3.1. The models for the systems that are presented as one element ("black box")

Technology 1 is based on proactive diagnostics of system integrity that are carried out periodically to detect danger occurrences into a system or consequences of negative influences. The lost system integrity can be detected only as a result of diagnostics, after which the recovery of integrity is started. Dangerous influence on system is acted step by step: at first a danger occurrence into a system and then after its activation begins to influence. System integrity cannot be lost before an occurred danger is activated. A danger is considered to be realized only after a danger has activated and influenced on a system. Otherwise, the danger will be detected and neutralized during the next diagnostic.

Note: it is supposed that used diagnostic tools allow to provide system integrity recovery after revealing of danger occurrences into a system or consequences of influences.

Technology 2, unlike the previous one, implies that operators alternating each other trace system integrity between diagnostics. In case of detecting a danger, an operator recovers system integrity (ways of dangers removing and system recovery are the same as for technology 1). Faultless operator's actions provide a neutralization of a danger. When a complex diagnostic is periodically performed, this time operators are alternated. An occurrence of a danger is possible only if an operator makes an error, but a dangerous influence occurs if the danger is activated before the next diagnostic.

The probability of system operation with required safety and quality within the given prognostic period (i.e., probability of success) may be estimated as a result of using the next models for technologies 1 and 2. Assumption: for all time input characteristic, the probability distribution functions exist. Risk R(Treq) to lose integrity (safety, quality, or separate property, e.g., reliability), i.e., to be though one time in "red" range during period Treq, is addition to 1 for probability P(Treq) of providing system integrity ("probability of success," i.e., to be in "green" or "yellow" ranges all period Treq). R(Treq) =1-P(Treq) considering consequences.

The next variants for technologies 1 and 2 are possible: variant 1—the given prognostic period Treq is less than established period between neighboring diagnostics (Treq < Tbetw. + Tdiag); variant 2—the prognostic period Treq is more than or equals to established period between neighboring diagnostics (Treq ≥ Tbetw. + Tdiag). Here, Tbetw. is the time between the end of diagnostic and the beginning of the next diagnostic, and Tdiag is the diagnostic time.

The next formulas for PDF of time between the losses of system integrity are proposed [2–3].

PDF for the model of technology 1 (variant 1): Under the condition of independence for characteristics, the probability of providing system integrity for variant 1 is equal to

$$P\_{\rm (l)}\left(\mathbf{T}\_{\rm req}\right) = 1 - \Omega\_{\rm occur} \, ^\ast \Omega\_{\rm active}\left(\mathbf{T}\_{\rm req}\right) \,\tag{1}$$

ð4Þ

31

http://dx.doi.org/10.5772/intechopen.75109

where the probability of providing system integrity within the given time P(1)(Treq.) is defined

Probabilistic Methods and Technologies of Risk Prediction and Rationale of Preventive Measures by Using…

The final clear analytical formulas for modeling are received by Lebesgue integration of

The models are applicable to the system presented as one element. The main result of such system modeling is a probability of providing system integrity or of losses of system integrity during the given period of time. If a probability for all points Тreq. from 0 to ∞ will be calculated, a trajectory of the PDF for each combined element depending on threats, periodic

In general case "smart" system operation always aims to provide reliable and timely producing the complete, valid and, if needed, confidential information for its proper further pragmatic use, including incorporate functions of sensing, actuation, and control. And, potential

In general case a probabilistic space (Ω, B, P) for an evaluation of system operation processes is proposed, where Ω is the limited space of elementary events; B is the class of all subspace of Ω space, satisfied to the properties of σ-algebra; and P is the probability measure on a space of elementary events Ω. Because Ω = {ωk} is limited, there is enough to establish a reflection

for use because "smart" system may be considered as specially focused information system, incorporating functions of sensing, actuation, and control. The proposed analytical models and

"The model of function performance by a complex system in conditions of unreliability of its components" (the measures: TMTBF is the mean time between failures; Prel.(Тgiven) is the probability of reliable operation of IS, composed by subsystems and system elements, during the

Figure 6. Potential threat realization to "smart" system operation on the level of used information.

<sup>k</sup>pk ¼ 1. Such space (Ω, B, P) is built [6] and proposed

threats to "smart" system operation are influencing the used information (Figure 6).

control, monitoring, and recovery time is automatically synthesized.

