#### Abstract

This paper presents a new fault detection and isolation scheme for dealing with simultaneous additive and parametric faults. The new design integrates a system for additive fault detection based on (Castillo and Zufiria, (2009)) and a new parametric fault detection and isolation scheme inspired in (Münz and Zufiria, (2008)). It is shown that the so far existing schemes do not behave correctly when both additive and parametric faults occur simultaneously; to solve the problem a new integrated scheme is proposed. Computer simulation results are presented to confirm the theoretical studies.

#### 1. Introduction

Motivated by the importance of safety in modern automated systems, fault detection and isolation schemes have received an increasing attention in the last two decades [1–4]. As opposed to costly hardware redundancy approaches, information redundancy schemes make use of data processing and system modelling paradigms, leading to either data-driven or model-based approaches. Among model-based fault diagnosis schemes, the FDI (Fault Detection and Isolation) techniques of the control community make use of explicit analytical models for redundancy checking [5].

The FDI analytical tools employed up to now can be classified into two main categories. On the one hand, stochastic discrete-time model-based schemes inherited from the signal estimation and linear control fields have successfully combined statistical schemes with geometrical tools in the design and characterization of detection algorithms for linear systems [1–3, 6]. Nevertheless, these schemes have limited applicability since many real-world applications are grounded on the use of nonlinear models. On the other hand, deterministic continuous-time schemes coming from the adaptive and robust control community have proved to be suitable for nonlinear system modelling, where detection algorithms rely on the use of observer-type schemes to generate residuals whose profiles are evaluated [7–12]. In addition, some work has been performed in the design of accommodation schemes [13] or, more generally, Fault Tolerant Control (FTC) design [14, 15] that explicitly accounts for system nonlinearities and uncertainty [16, 17].

Recent research has also been focused on the design of diagnosis schemes for nonlinear *stochastic* systems, in order to cope with system and measurement noise. These schemes, such as the local approach [18], *particle filters* [19, 20], adaptive estimators [21], and hybrid system estimation based schemes [22], rely on discrete-time stochastic models, and they are also very computationally demanding, a major drawback for practical applications.

Alternatively, FDI schemes for continuous-time stochastic models have been recently developed [23–27], which are computationally less demanding. These schemes can be classified into two main categories: additive fault detectors [23, 24], and parametric fault detectors and isolators [25]; each of them is based on different techniques and assumptions. It is worth mentioning that further work has been carried out for implementing isolation schemes for additive faults [28], complementing the results in [24]. Concerning the FDI scheme for parametric faults in [25], it was valid for both detection and isolation. Although both types of schemes can be seen under a single unifying framework [26, 29], each of them was designed for addressing nonsimultaneous faults (either additive or multiplicative).

Complex real world systems are strongly interconnected, so that any subsystem failure can rapidly propagate abnormal behavior to other subsystems generating as a result new simultaneous failures [30–33]. Hence, additive and multiplicative faults are likely to occur simultaneously.

This paper presents a new detection and isolation scheme valid for simultaneous additive and parametric faults. The scheme makes use of improved versions of the methods proposed in [23–25]. Since detection of additive faults is not significantly affected by the presence of parametric faults, the work mainly focuses on the detection and isolation of parametric faults, which are more likely to provide specific information on the location of the system failure.

For doing so, we first show that the additive fault detection scheme proposed in [24] is robust against parametric faults; then, we illustrate the limitations of the parametric fault detection and isolation scheme proposed in [25] when additive faults are also present. Hence an improvement of this last scheme is proposed to overcome the problem.

The paper is organized as follows. In Section 2, the general framework for fault detection in nonlinear stochastic systems is presented. The existing schemes for detection and isolation of single faults are explained in Section 3, whereas the new proposed detection scheme is elaborated in Section 4. Section 5 illustrates the behavior of the presented scheme via simulation examples. Concluding remarks are summarized in Section 6.

#### 2. Problem Statement

We consider the following class of nonlinear stochastic dynamical systems: with which models, among other cases, any th order nonlinear scalar system. Here, is the system state, which has known initial value ; is the control input; the known function , which accordingly satisfies the Lipschitz condition, also satisfies that for all it holds , for some constant and , so that existence and uniqueness of solutions are guaranteed; represents the dynamics of the nominal model and has some parameters represented by ; the random vector , which gathers external disturbances and modelling errors, corresponds to a stochastic process of white Gaussian noise with autocorrelation function and noise intensity given by .

is the measurable output, and the nonlinear mapping can represent different output availability situations.

