- Email: [email protected]
Formal Models of the Scenario-indicator Approach in the Study of Security Problems in Railway Transport
7th IFAC Conference on Manufacturing Modelling, Management, and Control International Federation of Automatic Control June 19-21, 2013. Saint Petersburg, Russia
Formal Models of the Scenario-indicator Approach in the Study of Security Problems in Railway Transport V. Kulba, D. Somov, A. Somov V.A. Trapeznikov Institute of Control Sciences, Moscow, Russia (Tel: +7-495-334-89-59, e-mail: [email protected], [email protected])
Abstract: The article considers a set of models of the scenario-indicator approach, including the graph model of the disturbance distribution in a complex technical system (CTS) and the scenario model of an influence of internal factors on parameters of the environment. The problem of optimizing the placement of indicators in CTS is formalized. Keywords: Survivability, Resistance and safety of complex technical systems, Scenario-indicator approach, Relationship graph, Time relationship matrix, Security problems 1. INTRODUCTION The present level of development of railway transportation system, including technical system and facilities engaged in it, requires special attention to its functioning as well as to reducing the risks possible in the influence of technical systems on their environment. This paper proposes a formal model of a scenario-indicator approach, which is the union of the methods of scenario analysis of the external environment and the indicator approach to monitoring of a technical system. The scenario-indicator approach uses the modified model of disturbances distribution in a system (Miktin et al., 2010) for the modeling of technical systems and the scenario model (Shultz et al., 2012) to model its environment. To simulate the impact of a technical system to its environment we developed the methods to combine the two models. Let us consider the modified model of disturbance distribution in a technical system. It is a graph model. The graph used in the model is called the relationship graph. The verticals of the graph correspond to the elements of the system model. The arcs of the graph correspond to the paths of disturbances propagation in the system. Each arc of the graph is associated with the time needed to disturbance to spread from the element in the beginning of the arc to the element in its end. These times build the time relationship matrix M t . 2. DEFINITIONS At each moment each element of the model can posses a value 0 or 1. The value one corresponds to an activated condition (the disturbance has already reached the element), and the value zero to an inactivated condition of the element. The condition of the element ai at time t will be denoted by ai (t ) , and for A (t ) will stay the row vector
978-3-902823-35-9/2013 © IFAC
(a1 (t ), a2 (t ),..., an (t )) of the conditions of the elements of the system. Among the elements of the system we identify the subsets of sources of disturbances and critical elements. The set of disturbances sources A ⊇ D = d1 , d 2 ,..., d nD , where
{
}
nD – is their number, consists of the model, from which the disturbance may begin to spread through the system as the result of some internal or external threat. Another part of the model is a subset of critical elements A ⊇ C = c1 , c2 ,..., cnC ,
{
}
nC is the number of critical elements. When disturbance reaches one or several critical elements we consume the system fails.
We call the time distances matrix N t the square matrix sized n × n , indexed by the elements of the model by the both axes. The matrix cell of the N t matrix in the position
(i, j ), i, j ∈1, n
holds the time distance between the elements
ai and a j of the relationship graph. If there is no path from the element ai to the element a j on the graph, the matrix cell holds the infinity value ∞ . The time distances matrix is the result of applying the FloydWarshall algorithm to the time relationship matrix. 3. CALCULATION OF THE ORDER OF ELEMENTS ACTIVATION OF THE SYSTEM Using the time distances matrix it is easy to calculate the order of elements activation of the system basing on the order of disturbance sources activation:
(
)
A tiA = min t Dj + N t( j ,i ) , where ti – the element number i of 1≤ j ≤ n
the row vector of order of model elements activation, t Dj – the element number j of the row vector of the order of disturbance sources activation, Nt( j ,i ) – is the element of the
1879
10.3182/20130619-3-RU-3018.00316
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
time distances matrix placed on the cross of the row number j and the column number i of the matrix. To ensure an efficient, accurate and timely monitoring of state and functioning of a technical system it is proposed to allocate the special elements in the structure of the system as indicators. The information on the status of these items will be available to the system operator (or to an automated control system). The indicators are placed in the system in a way to minimize the information load on the operator, while maintaining the effectiveness of the information transmitted to the operator in the case of internal and external threats and negative situations developing in the system. To do this, we put a formal multi-criteria optimization problem of placement of the indicators in the technical system. The indicator set will be denoted as I = i1 , i2 ,..., inI ,
{
}
( )
ITBef =
{
( )}
is
I
the
precedence
Similarly the concepts of indicator covers and indicator cover sets of time t are introduced for elements of the model reached from the indicators in time no more than t:
1)
3)
4)
5)
6)
We introduce the concepts of generic precedence and consequence indicator covers:
{
1
2
nI
( )} I
–
{
is
the
}
7)
generic
of times of the precedence sets (unlike previous definitions here all the indicators can meet their time).