<sup>ω</sup><sup>k</sup> ! pk = P(ωk) like that pk <sup>≥</sup> <sup>0</sup> and <sup>P</sup>

calculated measures are as follows [6]:

3.2. Probabilistic approach to estimate "smart" system operation quality

by Eq. (3).

expression (3).

where Ωoccur(t) is the PDF of time between neighboring occurrences of danger (from the "green" to the "yellow" range), mathematical expectation Toccur = σ�<sup>1</sup> ; Ωactiv(t) is the PDF of activation time of occurred danger (threat: from the first input at the "yellow" range to the first input in the "red" range), and mathematical expectation is β. The PDF Ωoccur(t) and Ωactiv(t) may be exponential (see rationale in [6]). For different threats a frequency of dangers for these PDF is the sum of frequencies of every kind of threats.

PDF for the model of technology 1 (variant 2): Under the condition of independence for characteristics, the probability of providing system integrity for variant 2 is equal to

$$\mathbf{P\_{(2)}\ (T\_{\rm req})} = \mathbf{N((T\_{\rm beta} + T\_{\rm diag})/T\_{\rm req})}\,\mathrm{P\_{(1)}}\mathrm{N(T\_{\rm beta} + T\_{\rm dilag})} + \mathbf{(T\_{\rm ram}/T\_{\rm req})}\,\mathrm{P\_{(1)}}\mathrm{(T\_{\rm ram})},\tag{2}$$

where N = [Тreq./(Тbetw. + Тdiag.)] may be real (for PDF) or the integer part (for estimation of deviations).

$$\mathbf{T\_{rmn}} = \mathbf{T\_{req}} - \mathbf{N(T\_{between} + T\_{diag})}.$$

The probability of providing system integrity within the given time P(1)(Tgiven) is defined by Eq. (1).

PDF for the model of technology 2 (variant 1): Under the condition of independence for characteristics, the probability of providing system integrity for variant 1 is equal to

$$P\_{\ell(1)}(T\_{req}) = 1 - \prod\_{o}^{T\_{req}} \mathbf{d}(\pi) \prod\_{e}^{T\_{req}} \mathbf{d}(Q\_{power}) \mathbf{s}\_{\ell}^{\*} Q\_{\text{act}}(\theta) \tag{3}$$

Here, A(τ) is the PDF of time between operator's errors. A(τ) may be exponential PDF (see rationale in [6]).

PDF for the model of technology 2 (variant 2): Under the condition of independence of characteristics, the probability of providing system integrity for variant 2 is equal to

$$\mathbf{P}\_{\text{(2)}}\left(\mathbf{T}\_{\text{req}}\right) = \mathbf{N}\left(\left(\mathbf{T}\_{\text{betw}} + \mathbf{T}\_{\text{diag}}\right) / \mathbf{T}\_{\text{req}}\right) \mathbf{P}\_{\text{(l)}}\mathbf{N}\left(\mathbf{T}\_{\text{btw}} + \mathbf{T}\_{\text{diag}}\right) + \left(\mathbf{T}\_{\text{rrmn}} / \mathbf{T}\_{\text{req}}\right) \mathbf{P}\_{\text{(l)}}\left(\mathbf{T}\_{\text{rrmn}}\right) \tag{4}$$

where the probability of providing system integrity within the given time P(1)(Treq.) is defined by Eq. (3).

The final clear analytical formulas for modeling are received by Lebesgue integration of expression (3).

The models are applicable to the system presented as one element. The main result of such system modeling is a probability of providing system integrity or of losses of system integrity during the given period of time. If a probability for all points Тreq. from 0 to ∞ will be calculated, a trajectory of the PDF for each combined element depending on threats, periodic control, monitoring, and recovery time is automatically synthesized.

#### 3.2. Probabilistic approach to estimate "smart" system operation quality

e.g., reliability), i.e., to be though one time in "red" range during period Treq, is addition to 1 for probability P(Treq) of providing system integrity ("probability of success," i.e., to be in "green" or "yellow" ranges all period Treq). R(Treq) =1-P(Treq) considering consequences.

