics and measurement noise. The proposed method features a modular observer, based on a modified open event dynamics (see monitoring Heracleous et al. (2015, 2017)). Be- dynamics cause of the nature of complex engineering systems, their online and fault diagnosis methcause of their the hybrid hybrid nature of such such complex engineering measurement The method featuresautomata a and modular observer,noise. based on proposed a modified modified open hybrid framework, and a fault detection scheme systems, online monitoring and fault diagnosis methfeatures a modular observer, based on a open automata framework, and aa fault scheme cause of their the hybrid nature of such complex systems, online and fault diagnosis methods must consider themonitoring interaction between the engineering continuous systems, their online monitoring and fault diagnosis meth- hybrid features a the modular observer, based on detection a modified open hybrid automata framework, and detection scheme that uses filtering approach by Keliris et al. (2015), ods must consider the interaction between the continuous hybrid automata framework, and a fault fault detection scheme that uses the filtering approach by Keliris et al. (2015), systems, their online monitoring and fault diagnosis methods must consider the interaction between the continuous time and the discrete event dynamics to be more effective, ods must consider the interaction between the continuous hybrid automata framework, and a fault detection scheme that uses the filtering approach by Keliris et al. (2015), which is extended in hybrid systems, along with an algotime and the discrete dynamics to be the more effective, that uses the filtering approach by Keliris et al.an (2015), is extended in hybrid systems, along with algoods must consider theevent interaction between continuous time and the discrete event to effective, making the whole task quitedynamics challenging. time andthe the discrete event dynamics to be be more more effective, which that uses the filtering approach by transitions. Keliris et al. (2015), which is extended in hybrid systems, along with an algorithm to handle autonomous mode The main making whole task quite challenging. which is extended in hybrid systems, along with an algorithm to handle autonomous mode transitions. The main time and the discrete event dynamics to be more effective, making the whole task quite challenging. making the whole task quite challenging. which is extended in hybrid systems, along with an algorithm to to handle handle autonomous mode transitions. The main contribution of the proposed method is that the fault rithm autonomous mode transitions. The main The earlier fault diagnosis methods for hybrid systems contribution of the proposed method is that the fault making the whole task quite challenging. The earlier fault diagnosis methods for hybrid systems rithm to handle autonomous mode transitions. The main contribution of the proposed method is that the fault detection scheme helps the observer to estimate effectively The earlier fault diagnosis methods hybrid systems of the proposed method is that the fault (e.g., Hofbaur and Williams (2004);for Narasimhan and contribution The earlier fault diagnosis methods for hybrid systems detection scheme helps the observer to estimate effectively (e.g., Hofbaur and Williams (2004); Narasimhan and contribution of the proposed method is that the fault detection scheme helps the observer to estimate effectively the system mode while it is capable of detecting both The earlier fault diagnosis methods for hybrid systems (e.g., Hofbaur and Williams (2004); and detection scheme helps the observer to estimate effectively Biswas (2007)) were mostly focused on Narasimhan either diagnosing (e.g., Hofbaur and Williams (2004); Narasimhan and the system mode while it is capable of detecting both Biswas (2007)) were mostly focused on either diagnosing detection scheme helps the observer to estimate effectively the system mode while it is capable of detecting both discrete and parametric faults without any false alarms (e.g., Hofbaur and Williams (2004); Narasimhan and Biswas (2007)) were mostly focused on either diagnosing the system mode while it is capable of detecting both faults in(2007)) the discrete-event dynamics part (i.e., discrete discrete and parametric faults without any false alarms Biswasin were mostly dynamics focused onpart either diagnosing faults the discrete-event (i.e., discrete the system mode while it is capable of detecting both discrete and parametric faults without any false alarms under all circumstances. Biswas (2007)) were mostly focused on either diagnosing faults in the discrete-event dynamics part (i.e., discrete discrete and parametric faults without any false alarms faults), or faults in the continuous-time dynamics part faults inorthe discrete-event dynamics partdynamics (i.e., discrete under all circumstances. faults), faults in the continuous-time part discrete and parametric faults without any false alarms under all circumstances. faultsparametric inor discrete-event dynamics partdynamics (i.e.,fordiscrete faults), faults in continuous-time part (i.e., faults), with various techniques trackfaults), orthe faults in the thewith continuous-time dynamics part under all circumstances. (i.e., parametric faults), various techniques for trackall circumstances. faults), or faults inwhich thewith continuous-time dynamics part under (i.e., parametric faults), various techniques for tracking the hybrid state is composed by both continuous 2. PROBLEM FORMULATION AND HYBRID (i.e., parametric faults), with various techniques for track2. PROBLEM FORMULATION AND HYBRID ing the hybrid state which is composed by both continuous (i.e., parametric faults), with various techniques for tracking the hybrid state which is composed by both continuous 2. PROBLEM FORMULATION AND HYBRID and discrete states. More recent fault diagnosis methods SYSTEMS MODELING ing the hybrid state which is composed by both continuous 2. PROBLEM FORMULATION AND HYBRID SYSTEMS MODELING and discrete states. More recent fault diagnosis methods ing the hybrid state which is composed by both continuous and discrete states. More recent fault diagnosis methods 2. PROBLEM FORMULATION AND SYSTEMS MODELING for hybrid systems are capable of diagnosing both discrete andhybrid discrete states.are More recent fault diagnosis methods SYSTEMS MODELING HYBRID for systems capable of diagnosing both discrete discrete states. More recent fault diagnosis for systems are capable of both discrete SYSTEMS MODELING and parametric faults. Some of these methods (e.g.,methods Bregon Consider a hybrid for hybrid hybrid systems are capable of diagnosing diagnosing discrete system S that consists of N subsystems and parametric faults. Some of these methods both (e.g., Bregon Consider aa hybrid system S that consists