We assume that the pair , allows the construction of an observer that provides as an accurate estimate of , that is, sample-wise ; high gain observers [34, 35] and Lipschitz observers [36] have been successfully employed for this purpose. This paper mainly focused on the construction and the analysis of the so-called *residual* (to be explained in the following section) and addresses its estimation, the statistics of the estimator as well as the detectability and isolability conditions based on these statistics; hence, to simplify such exposition, an exact reconstruction of the state will be considered by assuming for the remainder of the paper that (i.e., ), which is a standard assumption for most nonlinear FDI schemes, as discussed in Section 1.

Finally, the fault function can represent an unknown additive fault and/or a change in the parameters of the nominal part of the system, namely, Note that the possible simultaneous occurrence of both types of faults, generating complex profiles, can make very difficult to unravel the fault origin.

The unit step function is determined by , the instant of time when the fault occurs. Note also that neither the postfailure parameter vector nor the time is known.

##### 2.1. Residual Construction

Generally speaking, a residual is any variable whose behavior changes significantly when a fault occurs in the system. In this paper context, a (valid) residual will be a random variable (or stochastic process) whose statistical properties do change after a fault.

Under the assumption of full-state availability we can create a new state variable obtained from the following consistency equation: where is the consistency checking state variable, and is a design constant. Note that this equation makes use of the value of , the -th component of state variable , in contrast to the estimated values usually employed in the design of observers. Subtracting (2.4) from system (2.1) we get a new variable which depends on the model error and whose evolution is described by the following equation: The solution to this differential equation is where the model error changes significantly after the occurrence of the fault (). Due to this property, the variable has usually been utilized as the fundamental signal to construct valid residuals for detecting single faults. The algorithms for fault detection and isolation analyze the signal by studying its statistical properties and its similarity with other reference signals. We will see that, when simultaneous faults do occur, requires a more elaborated processing due to its potentially complex evolution.

#### 3. Single Fault Detection Schemes

In this section, some existing schemes for the detection of single faults (either additive or parametric) are illustrated. The exposition is aimed to highlight those analytical aspects which will become relevant when designing the new improved scheme to be presented in Section 4.

##### 3.1. The Single Additive Fault Case

The scheme in [24] analyzes the residual when and detects the additive faults under, roughly speaking, the unique condition that (or alternatively, ) for all (see [24] for details). In addition, isolation schemes can be implemented assuming some conditions on the set of possible additive faults [28].

In general, these existing detection schemes will not be critically affected by the occurrence of a simultaneous parametric fault. Hence, we will see that the existing algorithms can be directly integrated into the new scheme proposed in Section 4.

##### 3.2. Analysis of the Single Parametric Fault Case

Under the assumption that a single parametric fault occurs, that is, , this section presents the main results from [25], needed for the posterior analysis of the simultaneous fault case.

###### 3.2.1. Characterization of the Fault Function

The scheme in [25] constructs a residual based on the signal , using also the a priori knowledge about the fault function . The knowledge of such residual is limited due the unknown value of parameter as well as the unknown instant of time .

In [25], a finite set of fault classes is defined, and it is assumed that any faulty parameter vector belongs to one and just one of those classes. Furthermore, there exists a known function such that where is a known vector specific of the fault class, and is an unknown constant that depends on which particular faulty parameter of the class has occurred. Note also that since the profile of depends on it is also affected by . This last dependence can be minimized by assuming that is large enough so that the system evolves within (or nearby) its -limit set. Thus, a set of possible fault classes can be defined, and the fault function will be approximately known for each except for a multiplicative constant .

The fact that is unknown implies another limitation when computing the integrals; this fact leads to an approximation by defining so that, for small parameter variations, the second summand of (2.6) satisfies , where , meaning that As it will be shown in Section 4, alternative reference signals can be constructed to reduce the error associated with this approximation (3.3).

###### 3.2.2. Residual Generation

After dealing with the unknown quantities, one can define the residual signal [25]:
This residual, called *moving angle*, allows to formulate hypothesis test on it:
where and . The moving angle changes significantly when there is a change in the system conditions from (no fault) to (fault), a behavior that corresponds to a good residual. In a practical application one can only calculate an estimation of the integral in (3.4)
so the moving angle estimation is
Note that such estimator is defined by a quotient of the form , where and are random variables; hence its expected value and variance can be computed upon [37]
Applying this result to (3.7), with deterministic and , , we obtain the expressions shown in Table 1 (where ).