{
( )}
consequence cover.
I
j
I = n I ≤ N I – the number of indicators must be limited to lower the information load on the operator (or ACS) of the system;
– generic indicator
–
(
)
⎞ ⎛ min ⎜ max dis t (d , k ) − dis t (d , i ) ⎟ → max – criteria I Aft ( d ) ⎠ ⎝ I of maximization of time from the moment of disturbance detection by an indicator to the moment of disturbance reach a critical element (time given to the operator reaction); d∈D ,k∈K i∈I
I Aft → max – the indicator consequence sets must I
I Bef → max – the indicator precedence sets must cover I
( ( ))
min D ITAft → min
T :ITAft = I Aft
I
–
the
diameter
of
the
( ( ))
min D ITBef → min – the diameter of the precedence
T :ITBef = I Bef
I
cover must be minimal, to provide the accuracy of judging the reasons of the current situation of the system, basing on the indicators conditions.
indicator precedence cover, where T = t1 , t2 ,..., tnI is the set
ITAft = Aftt1 (i1 ), Aftt2 (i2 ),..., Afttn inI
tj
j ≤nI
consequence cover must be minimal, to provide the accuracy of judging the consequences of the current situation of the system, basing on the indicators conditions;
j
j ≤ nI
ITBef = Beft (i1 ), Beft (i2 ),..., Beft in
U Aft (i ) .
the maximum number of elements of the model;
U Aft (i ) – consequence indicator cover set of time t. t
I TAft =
cover the maximum number of elements of the model;
cover of time t,
I tAft =
j
indicators must cover all threats known at the design stage;
– consequence indicator
I
tj
Below is set the multicriteria optimization problem of indicator placement in a technical system. It is required to find such subset of the model elements (the set of indicators), so that the following constraints and optimization criteria are fulfilled:
()
j ≤nI
( )}
– is the diameter of the generic
2) ∀d ∈ D : Aft(d )I K ≠ ∅ ∃i ∈ I : i ∈ Afts (d )
The precedence indicator cover set of time t is the unification of all the sets from the precedence indicator cover of time t: I tBef = U Beft i j .
{
( )
5. MULTICRITERIA OPTIMIZATION PROBLEM
indicator cover of time t, where Bef t (i ) is the precedence set of time t of the indicator i that is the subset of all the elements of the model, from which the indicator i can be reached in time no more, than t.
I tAft = Aftt (i1 ), Aftt (i2 ),..., Aftt in
U Bef (i ) , j ≤nI
We introduce a number of terms used in the formal statement of the problem of placing the indicators:
I tBef = Beft (i1 ), Beft (i2 ),..., Beft in
j ≤ nI
precedence or consequence indicator cover. We call the generic precedence indicator cover set the unification of all the subsets of the generic precedence indicator cover. Similarly for the generic consequence indicator cover set:
where n I is a number of indicators. 4. STATEMENT OF THE PROBLEM OF PLACING THE INDICATORS
( )
D I TBef = D I TAft = max t j
6. INDICATOR APPROACH TO SCENARIO MODEL DESIGN In the indicator approach we suggest exact polynomial of low degree algorithms to check constraints and calculate objective functions for optimization criteria. The set of polynomial inexact and heuristic algorithms are proposed for finding a solution of the problem taking into account the expertise of
1880
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
the decision maker (DM). The proposed algorithms can consistently optimize the solution according to the criteria selected by the DM, with the defined restriction. The feature of the proposed solution is its flexibility to adapt the optimization problem for a given system, modifying, adding or eliminating certain criteria for the optimal placement of the indicators. The algorithms for finding the optimal solution can easily be adapted to the new task in the case of changing the set of criteria. The scenario model of environment is also a graph model. The base of the model is an orientated graph G ( X , E ) , where X – is the set of its verticals, and E – is the set of its arcs. The number of elements we denote as N X = X . Like in the model of disturbances distribution, elements of the environments are matched to the verticals of the graph. The arcs of the graph reflect the interactions between the elements. Each vertical has a parameter (that can be a vector
) { (
(
)
}
inf p k1 , k 2 ,..., k N K , t = inf pi k1 , k 2 ,..., k N K , t , i = 1,2,..., n – row vector,
(
) { (
)
}
inf (i ) k1 , k 2 ,..., k N , t = inf pi k1 , k2 ,..., k N , t , p = 1,2,..., P column vector. K
K
–
For a complete description of the various influences of the system on its external system it is need to determine the effect of various combinations of states of the critical elements. In the case of large systems with a large number of critical elements, this is a difficult task in because of great number of combinations of states of the critical elements ( 2 N ). K
set of parameters: V = v (i ) 1 ≤ i ≤ N X .