of N subsystems foral. hybrid systems are capable of diagnosing both and parametric faults. of these (e.g., Bregon et (2016); Zhou et Some al. (2015)) aremethods extensions ofdiscrete earlier A Consider hybrid system S that consists of N and parametric faults. Some of these methods (e.g., Bregon , I ∈ {1, . . . , N }. Each individual subsystem is modeled I , I ∈ {1, Consider a hybrid system S that consists of N subsystems subsystems et al. (2016); Zhou et al. (2015)) are extensions of earlier . . . , N }. Each individual subsystem is modeled A I and parametric faults. Some of these methods (e.g., Bregon et al. (2016); Zhou et al. (2015)) are extensions of earlier methods, while other proposed methods (e.g., Bayoudh Consider a hybrid system S that consists of N subsystems , I ∈ {1, . . . , N }. Each individual subsystem is modeled A et al. (2016); Zhou et al. (2015)) are extensions of earlier as open hybrid automaton (OHA), while the overall system I , I ∈ {1, . . . , N }. Each individual subsystem is modeled A Iopen hybrid automaton (OHA), while the overall methods, while other proposed methods (e.g., Bayoudh as system al. (2016); Zhou et al. (2015)) are extensions of earlier methods, while other proposed methods (e.g., Bayoudh et (2008); Levy et al. (2014)) integrate several tech,the I ∈composition {1, . . . ,automaton N }. Each individual subsystem is modeled A as hybrid (OHA), while the overall system methods, while other proposed methods (e.g., Bayoudh is of those automata that operate in Iopen as open hybrid automaton (OHA), while the overall system et al. (2008); Levy et al. (2014)) integrate several techis the composition of those automata that operate in methods, whileLevy other proposed (e.g., Bayoudh et al. (2008); et al. (2014)) integrate several techniques together to diagnose both methods discrete and parametric as open hybrid automaton (OHA), while the overall system is the composition of those automata that operate in et al. (2008); Levy et al. (2014)) integrate several techparallel and interact via shared variables. We will refer to is the composition of those automata that operate in niques together to diagnose both discrete and parametric parallel and interact via shared variables. We will refer to et al. (2008); Levy et al. (2014)) integrate several techniques together to diagnose both discrete and parametric faults. Althoughtoall above both methods are and innovative and is the composition of those automata that operate in parallel and interact via shared variables. We will refer to niques together diagnose discrete parametric the model for the overall system as a composition Open parallel andfor interact via shared variables. We will refer to faults. Although all above methods are innovative and the model the overall system as a composition Open niques together toall diagnose discrete parametric faults. Although above methods are innovative and provide interesting tools, theboth problem of and hybrid systems parallel andfor interact via shared variables. We willa refer to the model for the overall system as a composition Open faults. Although all above methods are innovative and Hybrid Automaton (cOHA). Fig. 1 illustrates simple the model the overall system as a composition Open provide interesting tools, problem of hybrid systems Automaton (cOHA). Fig. 11 aillustrates a simple faults. Although abovethe innovative and Hybrid provide interesting the problem of systems the model for the overall system as composition Open Hybrid Automaton (cOHA). Fig. a simple provide interestingalltools, tools, themethods problemare of hybrid hybrid systems example of aa cOHA composed of two OHAs that Hybrid Automaton (cOHA). Fig. 1 illustrates illustrates ainteract simple example of cOHA composed of two OHAs that interact  provide interesting tools, the problem of hybrid systems Hybrid Automaton (cOHA). Fig. 1 illustrates a simple example of a cOHA composed of two OHAs that interact This work has been supported by the European Union’s Horizon via shared variables, and include healthy and faulty modes.  This work has been supported by the European Union’s Horizon example ofvariables, a cOHA and composed ofhealthy two OHAs that interact via shared include and faulty modes.  2020 research andbeen innovation programme under grant agreement No This work has has been supported by the the European European Union’s Horizon  example ofvariables, a cOHA and composed ofhealthy two OHAs that interact via shared include and faulty modes. This work supported by Union’s Horizon via shared variables, and include healthy and faulty modes. 2020 research and innovation programme under grant agreement No Each OHA can be seen as an extension of a finite This 739551 (KIOS CoE) and from the Government of the Republic of 2020 research and innovation programme under grant agreement No work has been supported by the European Union’s Horizon via shared variables, and include healthy and faulty modes. Each OHA can be seen as an extension of a finite2020 research innovation programme under grant agreement 739551 (KIOSand CoE) and from the Government of the RepublicNo of Each OHA can be seen as an extension of a finitestate machine (FSM) that incorporates nonlinear uncerCyprus through the Directorate General for European Programmes, 739551 (KIOS CoE) and from from the Government of the the RepublicNo of Each OHA can be seen as an extension of a finite2020 research and innovation programme under grant agreement 739551 (KIOS CoE) and the Government of Republic of state machine (FSM) that incorporates nonlinear uncerCyprus through the Directorate General for European Programmes, Each OHA can be seen as an extension of a finitestate machine (FSM) that incorporates nonlinear uncerCoordination and Development. tain discrete-time difference and algebraic equations for Cyprus through the Directorate General for European Programmes, 739551 (KIOS CoE) and from the Government of the Republic of state discrete-time machine (FSM) that incorporates nonlinear uncerCyprus through the Directorate General for European Programmes, Coordination and Development. tain difference and algebraic equations for state machine (FSM) that incorporates nonlinear uncerCoordination and Development. tain discrete-time discrete-time difference and algebraic algebraic equations for Cyprus through the Directorate General for European Programmes, Coordination and Development. tain difference and equations for Coordination and Development. tain discrete-time difference and algebraic equations for 2405-8963 © © 2018 2018, IFAC (International Federation of Automatic Control) Copyright IFAC 76 Hosting by Elsevier Ltd. All rights reserved. Copyright 2018 IFAC 76 Control. Peer review© responsibility of International Federation of Automatic Copyright © under 2018 IFAC IFAC 76 Copyright © 2018 76 10.1016/j.ifacol.2018.06.282 Copyright © 2018 IFAC 76