The next variants for technologies 1 and 2 are possible: variant 1—the given prognostic period Treq is less than established period between neighboring diagnostics (Treq < Tbetw. + Tdiag); variant 2—the prognostic period Treq is more than or equals to established period between neighboring diagnostics (Treq ≥ Tbetw. + Tdiag). Here, Tbetw. is the time between the end of

The next formulas for PDF of time between the losses of system integrity are proposed [2–3]. PDF for the model of technology 1 (variant 1): Under the condition of independence for character-

<sup>¼</sup> <sup>1</sup> � <sup>Ω</sup>occur<sup>∗</sup> <sup>Ω</sup>activ Treq

where Ωoccur(t) is the PDF of time between neighboring occurrences of danger (from the

activation time of occurred danger (threat: from the first input at the "yellow" range to the first input in the "red" range), and mathematical expectation is β. The PDF Ωoccur(t) and Ωactiv(t) may be exponential (see rationale in [6]). For different threats a frequency of dangers for these

PDF for the model of technology 1 (variant 2): Under the condition of independence for character-

where N = [Тreq./(Тbetw. + Тdiag.)] may be real (for PDF) or the integer part (for estimation of

Trmn ¼ Treq � N Tbetw þ Tdiag

The probability of providing system integrity within the given time P(1)(Tgiven) is defined by

PDF for the model of technology 2 (variant 1): Under the condition of independence for character-

Here, A(τ) is the PDF of time between operator's errors. A(τ) may be exponential PDF (see

PDF for the model of technology 2 (variant 2): Under the condition of independence of character-

:

, (1)

; Ωactiv(t) is the PDF of

ð2Þ

ð3Þ

diagnostic and the beginning of the next diagnostic, and Tdiag is the diagnostic time.

istics, the probability of providing system integrity for variant 1 is equal to

Pð Þ<sup>1</sup> Treq

PDF is the sum of frequencies of every kind of threats.

30 Probabilistic Modeling in System Engineering

deviations).

Eq. (1).

rationale in [6]).

"green" to the "yellow" range), mathematical expectation Toccur = σ�<sup>1</sup>

istics, the probability of providing system integrity for variant 2 is equal to

istics, the probability of providing system integrity for variant 1 is equal to

istics, the probability of providing system integrity for variant 2 is equal to

In general case "smart" system operation always aims to provide reliable and timely producing the complete, valid and, if needed, confidential information for its proper further pragmatic use, including incorporate functions of sensing, actuation, and control. And, potential threats to "smart" system operation are influencing the used information (Figure 6).

In general case a probabilistic space (Ω, B, P) for an evaluation of system operation processes is proposed, where Ω is the limited space of elementary events; B is the class of all subspace of Ω space, satisfied to the properties of σ-algebra; and P is the probability measure on a space of elementary events Ω. Because Ω = {ωk} is limited, there is enough to establish a reflection <sup>ω</sup><sup>k</sup> ! pk = P(ωk) like that pk <sup>≥</sup> <sup>0</sup> and <sup>P</sup> <sup>k</sup>pk ¼ 1. Such space (Ω, B, P) is built [6] and proposed for use because "smart" system may be considered as specially focused information system, incorporating functions of sensing, actuation, and control. The proposed analytical models and calculated measures are as follows [6]:

"The model of function performance by a complex system in conditions of unreliability of its components" (the measures: TMTBF is the mean time between failures; Prel.(Тgiven) is the probability of reliable operation of IS, composed by subsystems and system elements, during the

Figure 6. Potential threat realization to "smart" system operation on the level of used information.

given period Тgiven; and Pman(Тgiven) is the probability of providing faultless man's actions during the given period Тgiven).

purpose in analogy with reliability, it is necessary to know a mean time between losses of integrity for each element. Let's consider the elementary structure from two independent parallel elements that means logic connection "OR" or series elements that means logic con-

Probabilistic Methods and Technologies of Risk Prediction and Rationale of Preventive Measures by Using…

http://dx.doi.org/10.5772/intechopen.75109

The PDF of time between neighboring losses of ith element integrity is Вi(t) = Р (τ<sup>i</sup> ≤ t); then: (1) Time between losses of integrity for system combined from series connected independent elements is equal to a minimum from two times τi: failure of the first or second elements (i.e., the system goes into a state of lost integrity when either the first or second element integrity will be lost). For this case the PDF of time between losses of system integrity is defined by

(2) Time between losses of integrity for system combined from parallel connected independent elements (hot reservation) is equal to a maximum from two times τi: failure of the first or second elements (i.e., the system goes into a state of lost integrity when both the first and second element integrity will be lost). For this case the PDF of time between losses of system

Note: The same approach is studied also by Prof. E. Ventcel (Russia) in 80th who has formu-