As part of a scenario-indicator approach to improve safety of railway transport a number of algorithms that can partially automate the process of determining the effects of different combinations of activated critical elements is offered. In the process of automatically determining the effect an assumption of independence effects of the critical elements is stated:
The impulse distribution equation is set in the model:
inf (i ) k1 , k 2 ,..., k N , t =
{
}
parameter) v (i ) = v (pi ) , p = 1,2,..., P . These parameters form a
{
}
(
∑ Fij( p ) (ϑ (t − 1))OI (pi ) (t − 1) + OI (pi,0) (t ) .
OI (pi ) (t ) =
∑ inf (i ) (0,0,..., k j ,...,0, t ) .
j =1,..., N K
{
Here, F (ϑ(t − 1)) – is a matrix that defines an impulse transfer at the moment t − 1 . ( p)
We say that at the moment t on the operator graph G ( X , E , ζ ) on the parameter p an impulse process
}
Im p (t , k ) = OI p,0 (τ ) (τ =t ,t +1,...,t +k ) is set, if vectors OI p , 0 (τ ) are
set for each τ = t , t + 1,..., t + k . The impulse propagation process can be seen as a process of converting the parameters of the verticals of an operator graph with the transition operator as follows:
ζ ( p ) (F ( p ) (ϑ (t − 1)), v p (t − 1)) = Fp (ϑ (t − 1))v p (t − 1) + OI p(i ,0 ) (t ) . A determinate step by step scenario R at the time t by the parameter p, for the previously set k-step impulse process Im p (t , k ) on the operator graph G ( X , E , ζ ) is the sequence of expert significant events (ESE) of the kind:
{
)
Let the task of optimal indicator placement in the base system is solved in according to optimal indicator placement criteria stated above. Let I = i1, i2 ,..., inI – is the resulting set of
1≤ j ≤ n, j ≠i
{
K
}
V p (t , k ) = v (pi ) (τ ) (τ =t ,t +1,...,t + k ) .
Let us consider the interaction of the technical system and the environment. The threats, implemented in the process of the system functioning, generate the beginning of disturbance distribution in the system. The system is not considered to be of a failed for as long as the disturbance does not reach one or more critical elements. In this case an effect on the environment can be represented by elements of the outside system, or the parameters:
}
indicators. Let us consider an approach for predicting the effect of the technical system on the environment based on the indicator values in a specific time or during the period of negative situation spreading in the system. Each of disturbance sources d is matched with the time of initial indication ti (d ) . That is the time needed by the disturbance to reach the first indicator from the moment of an activation of the disturbance source d : ti (d ) = min
(dist (d , j )) .
j∈I I Aft (d )
Suppose that and indicator i1 was activated at the time t0 . Let us consider all the disturbance sources in the precedence set Bef (i1 ) of the indicator i1 . Let us call the set of possible reasons DBef (i1 ) of activation of indicator i1 the subset of disturbances sources, that lay in the precedence set of activated indicator, time of initial activation of which is no bigger than the time distance to this indicator: DBef (i1 ) = {d ∈ D I Bef (i1 ) ti (d ) ≥ dist (d , i1 )} .
The set of possible reasons if an indicator is the set of disturbances sources for which this indicator is activated first in case of their activation.
1881
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
The set DBef (i1 ) can contain multiple sources of disturbance, all of which (or more) could be a source of disturbance that triggered the indicator. However, during forecasting the development of negative situations in order to create strategies to get out of them or to reduce their impact, it is useful to consider the pessimistic version of the situation from all possible with this fragment of information available (on the status indicators). Therefore, in the worst case the times of disturbances sources t Dj , j = 1,2,..., N D activation will take the form: ⎧⎪∞ d j ∉ DBef (i1 ), t Dj = ⎨ . ⎪⎩t0 − dist d j , i1 d j ∈ DBef (i1 )
(
)
The order of disturbances activation will be written as t D = t1D , t 2D ,..., t ND .