IFAC WODES 2018 Heracleous et al. / IFAC PapersOnLine 51-7 (2018) 76–81 May 30 - June 1, 2018. Sorrento Coast, Constantinos Italy

healthy mode

m11

1

v1

1

u1 m12

parametric fault mode

1

z1 u2 u3

v2 z2

2

ga1

y1 y2

m21

2

v3 y3



fault event

autonomous guard event

gc1

the mapping functions Mu : {1, . . . , nIu } → {1, . . . , nu } 3 and My : {1, . . . , nIy } → {1, . . . , n}, respectively. η is mode-dependent nonlinear function that denotes the overall uncertainty of the system which acts to the continuous states x = x1 ∪ . . . ∪ xN , while v ∈ Rn denotes the measurement noise.

m22 controlled guard event 2

m23

77

discrete fault mode

The cOHA describes the continuous evolution of the whole system using the following set of mode-depended difference equations with time step k (t = Ts k) xk+1 =f (qk , xk , uk ) + η(qk , xk , uk , k) + φ(qk , xk , uk ), k = 0, 1, . . . yk =xk + vk (3) where q = {q1 , . . . , qN } is the system mode (as a collection of the subsystems modes qI ∈ QI ), and x = [x1 , . . . , xn ]T are the system continuous states aggregated from each subsystem AI and re-index using the mapping function Mx : {1, . . . , nIx } → {1, . . . , n}. f : Q × Rn × Rnu → Rn represents the mode-depended continuous time dynamics of the system, and η : Q × Rn × Rnu × N → Rn represents the overall mode-dependent uncertainty of the system dynamics. The term φ(qk , xk , uk ) denotes the parametric fault function which becomes nonzero only after a fault event in some subsystem AI is causing a transition to some parametric fault mode qIlI ∈ QIφ . Specifically, φ(q, x, u) belongs to the global finite set of parametric fault functions Φ = {φ1 (q1 , x, u), . . . , φNφ (qNφ , x, u)} that aggregates all the subsystems fault sets ΦI . The global index l and the subsystem index lI of a parametric fault function are related by the mapping function Mφ : {1, . . . , NφI } → {1, . . . , Nφ }, so that l = Mφ (lI ).

Fig. 1. Example of a cOHA composed of two OHAs. each mode, in order to capture the continuous time dynamic evolution of a subsystem. More specifically, based on Henzinger (1996) and Hofbaur and Williams (2004), we describe the OHA for the subsystem AI , I ∈ {1, . . . , N } as a tuple AI := sI , QI , wI , FI , ηI , ΦI , ΣI , γI , SI,0  (1)

where 1 :

– s = {q} ∪ x is the hybrid state, composed of the mode q ∈ Q and the continuous state variables x ∈ Rnx , – Q = {m1 , . . . , mnq } specifies the set of possible operation modes with disjoint subsets for: (a) healthy modes Qh ⊂ Q, (b) parametric fault modes Qφ ⊂ Q, and (c) discrete fault modes Qd ⊂ Q (see Fig. 1), – w = u ∪ z ∪ y is the set of I/O variables, that aggregates the inputs u ∈ Rnu , the shared variables z ∈ Rnz that will establish interconnections with other subsystems, and the outputs y ∈ Rny , – F : Q → FDE ∪ FAE specifies the continuous time dynamics evolution in terms of nonlinear discrete-time difference equations FDE (with sampling-period Ts ) and algebraic equations FAE , where both incorporate the effects of local uncertainty ηI , – Φ : Qφ → F specifies a set of parametric fault functions Φ = {φ1 (q 1 , x, z, u), . . . , φNφ (q Nφ , x, z, u)} where the l-th function describes the structure of the parametric fault at the l-th parametric fault mode q l ∈ Qφ , l ∈ {1, . . . , Nφ }, – Σ = G∪F is a set of events that consists of: (a) guard events G ⊂ Σ that trigger autonomous or control transitions 2 and, (b) fault events F ⊂ Σ that trigger unexpected transitions (see Fig. 1), – γ : Q × Σ → Q are the transition functions labeled by autonomous guard events ga ∈ G, controlled guard events gc ∈ G, or fault events ϕ ∈ F (see solid and dash arrows on OHAs in Fig. 1), – S0 denotes the initial hybrid state s0 = {q0 } ∪ x0 .