Then, the resulting expressions for the estimator moments under the different hypotheses are
Based on these deterministic quantities we can construct *confidence intervals* of under both hypotheses and :
where
These confidence intervals ensure that the estimator will take values on each one of them with probability when the system is operating under the corresponding hypotheses. The detection scheme is triggered when the residual estimator enters the interval corresponding to (see [25] for details).

#### 4. The New Simultaneous Fault Detection and Isolation Scheme

When simultaneous faults occur, they may disguise each other’s effects, increasing the difficulty of their detection; in such case, existing schemes for a separate fault detection may not work. In this Section, the simultaneous fault case is considered, and a new scheme for addressing this problem is proposed. The proposed detection scheme integrates improved versions of the algorithms proposed in [24] for additive faults and the one presented in [25] for parametric ones.

##### 4.1. Analysis of the Simultaneous Fault Situation

As mentioned in Section 1, simultaneous faults are likely to occur in real-world systems. Nevertheless, most standard FDI schemes assume that only one single fault occurs at a time. In some specific cases, separation mechanisms have been developed [9], which are not directly applicable in general. Here, we analyze the schemes presented in [24, 25] under simultaneous additive and parametric faults.

If a parametric and an additive fault occur at the same time (we label this hypothesis of simultaneous faults as ), (2.6) becomes where is the parametric fault function 2 and is a stochastic process with constant mean . The solution of this stochastic differential equation has three summands

##### 4.2. Additive Fault Detection Scheme

As mentioned above, the scheme in [24] analyzes the residual and detects the additive faults under, roughly speaking, the unique condition that (or alternatively, ) for all . In general, when satisfies the detectability condition, such that , it is very unlikely that a parametric fault would generate a significant value of that would precisely compensate and mask the additive term. In practice, the errors caused by (initially small) parameter variations imply that , so that , and the additive fault detection scheme will not be affected by such simultaneous parametric faults.

The main challenge then becomes to detect and isolate the parametric faults in such working environment (). Interestingly, the profile of may allow for the fault detection and isolation, as shown below.

##### 4.3. Parametric Fault Residuals for Simultaneous Case

As it is shown below, the parametric fault detection and isolation scheme presented in [25] are likely to be disturbed by the occurrence of simultaneous additive faults disguising parametric faults. In the following section we modify such scheme in order to reduce its sensitivity to these additive faults.

Assuming that the extra summand asymptotically behaves So the model error under hypothesis tends to Hence, the moving angle takes the following asymptotic expression: We observe that the additive fault affects both the numerator and the denominator of the moving angle. Once again this quantity has to be estimated, and its statistics are calculated. The components of the expressions of the expected value and the variance are shown in Table 2 (where and ).

When compared to Table 1, several new additive terms show up in Table 2. This fact limits the performance of the estimator under hypotheses as compared to the case (single parametric fault); fortunately, some approximations can be made. In fact, under the hypothesis of small parameter variation (), we have that even if might oscillate, the ergodicity assumption justifies that evolves in a smaller range so that the corresponding terms can be neglected; hence, the most significant term is , due to the additive fault, so that Table 2 can be simplified to Table 3.

Using this approximation, the expected value and variance of the estimator under hypothesis are

Both these quantities are considerably different compared to their counterparts under hypothesis . Thus, the confidence interval under hypotheses and verifies . This fact causes several detection problems, since the detection scheme checks if the estimator belongs to to trigger the alarm; however, under the hypothesis it will belong to with probability .

##### 4.4. Improvements on the Detection Scheme

The scheme presented in [25] has been improved in two directions. On the one hand, the reference signals have been obtained in a way that reduces the error associated with the approximation in (3.3); on the other hand, the influence of the additive error has been minimized via an appropriate filtering of .

###### 4.4.1. Improving the Reference Signal

The reference signal proposed in [25] is computed integrated from the initial time, since the real value of is unknown. Nevertheless, it is possible to define a new reference signal where can be dynamically chosen, for instance, as the lower bound of the interval where the moving angle is defined. The value of is likely to be closer to than the value. Hence, and, if the faults occur in the interval , then , and we obtain the bound so that the term will be small. This means that the new approximation will have, in general, a smaller error than (3.3); this fact justifies the good performance of the newly proposed reference signals.