(
D
)
In this case, it is possible to predict the order of activation of the critical elements, calculating the order of activation of all other system components (including critical) by the formula t A = t D ⊗ Nt . Let Τ (t ) be a function of correlation between times in the model of a system and its environment. In the terms of Τ(t ) the order of critical elements activation can be written as follows:
(
K text = t1Kext , t 2Kext ,..., t NK
K ext
) = (Τ(t ), Τ(t ),..., Τ(t )) = Τ(t ) . K 1
K 2
K NK
K
0 Let text be the moment of activation of the first critical element.
Let K (text ) be the set of critical elements, activated by the time text (in the external system). Then common influence in the external system may be written as follows:
infK(i ) (t ) = inf (i ) (K (t ), t ) . Impulse process in the external system is written as: OI (pi ) (t ) =
∑ F ( ) (ϑ (t − 1))OI ( ) (t − 1) + OI ( ) (t ) . p
1≤ j ≤ n , j ≠i
ij
i p
i,0 p
Here the first term is responsible for the redistribution of impulse at the external system, and the second for the impulse brought in the external system from the outside. In the case critical elements are activated in the internal system, this expression takes form:
OI (pi ) (t ) =
∑ F ( ) (ϑ (t − 1))OI ( ) (t − 1) + p
1≤ j ≤ n , j ≠i
i p
ij
+ OI (pi ,0 ) (t ) + inf p(i ) (K (t ), t ).
Here inf p(i ) (K (t ), t ) is an influence of the internal system on its environment at the moment t by the parameter p on the factor x (i ) . Thus to build the forecasting scenario for the environment it is need, basing on the order of disturbance sources activation calculated above, to determine the order of critical elements activation, that determine the influence of the internal system on the external. To calculate the order of activation of the critical elements the formula bellow is used:
(
)
t iK = min t Dj + N t( j ,k ) . 1≤ j ≤ n
i
Here k i is an index of a critical element k i . 7. CONCLUSION The proposed approach allows us to build scenarios forecasting the environment developing for the cases of the activation of a particular indicator. This allows analyzing these scenarios in advance, at the stage of designing the system, in order to find out the risks arising from the implementation of different threats, to develop preventive measures to reduce them, as well as the tactics of countering possible negative consequences. In addition to the construction of forecast scenarios for the environment in the case of activation of each indicator separately, there is the possibility of sequential elaboration of the forecast scenario in the process of developing situation in the internal system in time. To do this, the algorithm is designed that allows specifying the assumed order of activation of the disturbance sources with the help of analysis of the process of changing the indicators, which occurred before the start of the algorithm. This clarification, in turn, helps to clarify the intended order of activation of the critical elements and forecast scenario for the environment, to clarify and to better manage the forces and means aimed at preventing or minimizing the negative effects of the evolving situation. Simultaneous use of the indicator and the scenario approaches allows us not only to build an effective system for monitoring the technical system, but also consider the scenario of the environment development. These two approaches combined in a scenario-indicator approach allow assessing the impact of the technical system on the environment in the event of any failures, crashes or other negative situations in the technical system. Appropriate assessment can be made whether in advance, taking as a basis a scheme of the technical system and the assumption of possible violations in its functioning, or during the development of the negative situations in the system. This
1882
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
includes the ability to use the known properties of the scenario approach for analyzing and forecasting developments in the external environment. The use of these methods and models can improve the security of the technical system functioning, reduce the risk of negative consequences of emergency situations that go beyond its scope, as well as provide measures and means to prevent or reduce such consequences in advance, as the result of analysis of forecast scenarios for the environment. REFERENCES Mikrin, E.A., Kochkarov A.A., and D.S. Somov (2010). Monitoring the complex technical systems functioning in conditions of external threats. The structure-integrated indicators method and the models hierarchy, ICS RAS, Moscow. Shultz, V.L., Kulba V.V., Kononov D.A., Kosyachenko S.A., Shelkov A.B., and I.V. Chernov (2012). Models and methods for analysis and synthesis of scenarios of development of social-economic systems; Nauka, Moscow. Kulba, V.V., Kononov, D.A., Kochkarov, A.A., and D.S. Somov (2011). The use of scenario and indicator approaches to control survivability, resistance an safety of complex technical systems, Moscow, ICS RAS.