The objective is to design a centralized monitoring and fault detection scheme for the hybrid system S that will: (a) monitor the system by receiving the values of input variables u and the noisy measurement values of output variables y, and (b) detect the occurrence of a fault event ϕ ∈ F that can transition the system to some discrete or parametric fault mode, considering the presence of the modeling uncertainty η and measurement noise v. The following assumptions are used throughout this paper: Assumption 1. Only a single fault event can occur at some subsystem (multiple faults are not considered). Assumption 2. The continuous state variables x and the inputs u of the hybrid system S remain bounded before and after the occurrence of a fault event (well-posedness). Assumption 3. Each component of the overall modeling uncertainty η in (3) is an unstructured and possibly unknown nonlinear function of qk , xk , uk , and k, but is bounded by some known functional η¯i , i.e., |ηi (qk , xk , uk , k)| ≤ η¯i (qk , yk , uk , k) for all system modes qk = {q1,k , . . . , qN,k } and for all (yk , uk ) ∈ R, i = 1, . . . , n and k ∈ N.

The overall system S is modeled by the cOHA CA that specifies the parallel composition of the set of subsystems automata A := {A1 , . . . , AN } as a tuble CA := A, u, y, η, v (2)

where u = [u1 , . . . , unu ]T are the input variables and y = [y1 , . . . , yn ]T are output variables of the cOHA, aggregated from each subsystem AI to single vectors and re-index by

2.1 Two-tank system

1

The components of an OHA AI are denoted by sI , QI , wI , FI etc., but when there is no risk of ambiguity and for the sake of simplicity the subscripts will be omitted. 2 In this work an autonomous transition occurs when the guard event is triggered by the continuous states variables x, while a control transition occurs when the guard event is triggered by the inputs variables u.

To better illustrate the proposed monitoring and fault diagnosis scheme and derive simulation results we will 3

For example the cOHA of Fig.1 with two subsystems each with inputs u1 = {u1 } and u2 = {u1 , u2 } the inputs for the cOHA will Mu

be aggregated and re-index to u = u1 ∪ u2 −−→ [u1 , u2 , u3 ]T .

77

IFAC WODES 2018 78 30 - June 1, 2018. Sorrento Coast, Constantinos Heracleous et al. / IFAC PapersOnLine 51-7 (2018) 76–81 May Italy

Pump

X1max x1

z1 Tank 1

X1min

u

y1

x2

Tank 2 y2

Hybrid Automaton Observer

Valve u1 Leakage

System

z3

y





Fault Detection

Alarm

ga

Fig. 3. Hybrid system monitoring and fault detection scheme.

Fig. 2. Two tank system. use the two-tank system depicted in Fig. 2. The system consists of four subsystems: the pump, the valve, and the two tanks. There is only one input u1 to the system which prescribes the position of the valve (Open/Close), and two outputs y1 and y2 which are the measured values for the liquid levels states x1 of Tank 1 and x2 of Tank 2, respectively. In normal operation the pump, which is equipped with embedded sensor and controller, can automatically switch On—and provides the inflow z1 — when the liquid level x1 of Tank 1 reaches a minimum level X1min , and Off when x1 reaches a maximum level X1max , filling Tank 1 as necessary. The valve between the two tanks is controlled by an external controller through the input u1 = {0, 1} with the aim to keep the liquid level of Tank 2 to a pre-specified level Y2lev , so that the outflow remains steady.

To better explain how the hybrid automaton observer estimates the hybrid state, let us consider the two tank system and its resulting hybrid automaton observer depicted in Fig. 4. The observer consist of four OHAs AI , I = {1, . . . , 4}, that model the four subsystems (i.e., pump, valve, and two tanks). The OHAs have controlled and autonomous guard transitions between the modes, driven by the input values and continuous state estimation values, respectively. Also, there are two fault events: ϕ1 that transitions Tank 1 to the parametric leak fault mode, and ϕ2 that transitions the valve to the discrete stuck close fault mode. For all OHAs AI , I = {1, . . . , 4}, in the observer and their various modes qI ∈ QI , the discretetime difference equations FI are also shown in Fig. 4, where x1 and x2 are the continuous states for the liquid levels of Tank 1 and Tank 2, respectively, and z1 , z2 , z3 , z4 are the interconnection variables. A1 and A2 are the crosssection areas of Tank 1 and Tank 2, while cv , Av and cp , Ap denote the valve and outflow-pipe flow coefficients and cross-section areas, respectively. Also, g is the standard gravity coefficient and Ts the sampling step. Lastly, the parametric fault function 5 φ11 (x1,k ) denotes the leak fault in Tank 1 where ρ is the radius of the leak hole.

Although several faults can occur in this system, due to space constraint we will only consider one parametric fault and one discrete fault. The parametric fault is a leakage in Tank 1, where a circular hole of unknown radius ρ in the tank bottom causes a leak outflow. The discrete fault is a failure of the valve which is stuck in close position and is no longer able to refill Tank 2. Both faults are triggered by unexpected fault events.

