Risk analysis-based reliability assessment approach under epistemic uncertainty using a dynamic evidential network

Probabilistic modeling is widely used in industrial practices, particularly for assessing complex systems’ safety, risk analysis, and reliability. Conventional risk analysis methodologies generally have a limited ability to deal with dependence, failure behavior, and epistemic uncertainty such as parameter uncertainty. This work proposes a risk-based reliability assessment approach using a dynamic evidential network (DEN). The proposed model integrates Dempster-Shafer theory (DST) for describing parameter uncertainty with a dynamic Bayesian network (DBN) for dependency representation and multi-state system reliability. This approach treats uncertainty propagation across conditional belief mass tables (CBMT). According to the results acquired in an interval, it is possible to analyze the risk like interval theory, and ignoring this uncertainty may lead to prejudiced results. The epistemic uncertainty should be adequately defined before performing the risk analysis. A case study of a level control system is used to highlight the methodology’s ability to capture dynamic changes in the process, uncertainty modeling, and sensitivity analysis that can serve decision making.


Introduction
In the last century, many industries have been complex and involved in the latest technological innovation. This technological development is accompanied by a continuous improvement of safety, which stays one of the main concerns in this field. Nowadays, the need for safety measures should be emphasized due to the possibility of catastrophic accidents resulting from this high innovation and development [1][2]. The safety engineer used many quantitative or qualitative methods for risk analysis such as failure mode and effects analysis (FMEA), what-if analysis, hazard and operability analysis (HAZOP), fault tree analysis (FTA), and Bayesian networks (B.N.) … etc. Each method has its advantages and disadvantages. Most of these techniques are developed for treating aleatory and epistemic uncertainty using possibility theory, evidence theory, and fuzzy sets theory [3][4].
The B.N. has become more prevalent in reliability, availability, safety, and risk assessment for complex systems [5][6][7]. A review is presented in [8] that studied a recent brief statistical of B.N. applicability in the chemical and process industry. B.N. is applied as a dynamic safety analysis for a complex process. For example, Zarei et al. [9] applied a dynamic risk analysis approach for natural gas  [10]. B.N. is a proper tool for handling uncertainty in risk assessments by using fuzzy logic or evidence theory [11]. Several researchers have merged the evidence theory with B.N. to develop a practical tool called evidential network (EN) to evaluate complex systems' reliability under random uncertainties [6,12]. Mi et al. [13] used a dynamic evidential network (DEN) for assessing reliability under epistemic uncertainty with different life distributions. Khakzad et al. [14] used EN as imprecise probabilities and B.N. to assess system safety under epistemic uncertainty. This paper proposed a DEN as a risk analysis method for complex systems based on a reliability approach.
This paper is based on DEN for the risk analysis-based reliability approach of complex systems. The second section is reserved for the fundamentals of DST. The third one is shown how to build a DEN from DFT, and the last section is dedicated to an application example of the proposed method.

Methodology
The DST employed belief and plausibility functions to describe epistemic uncertainty. This theory has three basic functions: the basic belief assignment function (BBA or m), the Belief function (Bel), and the Plausibility function (Pls). For all event A, the function m(A) followed the conditions:

Belief and Plausibility functions
A belief function, represented by the symbol Bel (A), is defined as the collection of subsets that the mass attributes to A. The belief function can be considered as the total number of masses that agree with A. It expresses the likelihood that hypothesis A is confirmed as the lower bound. Bel (A) is expressed as: A plausibility function, indicated by the symbol Pls (A), is expressed as the mass of sets that overlap with set A. The plausibility function can be considered the total of all masses that cannot refute hypothesis A. It expresses the likelihood that hypothesis A is confirmed as the upper bound.
Pls (A) is given as:

Evidential networks (EN)
The EN is an acyclic directed graph similar to B.N. The conditional belief mass functions show the dependency between components at each node via arcs. Within a graphical probabilistic model, P(x) is the marginal belief mass distribution for each parent node X, and P(E|pa(E)) is the conditional belief mass table (CBMT) for each child node E, where parent nodes of E are represented by pa(E).
The CBMT is presented in the form of a matrix as: Simon et al. [12] computed each node's P(x) using the junction tree algorithm. Expert judgments can present the functions m(A).