Thus, an adequacy of probabilistic models is reached by the consideration of real processes of control, monitoring, and element recovery for complex structure. Applying recurrently expressions (5)–(6), it is possible to create PDF of time between losses of integrity for any complex

The known kind of the more adequate PDF allows to define accordingly mean time between neighboring losses of system integrity Texp. (may be calculated from this PDF as mathematical

Risk to lose integrity (safety, quality, or separate property, e.g., reliability) is an addition to 1 for probability of providing system integrity (correct system operation or "probability of success") R=1�P. The formulas for probabilistic modeling technologies 1 and 2 and the proofs of them

All these ideas are implemented by the software technologies of risk prediction for complex systems, for example, the "mathematical modeling of system life cycle processes," "know-how"

expectation) and a frequency λ of system integrity losses λ = 1/ Texp..

Figure 7. Illustration of system, combined from series (left) or parallel (right) elements.

ð5Þ

33

ð6Þ

nection "AND" (see Figure 7).

integrity is defined by expression

lated the trying tasks for students.

are proposed in [2–3, 6].

system with parallel and/or series structure.

expression

"The model complex of call processing" (the measures for the different dispatcher technologies (for unpriority call processing in a consecutive order for single-tasking processing mode, in a time-sharing order for multitasking processing mode; for priority technologies of consecutive call processing with relative and absolute priorities; for batch call processing; for combination of technologies above): the mean wait time in a queue; the mean full processing time, including the wait time; Ptim is the probability of well-timed processing during the given time; the relative portion of all well-timed processed calls; the relative portion of well-timed processed calls of those types for which the customer requirements are met Ctim).

"The model of entering into IS current data concerning new objects of application domain" (the measure: Pcompl is the probability that IS contains complete current information about the states of all objects and events).

"The model of information gathering" (the measure: Pactual. is the probability of IS information actuality on the moment of its use).

"The model of information analysis" (the measures: Pcheck is the probability of error absence after checking; the fraction of errors in information after checking; Pprocess is the probability of correct analysis results obtained; the fraction of unaccounted essential information).

"The model complex of dangerous influences on a protected system" (the measures: Pinf.l.(Тgiven) is the probability of required counteraction to dangerous influences from threats during the given period Тgiven).

"The model complex of an authorized access to system resources" (the measures: Pprot is the probability of providing system protection from an unauthorized access by means of barriers; Pconf. (Тgiven) is the probability of providing information confidentiality by means of all barriers during the given period Тgiven).

These models, supported by different versions of software Complex for Evaluation of Information Systems Operation Quality, patented by Rospatent №2,000,610,272 (CEISOQ+), may be applied and improved for solving such system problems in "smart" system life cycle as rationale of quantitative system requirements to hardware, software, users, staff, and technologies; requirement analysis; estimation of project engineering decisions and possible danger; detection of bottlenecks; investigation of problems concerning potential threats to system operation and information security; testing, verification, and validation of "smart" system operation quality; rational optimization of "smart" system technological parameters; and rationale of projects and directions for effective system improvement and development.

#### 3.3. The generation of new models for complex systems

The basic ideas of correct integration of probabilistic metrics are based on a combination and development of the offered models [2–3, 6–10]. For a complex system estimation with parallel or serial structure, new models can be generated by methods of probability theory. For this purpose in analogy with reliability, it is necessary to know a mean time between losses of integrity for each element. Let's consider the elementary structure from two independent parallel elements that means logic connection "OR" or series elements that means logic connection "AND" (see Figure 7).

given period Тgiven; and Pman(Тgiven) is the probability of providing faultless man's actions

"The model complex of call processing" (the measures for the different dispatcher technologies (for unpriority call processing in a consecutive order for single-tasking processing mode, in a time-sharing order for multitasking processing mode; for priority technologies of consecutive call processing with relative and absolute priorities; for batch call processing; for combination of technologies above): the mean wait time in a queue; the mean full processing time, including the wait time; Ptim is the probability of well-timed processing during the given time; the relative portion of all well-timed processed calls; the relative portion of well-timed processed

"The model of entering into IS current data concerning new objects of application domain" (the measure: Pcompl is the probability that IS contains complete current information about the

"The model of information gathering" (the measure: Pactual. is the probability of IS information

"The model of information analysis" (the measures: Pcheck is the probability of error absence after checking; the fraction of errors in information after checking; Pprocess is the probability of