Mode Estimation Each OHA AI in the hybrid automaton observer includes mode transition functions, i.e., qI,i = γI (σI , qI,j ) i = j, labeled by autonomous guard events σI = gaI ∈ GI , controlled guard events σI = gcI ∈ GI and fault events σI = ϕI ∈ ΦI . The observer estimates ˆ k at each time step k by trackthe mode of the system q ing the control guard events transition functions in each subsystem OHA, and by executing any autonomous guard events transitions that are triggered by the Fault Detection module and specifically the AGE algorithm which is described later on.

3. HYBRID SYSTEMS MONITORING AND FAULT DETECTION SCHEME Our proposed monitoring and fault detection scheme is depicted in Fig. 3 and consists of two parts, the Hybrid Automaton Observer and the Fault Detection module. The Hybrid Automaton Observer is responsible for estimating the hybrid state of the system using the input values and the noisy output measurements, while the fault detection module is used for detecting both discrete and parametric fault events and also for triggering the autonomous guard events in the hybrid observer. 3.1 Hybrid Automaton Observer The hybrid automaton observer in this work is essentially a cOHA (2), as described in Section 2 4 , which models the whole system as a composition of OHAs. Specifically, the hybrid automaton observer addresses the hybrid state estimation problem while the system is healthy Problem 1. (Hybrid state estimation). Given the initial hybrid state s0 and the values for inputs uk and outputs yk ˆk ∪ x ˆ k at of the system, estimate the hybrid state ˆsk = q ˆ k = {ˆ each time step k where q q1,k , . . . , qˆN,k } with each qˆI,k ∈ QIh , I = {1, . . . , N }. 4

The cOHA and OHAs for the hybrid automaton observer don’t include any uncertainty η.

78

Continuous States Estimation The hybrid automaton observer estimates the continuous states when the system is healthy using the following estimation model ˆ k+1 = f (ˆ qk , yk , uk ) (4) x where yk = xk + vk (see (3)), and f is determined by symbolically solving 6 the equations from the OHAs ˆ k . For example, based on the estimated system mode q in the two-tank system observer if the estimated mode ˆ k = [m12 , m21 , m31 , m41 ]T , then the at time step k is q ˆ k are given by discretized continuous dynamics for mode q symbolically solving the following equations from Fig. 4 F (ˆ qk ) = F1 (m12 ) ∪ F2 (m21 ) ∪ F3 (m32 ) ∪ F4 (m41 ) (5) 5 The leak fault function is not necessary for the observer and the detection but is included here for readability purposes. 6 In this work for symbolic computations we utilize Matlab’s Symbolic Math Toolbox.

IFAC WODES 2018 Heracleous et al. / IFAC PapersOnLine 51-7 (2018) 76–81 May 30 - June 1, 2018. Sorrento Coast, Constantinos Italy

F2 ( m 21 ) { x1, k 1  x1, k 

Ts A1

( z1, k  z3, k ), z x1, k } 2, k

Ts A1

( z1, k  z3, k )  1 ( m23 , x1, k )

Healthy (m21 )

 F2 ( m22 ) { x1, k 1  0, z 2, k x1, k } F2 ( m23  ) { x1, k 1 x1, k + z2, k

1

1

x 1, k } where 1 ( m23 , x1, k )

Off (m11 )

ga1 ga2

Ts A1

1

 2 2 gx1, k

On (m12 )

u1 y1

1

z1, k 0  F1 ( m12 )  z1, k 0.2  cos  0.1  kTs   0.65 F1 ( m  11 )

ga3 ga4

Leak (m23 )

qˆ1

1

Pump

Open (m31 )

Drained (m22 )

2

ga3

2 qˆ2

z1

2

qˆ3 z2

3

Tank 1

Valve

y2 ga

u1  0 u1  1 Stuck Close (m33)

Close (m32 )

3

qˆ4 z3

79

F3 (m z3, k cv Avsign( z2, k  z4, k ) 31 ) { F3 (m z3, k 0} 32 ) { F3 (m z3, k 0} 33 ) { qˆ xˆ1

4

Tank 2

xˆ2

z4

Healthy (m41 )

2 g | z2, k  z4, k |}

ga5 ga6

F4 (m41 )  {x2, k 1  x2, k 



Drained (m42 )

Ts A2

4

( z3, k 

c p Ap 2 gx2, k ), z4, k  x2, k }  F4 ( m42 ) {x z4, k x2, k } 2, k 1 0,

Fig. 4. The Hybrid Automaton Observer for the two-tank system. which results by also replacing xi,k with yi,k   Ts y1,k + A (0.2 · cos(0.1 · kT s) + 0.65) 1  f (ˆ q k , yk , uk ) = Ts y2,k − A cp Ap 2gy2,k 2

Using Z-transform’s time-shift property, i.e., z[xk ] = xk+1 + z[x0 · δ(k)], where δ(k) is the discrete delta function, and (3) under fault-free operation (i.e., q ∈ Qh and φ(·) = 0), (8) becomes   wk = Hp (z) xk+1 + z[x0 · δ(k)] + vF,k   = Hp (z) f (qk , xk , uk ) + η(qk , xk , uk , k) + h(k)x0 + vF,k (9) By also filtering the observer’s continuous state estimate ˆ 0 = y0 ˆ k , which is given by (4), with initial condition x x we obtain the filtered continuous state estimate ˆ k = H(z)[ˆ xk ] (10) w Using the filtered output wk and the filtered continuous ˆ k we define the residual error as: state estimate w ˆk (11) r k  wk − w This residual constitutes the basis of the fault detection scheme and it is readily computable from equations (7), (4) and (10). A discrete or parametric fault event in the hybrid system is said to be detectable (i.e. a detection ¯ i,k , for at least one decision can be made) when |ri,k | > R ¯ component i, where Ri,k is the detection threshold (to be specified later on).