DEN for spare gates
Two variables X and Y are connected with a spare logic gate like depicted in Figure 1, and the dormancy factor is α. Within the context of DST, there are three assignments ( ) (up, down, up-down) for each component. Table 1 shows the CBMT at step ( + 1) for X. We propose the CBMT at step (k + 1) for node Y based on the spare gate node type, considering the parameter uncertainty stated in reference [15] and illustrated in Tables (2,3, and 4). Additional details on this modeling can be found in the reference [15].  Table 1. CBMT at (k+1) for node X.  Table 2. CBMT at (k+1) for node Y using warm spare gate (WSP) [15]. Table 3. CBMT at (k+1) for node Y using cold spare gate (CSP) [15]. Table 4. CBMT at (k+1) for node Y using hot spare gate (HSP) [15].

Case study
A retention reservoir problem in the reference [16], as shown in Figure 2. The system maintains the fluid level between "X1" and "X2" during normal operation. Fluid is supplied by a primary pump system and a standby pump system if the first system fails. Each pumping system consists of four elements: level sensor ''S1'', controller ''C1 / C2'', discharge valve ''V-1 / V-2'' and a pump. The sensor "S1" transmits a signal to the controller "C1" that causes the valve "V-1" to open or close in order to regulate the rate of fluid supply to keep the level between "X1" and "X2". If the fluid level reaches point "h", a high-level alarm "LAH" is energized by a signal from the high-level sensor "S2". An operator manually opens a safety valve "PSV" to adjust the fluid level to the appropriate region when the LAH is triggered. The actuator closes the "PSV" when the level reaches the operating zone. If the liquid level decreases below point "d", a dry-out scenario may occur. In this case, the sensor " S3" communicates with the controller " C3 " to operate the outlet valve " V-3". The "V-3" closes, allowing fluid to flow back to the appropriate operating zone level. When the level is stable, the output valve returns to its initial state.

Risk analysis
A risk analysis is applied for this system. Two types of scenarios can occur, namely dry-out and overflow. In this case, it is choosing a dry-out scenario to analyze to provide and apply our methodology. A DFT analysis is used for a dry-out scenario, as shown in reference [16]. The unwanted event "dryout" is caused by malfunctioning the pumping system and the protection system.
The failure rates of all components as an interval are estimated and presented in Table 5 using generic data and expert judgment in this field [16]. Figure 3 shows a DEN model for the dry-out scenario created from a DFT analysis using procedures described in subsection 2.3. The WSP is considered to have a dormancy factor equal to 0.7. When (t = 0), all the components are perfect without failure.

Results and discussion
The DEN model for the dry-out scenario can be simulated and calculated using the GeNIe software [17].
The simulation results are shown in Table 6. The occurrence probability of the dry-out scenario for this system at different inspection intervals is shown in Figure 4. The DEN developed in Figure 4 depicts the causality for a single time slice (ΔT = 1 week). The risk probability of dry-out reaches the interval [0.294, 0.324] at the end of 24 months, taking epistemic uncertainty into account. The interval's boundaries are defined as belief and plausibility values in the unwanted dry-out scenario.
The decision-maker or the risk analyst is free to choose the actual value of the risk in the interval based on personal conviction and pessimistic or optimistic view. He can use the algebraic or geometric means between the intervals' bounds to choose a unique value for this risk.

Sensitivity analysis
The most efficient characteristics of the EN are focused on event likelihood updating (posterior) of each event, given the occurrence of the initiating event. The ratio of variation (RoV) in Equation (9) can involve a dependable proportion of significance in any system failure and sensitivity analysis [9].
Where π(Xi) and θ(Xi) signify Xi's posterior and prior probabilities, respectively. The posterior probability of each base node is calculated based on the "dry-out" (100%). After updating the posterior probability of the primary events, the results show that "pipe leakage" and "sensor S1" represent the most significant increase in the RoV (figure 5), thus representing the most critical essential events contributing to the accident. In this case, an effective maintenance plan must be followed to avoid leaks in the pipes and piping. In addition, it is necessary to install a parallel configuration (for example, the 1oo2 configuration) at the sensor S1 in particular because this is a common critical element that contributes to the operation of two subsystems (primary and standby pumping system).

Conclusion
In different engineering practices, EN modeling is widely used, especially for assessing complex systems' reliability. This paper aims to apply EN modeling in the risk analysis-based reliability approach in chemical process safety. Based on DST, the EN may effectively cope with epistemic uncertainty by combining expert opinion and quantitative knowledge to assess the risk. This parameter uncertainty is assigned with component failure and repair rates, which are expressed as interval values. The proposed model is a new risk analysis model based on DFT analysis and DEN. The DEN overcomes the difficulties of traditional methods such as dynamic risk analysis, dependencies, and uncertainty. A case study of a level control system demonstrates the model's use. The findings demonstrate the influence of