"The model complex of dangerous influences on a protected system" (the measures: Pinf.l.(Тgiven) is the probability of required counteraction to dangerous influences from threats during the

"The model complex of an authorized access to system resources" (the measures: Pprot is the probability of providing system protection from an unauthorized access by means of barriers; Pconf. (Тgiven) is the probability of providing information confidentiality by means of all barriers

These models, supported by different versions of software Complex for Evaluation of Information Systems Operation Quality, patented by Rospatent №2,000,610,272 (CEISOQ+), may be applied and improved for solving such system problems in "smart" system life cycle as rationale of quantitative system requirements to hardware, software, users, staff, and technologies; requirement analysis; estimation of project engineering decisions and possible danger; detection of bottlenecks; investigation of problems concerning potential threats to system operation and information security; testing, verification, and validation of "smart" system operation quality; rational optimization of "smart" system technological parameters; and rationale of projects and directions for effective system improvement and development.

The basic ideas of correct integration of probabilistic metrics are based on a combination and development of the offered models [2–3, 6–10]. For a complex system estimation with parallel or serial structure, new models can be generated by methods of probability theory. For this

correct analysis results obtained; the fraction of unaccounted essential information).

calls of those types for which the customer requirements are met Ctim).

during the given period Тgiven).

32 Probabilistic Modeling in System Engineering

states of all objects and events).

given period Тgiven).

during the given period Тgiven).

3.3. The generation of new models for complex systems

actuality on the moment of its use).

The PDF of time between neighboring losses of ith element integrity is Вi(t) = Р (τ<sup>i</sup> ≤ t); then:

(1) Time between losses of integrity for system combined from series connected independent elements is equal to a minimum from two times τi: failure of the first or second elements (i.e., the system goes into a state of lost integrity when either the first or second element integrity will be lost). For this case the PDF of time between losses of system integrity is defined by expression

$$\mathbf{B(t) = P(\min \{ \mathbf{r}\_1, \mathbf{r}\_2 \} \mathbf{\tilde{s}}) = 1 - P(\min \{ \mathbf{r}\_1, \mathbf{r}\_2 \} \mathbf{\tilde{s}}) = 1 - P(\mathbf{r}\_1 \succeq t)P(\mathbf{r}\_2 \succeq t) = 1 - [1 - B\_1(t)] \left[ 1 - B\_2(t) \right], \qquad (5)$$

(2) Time between losses of integrity for system combined from parallel connected independent elements (hot reservation) is equal to a maximum from two times τi: failure of the first or second elements (i.e., the system goes into a state of lost integrity when both the first and second element integrity will be lost). For this case the PDF of time between losses of system integrity is defined by expression

$$\mathbf{B}(\mathbf{t}) = \mathbf{P}(\max \mathbf{x} \mid \mathbf{r}\_1, \mathbf{r}\_2) \mathbf{S}(\mathbf{t}) = \mathbf{P}(\mathbf{r}\_1 \le \mathbf{t}) \mathbf{P}(\mathbf{r}\_2 \le \mathbf{t}) = \mathbf{B}\_1(\mathbf{t}) \mathbf{B}\_2(\mathbf{t}).\tag{6}$$

Note: The same approach is studied also by Prof. E. Ventcel (Russia) in 80th who has formulated the trying tasks for students.

Thus, an adequacy of probabilistic models is reached by the consideration of real processes of control, monitoring, and element recovery for complex structure. Applying recurrently expressions (5)–(6), it is possible to create PDF of time between losses of integrity for any complex system with parallel and/or series structure.

The known kind of the more adequate PDF allows to define accordingly mean time between neighboring losses of system integrity Texp. (may be calculated from this PDF as mathematical expectation) and a frequency λ of system integrity losses λ = 1/ Texp..

Risk to lose integrity (safety, quality, or separate property, e.g., reliability) is an addition to 1 for probability of providing system integrity (correct system operation or "probability of success") R=1�P. The formulas for probabilistic modeling technologies 1 and 2 and the proofs of them are proposed in [2–3, 6].

All these ideas are implemented by the software technologies of risk prediction for complex systems, for example, the "mathematical modeling of system life cycle processes," "know-how"

Figure 7. Illustration of system, combined from series (left) or parallel (right) elements.

(registered by Rospatent №2,004,610,858), and "complex for evaluating quality of production processes" (patented by Rospatent №2,010,614,145) [8–9].