3.2 Fault Detection

The Fault Detection scheme combines, the filtering approach proposed by Keliris et al. (2015) that dampens the effect of measurement noise and allows the derivation of tighter thresholds, with the Autonomous Guard Events (AGE) algorithm that anticipates the occurrence of autonomous guard events and adjust the detection threshold accordingly to avoid any false alarms, while at the same time it triggers autonomous guard events in the Hybrid Automaton Observer. Filtering Approach To dampen the effect of measurement noise vk , each measured output variable yi , i = 1, . . . , n is filtered by H(z), where H(z) is a p-th order, asymptotically stable filter with proper transfer function as described in Keliris et al. (2015). In general, each yi can be filtered by a different filter but in this paper, without loss of generality and to simplify the presentation, we consider the same H(z) for all the output variables.

Detection Threshold To derive a suitable detection threshold we consider, in the absence of any fault events, the maximum effect of the uncertainty on the residual signal, and that there are no mode mismatches because of ˆ k = qk . Using a similar autonomous guards events, i.e., q ˆ satisfies: procedure as in the derivation of (9), w   k ˆ k = Hp (z) f (ˆ qk , yk , uk ) + h(k)y0 . (12) w

Based on H(z) we can define the filter Hp (z) = z −1 H(z) where Hp (z) is also asymptotically stable since it comprises of the same poles as H(z) with an additional pole at z = 0 (inside |z| = 1). Since the filters H(z) and Hp (z) (with impulse responses h(t) and hp (t), respectively) are asymptotically stable, they are also BIBO stable. Therefore, for bounded measurement noise vk , the filtered measurement noise vF,k  H(z) [vk ] is bounded as follows: (6) |vF i,k | ≤ ¯vF i,k i = 1, 2, . . . , n, where ¯vF i are computable bounding functions. The filter H(z) is selected based on noise characteristics with purpose to reduce the bounding function ¯vF i . Residual Signal Generation To generate the residual error we first filter the system’s output and the observer’s continuous state estimate. Specifically, by filtering the output signal yk we obtain the filtered output wk : (7) wk = H(z) [yk ] = H(z) [xk + vk ] and using vF,k = H(z) [vk ] and H(z) = zHp (z) we obtain:   wk = Hp (z) z[xk ] + vF,k (8)

Prior to a fault event (k < kf ), the residual error can be written using equations (9), (12) and (11) as 7 : ˆ k , k) + η(qk , k)] + vF,k − h(k)v0 rk = Hp (z)[∆f (qk , q (13) ˆ k , k) is the mismatch function given by: where ∆f (qk , q ˆ k , k)  f (qk , xk , uk ) − f (ˆ ∆f (qk , q qk , yk , uk ) (14) By taking the absolute value of (13) element-wise and using the triangle inequality we obtain:

7

ˆ k , k)]| + |Hp (z)[ηi (qk , k)]| |ri,k | ≤ |Hp (z)[∆fi (qk , q + |vF i,k | + |h(k)vi,0 |

In the rest of the paper, when there is no risk of ambiguity and for the sake of simplicity, we will use a compact notation like η(qk , k) ≡ η(qk , xk , uk , k)

79

IFAC WODES 2018 80 30 - June 1, 2018. Sorrento Coast, Constantinos Heracleous et al. / IFAC PapersOnLine 51-7 (2018) 76–81 May Italy

Table 1. AGE Matrix for the pump of the twotank system observer in Fig. 4.

To derive a suitable threshold for |ri,k | stated above, we make the following assumption: Assumption 4. The filtered mismatch function is bounded as follows: ¯ i (ˆ ˆ k , k)]| ≤ ∆f qk , k), i = 1, 2, . . . , n (15) |Hp (z)[∆fi (qk , q ¯ where ∆fi (ˆ qk , k) is a computable bounding function.

Autonomous Guard Event ga1 ga2

Condition w ˆ1 ≤ X1min + δ w ˆ1 ≥ X1max − δ

Transition Mode qI∗ m12 m11

residual affected r1 r1

¯ i (ˆ ˆ ∗ is the expected mode after gaj occurs, ∆f where q q∗k , k) ∗ is the mismatch bounding function for qk based on Assumption 4, and the uncertainty bound η¯i∗ is given by:   qk , k), η¯i (ˆ q∗k , k) . η¯i∗  max η¯i (ˆ

Assumption 4 is based on the fact that filtering dampens the measurement noise from the mismatch function ¯ i can be made ˆ k , k). A suitable selection of ∆f ∆fi (qk , q through the use of simulations (i.e. Monte Carlo methods) by filtering the mismatch function in all the healthy operation modes using the known nominal function dynamics and the available noise characteristics.