1883
Formal Models of the Scenario-indicator Approach in the Study of Security Problems in Railway Transport V. Kulba, D. Somov, A. Somov V.A. Trapeznikov Institute of Control Sciences, Moscow, Russia (Tel: +7-495-334-89-59, e-mail: [email protected], [email protected])
Abstract: The article considers a set of models of the scenario-indicator approach, including the graph model of the disturbance distribution in a complex technical system (CTS) and the scenario model of an influence of internal factors on parameters of the environment. The problem of optimizing the placement of indicators in CTS is formalized. Keywords: Survivability, Resistance and safety of complex technical systems, Scenario-indicator approach, Relationship graph, Time relationship matrix, Security problems 1. INTRODUCTION The present level of development of railway transportation system, including technical system and facilities engaged in it, requires special attention to its functioning as well as to reducing the risks possible in the influence of technical systems on their environment. This paper proposes a formal model of a scenario-indicator approach, which is the union of the methods of scenario analysis of the external environment and the indicator approach to monitoring of a technical system. The scenario-indicator approach uses the modified model of disturbances distribution in a system (Miktin et al., 2010) for the modeling of technical systems and the scenario model (Shultz et al., 2012) to model its environment. To simulate the impact of a technical system to its environment we developed the methods to combine the two models. Let us consider the modified model of disturbance distribution in a technical system. It is a graph model. The graph used in the model is called the relationship graph. The verticals of the graph correspond to the elements of the system model. The arcs of the graph correspond to the paths of disturbances propagation in the system. Each arc of the graph is associated with the time needed to disturbance to spread from the element in the beginning of the arc to the element in its end. These times build the time relationship matrix M t . 2. DEFINITIONS At each moment each element of the model can posses a value 0 or 1. The value one corresponds to an activated condition (the disturbance has already reached the element), and the value zero to an inactivated condition of the element. The condition of the element ai at time t will be denoted by ai (t ) , and for A (t ) will stay the row vector
978-3-902823-35-9/2013 © IFAC
(a1 (t ), a2 (t ),..., an (t )) of the conditions of the elements of the system. Among the elements of the system we identify the subsets of sources of disturbances and critical elements. The set of disturbances sources A ⊇ D = d1 , d 2 ,..., d nD , where
{
}
nD – is their number, consists of the model, from which the disturbance may begin to spread through the system as the result of some internal or external threat. Another part of the model is a subset of critical elements A ⊇ C = c1 , c2 ,..., cnC ,
{
}
nC is the number of critical elements. When disturbance reaches one or several critical elements we consume the system fails.
We call the time distances matrix N t the square matrix sized n × n , indexed by the elements of the model by the both axes. The matrix cell of the N t matrix in the position
(i, j ), i, j ∈1, n
holds the time distance between the elements
ai and a j of the relationship graph. If there is no path from the element ai to the element a j on the graph, the matrix cell holds the infinity value ∞ . The time distances matrix is the result of applying the FloydWarshall algorithm to the time relationship matrix. 3. CALCULATION OF THE ORDER OF ELEMENTS ACTIVATION OF THE SYSTEM Using the time distances matrix it is easy to calculate the order of elements activation of the system basing on the order of disturbance sources activation:
(
)
A tiA = min t Dj + N t( j ,i ) , where ti – the element number i of 1≤ j ≤ n
the row vector of order of model elements activation, t Dj – the element number j of the row vector of the order of disturbance sources activation, Nt( j ,i ) – is the element of the
1879
10.3182/20130619-3-RU-3018.00316
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
time distances matrix placed on the cross of the row number j and the column number i of the matrix. To ensure an efficient, accurate and timely monitoring of state and functioning of a technical system it is proposed to allocate the special elements in the structure of the system as indicators. The information on the status of these items will be available to the system operator (or to an automated control system). The indicators are placed in the system in a way to minimize the information load on the operator, while maintaining the effectiveness of the information transmitted to the operator in the case of internal and external threats and negative situations developing in the system. To do this, we put a formal multi-criteria optimization problem of placement of the indicators in the technical system. The indicator set will be denoted as I = i1 , i2 ,..., inI ,
{
}
( )
ITBef =
{
( )}
is
I
the
precedence
Similarly the concepts of indicator covers and indicator cover sets of time t are introduced for elements of the model reached from the indicators in time no more than t:
1)
3)
4)
5)
6)
We introduce the concepts of generic precedence and consequence indicator covers:
{
1
2
nI
( )} I
–
{
is
the
}
7)
generic
of times of the precedence sets (unlike previous definitions here all the indicators can meet their time).