###### 4.4.2. Eliminating the Additive Term Influence

The analysis in Section 4.3 shows that the detection scheme presented in [25] does not work correctly under hypothesis because of the influence of . Note that equality (4.4) demonstrates that asymptotically is a constant term added to . Thus, one way to vanish its effect is to low pass filter . Let be a filtered version of : In this case, under hypothesis we have Since , the ergodicity assumption allows us to consider . Hence, the statistics of the estimator of the moving angle are now calculated using the elements of Table 4, where Comparing this table to Table 2, one can see that the term does not show up in any term. Finally, under the usual conditions mentioned in Section 4.2 (, and ergodicity), we have that , so that the terms involving (i.e., , , , and ) are negligible. Hence, the expected value and the variance of the moving angle satisfy meaning that the new detection and isolation procedures proposed here can be successfully applied.

It is worth mentioning that the new resulting scheme is applicable to simultaneous faults composed by additive and parametric faults that satisfy similar detectability and isolability conditions to the ones stated in [24, 25], respectively. Concerning detection and isolation times, although the filtering process may slightly delay the responses, in general the detection and isolation times are similar to the original schemes times, as shown in the following example.

Finally, note that such detection and isolation times do have a clear impact on the fault accommodation strategy to be applied [13].

#### 5. Application Example

##### 5.1. Simulation Setup

Here the correct behavior of the work presented in the previous sections is illustrated with the Van der Pol oscillator (VdPO) via simulations with Matlab Simulink. The election of this system has also been made in other works on deterministic system fault diagnosis [38] as well as in the study of stochastic systems [24, 25] as it is the case here.

The VdPO describes an LC oscillator with nonlinear resistive element such as a tunnel diode. The output represents the voltage at the inductor, whereas is the current through this inductor. In this simulation, it is considered that all electrical elements are not ideal (e.g., due to change of temperature) but stochastically varying. Consequently, we obtain the following state space representation of the VdPO: where are normalized white Gaussian noise with zero mean and auto correlation . We assume that both states are measurable as indicated in Section 2. The system function is with .

This system presents a nice feature: it is linear in and and nonlinear in . Hence, fault functions that are both linear and nonlinear in can be investigated; in this example we focus on the detection of faults on the nonlinear parameter, . Moreover, the oscillator runs on stable limit cycles for , which do change slightly for small parameter changes. Despite this fact, the detection scheme presented in [25] successfully detects these single faults.

A fault class is defined for the parameter whose corresponding representative is Note that since is nonlinear in , is only a linearization. The consistency equation is: The simulation parameters are presented in Table 5. Note that only small changes in the parameter are to be detected; in this example it will be a of the maximum change in . The value considered for the additive fault is also small. has been chosen rather big in order to reduce , and has been chosen such that several periods of the oscillator output are included in the integration range.

##### 5.2. Simulation Results

Figure 1 gives an overview of the behavior of the system, the representative, its mean, and the additive fault before and after the simultaneous fault (these quantities are not affected by the presence of the filter). The state space values do not change significantly due to the fault. Yet, the error function suffers a significant change when the fault occurs. It can be observed that the mean of the representative function is one order of magnitude less than such representative function: this result matches the fact that this mean has been neglected in the theoretical analysis. Note that these representative values are much smaller than the abrupt additive fault function represented in the last plot; this fact supports the validity of the new scheme.

On the other hand, Figure 2 shows the behavior of the estimator for the existing scheme (top figure) and for the new proposed scheme (bottom figure). It is clear that when a simultaneous fault occurs and the old detector/isolator is employed, the estimators do change due to the parametric fault but not enough to get out the upper boundary of the decision region (grey line in the figure). This undesirable situation is not encountered when the new detector/isolator is applied, as it can be seen in the bottom figure; there, the additive fault does not disguise the effect of the parametric one, and the estimators do change beyond the boundary of the decision region, demonstrating the improved behavior of the new proposed scheme.

#### 6. Conclusions

A new scheme for the detection and isolation of simultaneous additive and parametric faults in nonlinear stochastic dynamical systems has been presented. A theoretical analysis has been developed to highlight the limitations of the existing detection/isolation schemes when such types of simultaneous faults occur. Based on the analytical studies, a new detector/isolator has been designed which integrates improved versions of the existing schemes. Comparative simulations have supported the theoretical results by showing the good performance of the new detector/isolator as opposed to the previously existing schemes.

#### Acknowledgments

This work has been partially supported by Project MTM2007-62064 of the Plan Nacional de I+D+i, MEyC, Spain, Project MTM2010-15102 of Ministerio de Ciencia e Innovación, Spain, and by Projects Q09 0930-182 and Q10 0930-144 of the Universidad Politécnica de Madrid (UPM), Spain.