When an autonomous guard event is expected, AGE forces the fault detection scheme to use the threshold given by ¯ i,k = r¯∗ , which guarantees no false alarms (17), i.e., R i,k because of a mode mismatch due to autonomous mode transitions. At the same time, AGE waits for the residual signal ri,k that is affected by gaj to cross its corresponding threshold given by (16), i.e., ri,k > r¯i,k for at least one component i affected. Once this occurs, AGE will trigger the autonomous guard event gaj in the observer and then switch back the fault detection scheme to the regular ¯ i,k = r¯i,k after K time steps. threshold, i.e., R

Therefore, owing to Assumptions 3 and 4 and also recalling (6), we can derive the following detection threshold:   ¯ i (ˆ ¯ p (z) η¯i (ˆ qk , k)+ H qk , k) +¯vF i,k +¯vi |h(k)| (16) r¯i,k = ∆f ¯ p (t) that ¯ p (z) 8 is a filter with impulse response h where H ¯ p (t) ≥ |hp (t)|, and ¯vi is a bounding estimate of satisfies h vi,0 , i.e. ¯vi ≥ |vi,0 |. The threshold given in (16) guarantees no false alarms in the case there is no mode mismatch, i.e. ¯ i,k = r¯i,k qˆk = qk , and therefore the detection threshold R is used most of the time. However, to guarantee no false alarms in the case of mode mismatch, a new detection ¯ i,k = r¯∗ is set for a brief period of time threshold R i,k when an autonomous guard event is expected to occur. The following part addresses the calculation of the new ∗ by the Autonomous Guard Events (AGE) threshold r¯i,k Algorithm.

AGE algorithm will execute the above procedure every time an autonomous guard event is expected in order to avoid false alarms due to mode mismatches, and also to successfully trigger the autonomous guard event in the observer. 4. SIMULATION RESULTS

Autonomous Guard Events (AGE) Algorithm Because of modelling uncertainty and measurement noise the esˆ cannot be used to timated values of continuous states x trigger autonomous guard events in the observer since it is possible to force a transition to a new mode earlier or later than the system, or worse lose the mode transition altogether, which can cause false alarms. To address this issue the AGE Algorithm is developed, which can anticipate autonomous guard events and adjust the detection threshold to avoid false alarms due to mode mismatches, Moreover, AGE algorithm also triggers autonomous guard events successfully in the observer based the detection threshold r¯i,k in (16).

In this section we present the effectiveness of the proposed approach with simulation results from the two-tank system in Fig. 2. The model for the actual system as well as the hybrid automaton observer and the fault detection scheme where implemented in Matlab’s Simulink. For the simulation of the hybrid automaton observer (see Fig. 4) we use the following nominal parameter values: A1 =A2 =1.5m, cv =cp =0.7, Av =Ap =0.05m2 , g=9.81 sm2 , Ts =0.001s, X1min =6.5m, X1max =9m, Y2lev =3 ± 0.25m. For the simulation of the actual system, however, we introduce modeling uncertainty by adding inaccuracy to some of the above parameters values as follows: 5% in A1 and A2 , 20% in Av and Ap and 30% in cv and cp .

Specifically, AGE is able to foresee which autonomous guard events are possible to occur in the observer using the AGE Matrix, that stores for each autonomous guard event gaj , j = 1, . . . , nga , the triggering condition, the transition mode, and the affected residual (e.g., see AGE Matrix in Table 1 9 for the pump of the two-tank system observer). ˆ k and The algorithm using the filtered state estimates w AGE Matrix detects when an autonomous guard event gaj is close to be triggered and calculates new detection ∗ thresholds r¯i,k for all the residuals ri,k affected as follows:   ∗ ¯ ¯ p (z) η¯∗ + ¯vF i,k + ¯vi |h(k)| (17) q∗k , k) + H r¯i,k = ∆fi (ˆ i

After suitable offline simulations with measurement noise ¯ = [0.05, 0.05] m the filter H(z) was sebounded by v lected as a 5th order Butterworth IIR low-pass filter with normalised cut-off frequency 0.2 (i.e., butter command in 0.5 ¯ p (z) = MATLAB), while the filter H 1−0.9z −1 . Using the aforementioned filter H(z) the bounds on the filtered noise ¯ i (ˆ are found through simulations as ¯vF i = 6e−8 , ∆f q) = ¯ i (ˆ 1e−7 and ∆f q∗ ) = 6e−4 for i = 1, 2 and q ∈ Qh . The bound on the uncertainty function in all system modes is calculated by η¯i (qk , k) = |fi (qk , k, pmax )−fi (qk , k, pnom )|, i = 1, 2, where pmax denote the model parameters values with maximum uncertainty and pnom the model parameters values with nominal values. Also, after suitable simulations the parameters for AGE algorithm were set as δ = 0.005 and K = 50. In all simulations results that follow the system’s initial hybrid state was set to q0 = [m11 , m21 , m31 , m41 ]T and x0 = [8, 3]T m.