{
( )}
consequence cover.
I
j
I = n I ≤ N I – the number of indicators must be limited to lower the information load on the operator (or ACS) of the system;
– generic indicator
–
(
)
⎞ ⎛ min ⎜ max dis t (d , k ) − dis t (d , i ) ⎟ → max – criteria I Aft ( d ) ⎠ ⎝ I of maximization of time from the moment of disturbance detection by an indicator to the moment of disturbance reach a critical element (time given to the operator reaction); d∈D ,k∈K i∈I
I Aft → max – the indicator consequence sets must I
I Bef → max – the indicator precedence sets must cover I
( ( ))
min D ITAft → min
T :ITAft = I Aft
I
–
the
diameter
of
the
( ( ))
min D ITBef → min – the diameter of the precedence
T :ITBef = I Bef
I
cover must be minimal, to provide the accuracy of judging the reasons of the current situation of the system, basing on the indicators conditions.
indicator precedence cover, where T = t1 , t2 ,..., tnI is the set
ITAft = Aftt1 (i1 ), Aftt2 (i2 ),..., Afttn inI
tj
j ≤nI
consequence cover must be minimal, to provide the accuracy of judging the consequences of the current situation of the system, basing on the indicators conditions;
j
j ≤ nI
ITBef = Beft (i1 ), Beft (i2 ),..., Beft in
U Aft (i ) .
the maximum number of elements of the model;
U Aft (i ) – consequence indicator cover set of time t. t
I TAft =
cover the maximum number of elements of the model;
cover of time t,
I tAft =
j
indicators must cover all threats known at the design stage;
– consequence indicator
I
tj
Below is set the multicriteria optimization problem of indicator placement in a technical system. It is required to find such subset of the model elements (the set of indicators), so that the following constraints and optimization criteria are fulfilled:
()
j ≤nI
( )}
– is the diameter of the generic
2) ∀d ∈ D : Aft(d )I K ≠ ∅ ∃i ∈ I : i ∈ Afts (d )
The precedence indicator cover set of time t is the unification of all the sets from the precedence indicator cover of time t: I tBef = U Beft i j .
{
( )
5. MULTICRITERIA OPTIMIZATION PROBLEM
indicator cover of time t, where Bef t (i ) is the precedence set of time t of the indicator i that is the subset of all the elements of the model, from which the indicator i can be reached in time no more, than t.
I tAft = Aftt (i1 ), Aftt (i2 ),..., Aftt in
U Bef (i ) , j ≤nI
We introduce a number of terms used in the formal statement of the problem of placing the indicators:
I tBef = Beft (i1 ), Beft (i2 ),..., Beft in
j ≤ nI
precedence or consequence indicator cover. We call the generic precedence indicator cover set the unification of all the subsets of the generic precedence indicator cover. Similarly for the generic consequence indicator cover set:
where n I is a number of indicators. 4. STATEMENT OF THE PROBLEM OF PLACING THE INDICATORS
( )
D I TBef = D I TAft = max t j
6. INDICATOR APPROACH TO SCENARIO MODEL DESIGN In the indicator approach we suggest exact polynomial of low degree algorithms to check constraints and calculate objective functions for optimization criteria. The set of polynomial inexact and heuristic algorithms are proposed for finding a solution of the problem taking into account the expertise of
1880
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
the decision maker (DM). The proposed algorithms can consistently optimize the solution according to the criteria selected by the DM, with the defined restriction. The feature of the proposed solution is its flexibility to adapt the optimization problem for a given system, modifying, adding or eliminating certain criteria for the optimal placement of the indicators. The algorithms for finding the optimal solution can easily be adapted to the new task in the case of changing the set of criteria. The scenario model of environment is also a graph model. The base of the model is an orientated graph G ( X , E ) , where X – is the set of its verticals, and E – is the set of its arcs. The number of elements we denote as N X = X . Like in the model of disturbances distribution, elements of the environments are matched to the verticals of the graph. The arcs of the graph reflect the interactions between the elements. Each vertical has a parameter (that can be a vector
) { (
(
)
}
inf p k1 , k 2 ,..., k N K , t = inf pi k1 , k 2 ,..., k N K , t , i = 1,2,..., n – row vector,
(
) { (
)
}
inf (i ) k1 , k 2 ,..., k N , t = inf pi k1 , k2 ,..., k N , t , p = 1,2,..., P column vector. K
K
–
For a complete description of the various influences of the system on its external system it is need to determine the effect of various combinations of states of the critical elements. In the case of large systems with a large number of critical elements, this is a difficult task in because of great number of combinations of states of the critical elements ( 2 N ). K
set of parameters: V = v (i ) 1 ≤ i ≤ N X .
