**4.1. "Black box"**

There are two general technologies proposed of providing protection from critical influences on the system: technology 1 is the periodical diagnostics of system integrity (without the continuous monitoring between diagnostics) and technology 2 is the continuous monitoring between periodical diagnostics added to technology 1—see **Figure 8**.

Technology 1 is based on periodical diagnostics of system integrity, which is carried out to detect danger source penetration from threats (destabilizing factors) into a system or the consequences of negative influences. The lost system integrity can be detected only as a result of diagnostics, after which system recovery starts. Dangerous influence on a system is acted upon step by step: at first, a danger source penetrates into a system and then after its activation begins to influence. System integrity cannot be lost before a penetrated danger source is activated. Danger from threats (destabilizing factors) is considered to be realized only after a danger source has influenced a system.

Technology 2, unlike the previous one, implies that operators alternating each other trace system integrity between diagnostics (the operator may be a man or a special device or their

**Figure 8.** Some accident events for technology 2 (left – "Correct operation", right – "a loss of integrity" during Treq.).

combination). In case of detecting a danger source an operator recovers system integrity. The ways of integrity recovering are analogous to the ways of technology 1. Faultless operator's actions provide the neutralization of a danger source trying to penetrate into a system. When operators alternate a complex diagnostic is held. A penetration of a danger source is possible only if an operator makes an error but a dangerous influence occurs if danger is activated before the next diagnostic. Otherwise the source will be detected and neutralized during the next diagnostic.

It is supposed for technologies 1 and 2 that the used diagnostic allows to provide necessary system integrity recovery after revealing danger source penetration into a system or consequences of influences. Assumption: for all time input characteristics, the probability distribution function (PDF) exists. Thus, the probability of the correct system operation within the given prognostic period (i.e., the probability of success) may be computed as a result of the use of models. For identical damage risk, to lose integrity is an addition to 1 for the probability of correct system operation, R = 1−P [3–4].

There are possible next variants for technologies 1 and 2: variant 1 in the given prognostic period Treq is less than the established period between neighboring diagnostics (Treq < Tbetw. + Tdiag); variant 2 in the assigned period Treq is more than or equals to the established period between neighboring diagnostics (Treq 3 Tbetw. + Tdiag). Here, Tbetw. is the time between the end of the diagnostic and the beginning of the next diagnostic, Tdiag is the diagnostic time.

#### **4.2. Integration of probabilistic models for complex structures**

will not exceed 1. It means that under the second example conditions, 19 from 20 defects will

The probabilistic approaches for modeling "black box" and complex structures operating in

There are two general technologies proposed of providing protection from critical influences on the system: technology 1 is the periodical diagnostics of system integrity (without the continuous monitoring between diagnostics) and technology 2 is the continuous monitoring

Technology 1 is based on periodical diagnostics of system integrity, which is carried out to detect danger source penetration from threats (destabilizing factors) into a system or the consequences of negative influences. The lost system integrity can be detected only as a result of diagnostics, after which system recovery starts. Dangerous influence on a system is acted upon step by step: at first, a danger source penetrates into a system and then after its activation begins to influence. System integrity cannot be lost before a penetrated danger source is activated. Danger from threats (destabilizing factors) is considered to be realized only after a danger source has influenced a system. Technology 2, unlike the previous one, implies that operators alternating each other trace system integrity between diagnostics (the operator may be a man or a special device or their

be revealed in time with probability 0.95 and more.

**Figure 7.** The way for rationale speed of non-destructive testing.

64 Probabilistic Modeling in System Engineering

conditions of heterogeneous threats are proposed.

**4.1. "Black box"**

**4. Models for "black box" and for complex structures**

between periodical diagnostics added to technology 1—see **Figure 8**.

The main output of integration modeling is the probability of the correct system operation or risk to losing system integrity during the given period of time. If probabilities for all points Тreq. from 0 to ∞ are computed, it means a trajectory of the PDF, depending on the characteristics of threats, periodic control, monitoring and recovery. And the building of PDF is the real base to prediction metrics P and R for given time Тreq.. In analogy with reliability, it is important to know a mean time between neighboring losses of integrity like mean time between neighboring failures in reliability (MTBF), but in application to quality, safety, etc.

For example, the next general formal statements of problems for optimization can be used [6]: **1.** For the stages of system concept, development, production and support: System parameters, technical and management measures, presented in terms of time characteristics of threats, control and/or monitoring of conditions and comprehensible recovery of lost integrity are the most rational for the given period if the minimum amount of expenses for the creation of the system is reached at limitations on an admissible level of risk to lose integrity and/or probability of an admissible level of quality and expenses for operation under other

Probabilistic Modeling Processes for Oil and Gas http://dx.doi.org/10.5772/intechopen.74963 67

**2.** On an operation stage: System parameters, technical and management measures, presented in terms of time characteristics of threats, control and/or monitoring of conditions and comprehensible recovery of lost integrity, are the most rational for the given period of operation if the minimum of risks to system integrity loss is reached at limitations on the admissible level of risk and/or probability of an admissible level of quality and expenses for operations

The combination of these formal statements also can be used in the system's life cycle.

The approach for using the developed models, methods and software tools to analyze and

developments, operations or maintenance conditions.

under other operations or maintenance conditions.

optimize system processes is illustrated in **Figure 9**.

**Figure 9.** The approach to analyze and optimize system processes.

For complex systems, parallel or serial structure existing models with known PDF can be developed by usual methods of probability theory. Let's consider the elementary structure from two independent parallel or series elements. Let PDF of time between losses of the ith element of integrity be В<sup>i</sup> (t), that is, В<sup>i</sup> (t) = Р (τ<sup>i</sup> ≤ t); then:

**1.** Time between losses of integrity for the system combined from series-connected independent elements is equal to a minimum from two times τ<sup>i</sup> : failure of first or second elements (i.e., the system goes into a state of lost integrity when either the first or second element integrity is lost). For this case the PDF of time between losses of system integrity is defined by expression:

$$\begin{array}{lcl} \mathbf{B(t)} &= \operatorname{P}(\min \left(\pi\_{1'} \pi\_{2}\right) \le \mathbf{t}\) = 1 - \operatorname{P}(\min \left(\pi\_{1'} \pi\_{2}\right) > \mathbf{t}\) = 1 - \operatorname{P}(\pi\_{1} > \mathbf{t})\mathbf{P(\pi\_{2} > \mathbf{t})}\\ &= 1 - [1 - \mathbf{B\_{1}(t)}] \ [1 - \mathbf{B\_{2}(t)}] \end{array} \tag{1}$$

**2.** Time between losses of integrity for system combined from parallel-connected independent elements (hot reservation) is equal to a maximum from two times τ<sup>i</sup> : failure of first and second elements (i.e., the system goes into a state of lost integrity when both first and second elements have lost integrity). For this case the PDF of time between losses of system integrity is defined by the expression:

$$\mathbf{B(t) = P(\max\{\tau\_{1'}, \tau\_2\} \le t) = P(\tau\_1 \le t)P(\tau\_2 \le t) = B\_1(t)B\_2(t) \tag{2}$$

Applying recurrently expressions (1), (2), it is possible to build PDF of time between losses of integrity for any complex system with parallel and/or series structures.

All these ideas for analytical modeling operation processes are supported by the software tools "Mathematical modeling of system life cycle processes"—"know how" (registered by Rospatent №2,004,610,858), "Complex for evaluating quality of production processes" (registered by Rospatent №2,010,614,145) and others [1–4].