¯ p (z) are thoroughly disMethods for selecting a suitable filter H cussed in Keliris et al. (2015). 9 Where the value of δ makes sure that the algorithm will detect the autonomous guard events before they can occur in the system, and can be determine through the use of simulations. 8

80

IFAC WODES 2018 May 30 - June 1, 2018. Sorrento Coast,Constantinos Heracleous et al. / IFAC PapersOnLine 51-7 (2018) 76–81 Italy

Pump mode with AGE 0.006s

0.006s

17.735 17.74

11.685 11.69

m 11

[m]

0

11.6 11.7 11.8

17.74

17.8

49.4

40.6 40.7 40.8

10-4

2 1

0

10

20

30

40

50

t [s]

60

70

0

80

90

59.8

60 60.2

100

Fig. 7. Detection of the discrete fault in the valve. 0

10

20

30

40

t [s]

50

60

suppress the measurement noise and allows tighter thresholds, along with AGE algorithm that handles the effects of autonomous mode transitions. As a result, the proposed approach can handle autonomous mode transition and detect both discrete and parametric faults while avoiding false alarms, as shown analytically. In the future we plan to include the capability of fault isolation in the scheme and also relax the single fault assumption.

Fig. 5. Autonomous mode transitions in the Pump using AGE algorithm and the effect in fault detection scheme. Fig. 5 presents the results from a healthy run demonstrating the effectiveness of AGE Algorithm. Specifically, at the top plot the pump mode is shown where AGE algorithm is used to trigger the autonomous guard events, while at the bottom plot the affected fault detection component is shown where AGE algorithm adjust the detection threshold accordingly. As can be seen, the AGE algorithm prevents any false alarms due to autonomous mode transitions in the pump, while at the same time triggers successfully the autonomous guard events in the pump with delay only 0.006 − 0.009s. Without AGE algorithm for the same simulation run (results are not shown due to space constraint) the observer switches mode with larger delay 0.1 − 0.24s, while false alarms are issued by the fault detection scheme due to mode mismatches.

REFERENCES Bayoudh, M., Trav-Massuys, L., and Olive, X. (2008). Hybrid systems diagnosis by coupling continuous and discrete event techniques. IFAC Proc. Vol., 41(2), 7265– 7270. Bregon, A., Alonso-Gonzlez, C.J., and Pulido, B. (2016). Faster and more accurate FDI for hybrid systems using hybrid possible conflicts. In 3rd Conference on Control and Fault-Tolerant Systems (SysTol), 499–504. Henzinger, T.A. (1996). The theory of hybrid automata. In Proc. 11th Ann. IEEE Symp. on Logic in Computer Science, 278–292. Heracleous, C., Panayiotou, C.G., Polycarpou, M.M., and Ellinas, G. (2015). Modeling interdependent critical infrastructures using open hybrid automata. In 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 671–676. Heracleous, C., Kolios, P., Panayiotou, C.G., Ellinas, G., and Polycarpou, M.M. (2017). Hybrid systems modeling for critical infrastructures interdependency analysis. Reliability Engineering & System Safety, 165, 89 – 101. Hofbaur, M.W. and Williams, B.C. (2004). Hybrid estimation of complex systems. IEEE Trans. on Systems, Man, and Cybernetics, Part B, 34(5), 2178–2191. Keliris, C., Polycarpou, M.M., and Parisini, T. (2015). Distributed fault diagnosis for process and sensor faults in a class of interconnected input-output nonlinear discretetime systems. Int. Journal of Control, 88(8), 1472–1489. Levy, R., Arogeti, S.A., and Wang, D. (2014). An integrated approach to mode tracking and diagnosis of hybrid systems. IEEE Trans. on Industrial Electronics, 61(4), 2024–2040. Narasimhan, S. and Biswas, G. (2007). Model-based diagnosis of hybrid systems. IEEE Trans. on Syst., Man, and Cybern. - Part A: Sys. and Humans, 37(3), 348–361. Zhao, S., Huang, B., and Liu, F. (2017). Detection and diagnosis of multiple faults with uncertain modeling parameters. IEEE Trans. on Control Systems Technology, 25(5), 1873–1881. Zhou, G., Biswas, G., and Feng, W. (2015). A comprehensive diagnosis of hybrid systems for discrete and parametric faults using hybrid i/o automata. IFACPapersOnLine, 48(21), 143–149.

Fig. 6 presents the results after the parametric leak fault in Tank 1 was introduced at t = 60s with leak hole radius ρ = 0.15 m. As can been seen the residual at Fault detection comp #1 crosses the detection threshold and successfully detects the parametric fault at t = 60.006s. 10

1

FD comp #1

-3

Leak Fault Detection t=60.006s

0.8

[m]

3

FD comp #1 with AGE

10-3

0.5

0.6 1

0.4 0.2 0

Valve Fault Detection t=60.007s

1

1

0

FD comp #2

-4

2

49.372 49.38

40.7

10

3

0.009s

0.007s

[m]

m 12

81

10

-3

0.5

0

10

20

30

40

50

t [s]

60

0 70 58

80 60

90

100

Fig. 6. Detection of the parametric leak fault in Tank 1. Finally, Fig. 7 presents the results after the discrete fault in the valve was introduced at t = 60s. As can been seen the Fault detection comp #2 crosses the detection threshold and successfully detects the discrete fault at t = 60.007s. 5. CONCLUSIONS In this work we propose an online monitoring and fault detection scheme for hybrid systems with nonlinear uncertain continuous time dynamics and measurement noise. The proposed approach features a hybrid automaton observer that models each subsystem individually and the whole system as a composition of these models, making it attractive for large-scale complex hybrid systems. The fault detection scheme combines a filtering approach that 81