As part of a scenario-indicator approach to improve safety of railway transport a number of algorithms that can partially automate the process of determining the effects of different combinations of activated critical elements is offered. In the process of automatically determining the effect an assumption of independence effects of the critical elements is stated:
The impulse distribution equation is set in the model:
inf (i ) k1 , k 2 ,..., k N , t =
{
}
parameter) v (i ) = v (pi ) , p = 1,2,..., P . These parameters form a
{
}
(
∑ Fij( p ) (ϑ (t − 1))OI (pi ) (t − 1) + OI (pi,0) (t ) .
OI (pi ) (t ) =
∑ inf (i ) (0,0,..., k j ,...,0, t ) .
j =1,..., N K
{
Here, F (ϑ(t − 1)) – is a matrix that defines an impulse transfer at the moment t − 1 . ( p)
We say that at the moment t on the operator graph G ( X , E , ζ ) on the parameter p an impulse process
}
Im p (t , k ) = OI p,0 (τ ) (τ =t ,t +1,...,t +k ) is set, if vectors OI p , 0 (τ ) are
set for each τ = t , t + 1,..., t + k . The impulse propagation process can be seen as a process of converting the parameters of the verticals of an operator graph with the transition operator as follows:
ζ ( p ) (F ( p ) (ϑ (t − 1)), v p (t − 1)) = Fp (ϑ (t − 1))v p (t − 1) + OI p(i ,0 ) (t ) . A determinate step by step scenario R at the time t by the parameter p, for the previously set k-step impulse process Im p (t , k ) on the operator graph G ( X , E , ζ ) is the sequence of expert significant events (ESE) of the kind:
{
)
Let the task of optimal indicator placement in the base system is solved in according to optimal indicator placement criteria stated above. Let I = i1, i2 ,..., inI – is the resulting set of
1≤ j ≤ n, j ≠i
{
K
}
V p (t , k ) = v (pi ) (τ ) (τ =t ,t +1,...,t + k ) .
Let us consider the interaction of the technical system and the environment. The threats, implemented in the process of the system functioning, generate the beginning of disturbance distribution in the system. The system is not considered to be of a failed for as long as the disturbance does not reach one or more critical elements. In this case an effect on the environment can be represented by elements of the outside system, or the parameters:
}
indicators. Let us consider an approach for predicting the effect of the technical system on the environment based on the indicator values in a specific time or during the period of negative situation spreading in the system. Each of disturbance sources d is matched with the time of initial indication ti (d ) . That is the time needed by the disturbance to reach the first indicator from the moment of an activation of the disturbance source d : ti (d ) = min
(dist (d , j )) .
j∈I I Aft (d )
Suppose that and indicator i1 was activated at the time t0 . Let us consider all the disturbance sources in the precedence set Bef (i1 ) of the indicator i1 . Let us call the set of possible reasons DBef (i1 ) of activation of indicator i1 the subset of disturbances sources, that lay in the precedence set of activated indicator, time of initial activation of which is no bigger than the time distance to this indicator: DBef (i1 ) = {d ∈ D I Bef (i1 ) ti (d ) ≥ dist (d , i1 )} .
The set of possible reasons if an indicator is the set of disturbances sources for which this indicator is activated first in case of their activation.
1881
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
The set DBef (i1 ) can contain multiple sources of disturbance, all of which (or more) could be a source of disturbance that triggered the indicator. However, during forecasting the development of negative situations in order to create strategies to get out of them or to reduce their impact, it is useful to consider the pessimistic version of the situation from all possible with this fragment of information available (on the status indicators). Therefore, in the worst case the times of disturbances sources t Dj , j = 1,2,..., N D activation will take the form: ⎧⎪∞ d j ∉ DBef (i1 ), t Dj = ⎨ . ⎪⎩t0 − dist d j , i1 d j ∈ DBef (i1 )
(
)
The order of disturbances activation will be written as t D = t1D , t 2D ,..., t ND .
(
D
)
In this case, it is possible to predict the order of activation of the critical elements, calculating the order of activation of all other system components (including critical) by the formula t A = t D ⊗ Nt . Let Τ (t ) be a function of correlation between times in the model of a system and its environment. In the terms of Τ(t ) the order of critical elements activation can be written as follows:
(
K text = t1Kext , t 2Kext ,..., t NK
K ext
) = (Τ(t ), Τ(t ),..., Τ(t )) = Τ(t ) . K 1
K 2
K NK
K
0 Let text be the moment of activation of the first critical element.
Let K (text ) be the set of critical elements, activated by the time text (in the external system). Then common influence in the external system may be written as follows:
infK(i ) (t ) = inf (i ) (K (t ), t ) . Impulse process in the external system is written as: OI (pi ) (t ) =
∑ F ( ) (ϑ (t − 1))OI ( ) (t − 1) + OI ( ) (t ) . p
1≤ j ≤ n , j ≠i
ij
i p
i,0 p
Here the first term is responsible for the redistribution of impulse at the external system, and the second for the impulse brought in the external system from the outside. In the case critical elements are activated in the internal system, this expression takes form:
OI (pi ) (t ) =
∑ F ( ) (ϑ (t − 1))OI ( ) (t − 1) + p
1≤ j ≤ n , j ≠i
i p
ij
+ OI (pi ,0 ) (t ) + inf p(i ) (K (t ), t ).
Here inf p(i ) (K (t ), t ) is an influence of the internal system on its environment at the moment t by the parameter p on the factor x (i ) . Thus to build the forecasting scenario for the environment it is need, basing on the order of disturbance sources activation calculated above, to determine the order of critical elements activation, that determine the influence of the internal system on the external. To calculate the order of activation of the critical elements the formula bellow is used:
(
)
t iK = min t Dj + N t( j ,k ) . 1≤ j ≤ n
i
Here k i is an index of a critical element k i . 7. CONCLUSION The proposed approach allows us to build scenarios forecasting the environment developing for the cases of the activation of a particular indicator. This allows analyzing these scenarios in advance, at the stage of designing the system, in order to find out the risks arising from the implementation of different threats, to develop preventive measures to reduce them, as well as the tactics of countering possible negative consequences. In addition to the construction of forecast scenarios for the environment in the case of activation of each indicator separately, there is the possibility of sequential elaboration of the forecast scenario in the process of developing situation in the internal system in time. To do this, the algorithm is designed that allows specifying the assumed order of activation of the disturbance sources with the help of analysis of the process of changing the indicators, which occurred before the start of the algorithm. This clarification, in turn, helps to clarify the intended order of activation of the critical elements and forecast scenario for the environment, to clarify and to better manage the forces and means aimed at preventing or minimizing the negative effects of the evolving situation. Simultaneous use of the indicator and the scenario approaches allows us not only to build an effective system for monitoring the technical system, but also consider the scenario of the environment development. These two approaches combined in a scenario-indicator approach allow assessing the impact of the technical system on the environment in the event of any failures, crashes or other negative situations in the technical system. Appropriate assessment can be made whether in advance, taking as a basis a scheme of the technical system and the assumption of possible violations in its functioning, or during the development of the negative situations in the system. This
1882
2013 IFAC MIM June 19-21, 2013. Saint Petersburg, Russia
includes the ability to use the known properties of the scenario approach for analyzing and forecasting developments in the external environment. The use of these methods and models can improve the security of the technical system functioning, reduce the risk of negative consequences of emergency situations that go beyond its scope, as well as provide measures and means to prevent or reduce such consequences in advance, as the result of analysis of forecast scenarios for the environment. REFERENCES Mikrin, E.A., Kochkarov A.A., and D.S. Somov (2010). Monitoring the complex technical systems functioning in conditions of external threats. The structure-integrated indicators method and the models hierarchy, ICS RAS, Moscow. Shultz, V.L., Kulba V.V., Kononov D.A., Kosyachenko S.A., Shelkov A.B., and I.V. Chernov (2012). Models and methods for analysis and synthesis of scenarios of development of social-economic systems; Nauka, Moscow. Kulba, V.V., Kononov, D.A., Kochkarov, A.A., and D.S. Somov (2011). The use of scenario and indicator approaches to control survivability, resistance an safety of complex technical systems, Moscow, ICS RAS.
1883