Risk analysis with a fuzzy-logic approach of a complex installation

This paper introduces a procedural method based on fuzzy logic to analyze systematic the risk of an electronic system in an intentional electromagnetic environment (IEME). The method analyzes the susceptibility of a complex electronic installation with respect to intentional electromagnetic interference (IEMI). It combines the advantages of well-known techniques as fault tree analysis (FTA), electromagnetic topology (EMT) and Bayesian networks (BN) and extends the techniques with an approach to handle uncertainty. This approach uses fuzzy sets, membership functions and fuzzy logic to handle the uncertainty with probability functions and linguistic terms. The linguistic terms add to the risk analysis the knowledge from experts of the investigated system or environment.


Introduction
Intentional electromagnetic interferences (IEMI) are able to disturb susceptible electronic systems (Hoad et al., 2004;Nitsch et ak., 2004).In our modern society, the dependency on electronic systems is still increasing and their continuous functioning is highly desirable.That requirement is opposed by an increasing vulnerability of electronic devices caused by the strong interconnection of such systems.Therefore, the breakdown of only one subsystem can lead to a failure of the whole system.Because of growing risk and the huge complexity of highly interconnected electronic devices, a statistical model representing the real system is required (Bedfort and Cooke, 2001).
There are different methods that are usually applied in the risk analysis, e.g. the electromagnetic topology (EMT) (Baum, 1980) approach, the fault tree analysis (FTA) (Genender et al., 2011b) and Bayesian networks (BN) (Mao and Zhou, 2010;Mao et al., 2011).To calculate the risk with one of these three methods, it is necessary to acquire all the data for the calculation by many different measurements of its subsystems.For example, the breakdown behavior (Camp et al., 2004) of one subsystem needs to be analyzed for different angles of incidence.These three methods require precise values for the system to be examined and are limited in handling uncertain information.In contrast, to an exact analysis some parts of the interaction between source and test object can only be described by imprecise and non-technical attributes evaluating their mobility, technological challenge and hazard level (Sabath and Garbe, 2015).A typical example is the probability of occurrence of IEMI sources.For this reason a statistical method is needed, which is capable to calculate the risk of a complex system, despite the fact of having uncertain information.A common method to handle these uncertainties is the fuzzy logic (Viertl, 2011), which will combined the advantages of the three analytic methods.
Based on the introduced theoretical approach published in Peikert et al. (2015), the risk estimation with fuzzy is demonstrated for a real complex electronic system and its environment.A compound of different microcontroller circuits are exemplary used as a complex electronic system.The advantage of the fuzzy logic is, that its mathematical model is a multi-valued logic in contrast to the typical Boolean logic, 0 or 1.The truth values in fuzzy logic can be any real number between 0 and 1.Furthermore, this approach can describe the behavior of a system with linguistic terms (Aliev, 2013).For example, they can be used to express the probability of occurrence of IEMI sources with technical and non-technical attributes.These linguistic terms are described with the fuzzy set theory, which maps the behavior into membership functions.This approach leads to a combination of exact and imprecise values for physical and technical attributes.Also, the approach includes non-technical attributes, which are only could describe by linguistic terms.For example, the opinion Published by Copernicus Publications on behalf of the URSI Landesausschuss in der Bundesrepublik Deutschland e.V.
T. Peikert et al.: Risk analysis with a fuzzy-logic approach of a complex installation Table 1.An example for operation on Fuzzy Sets x y z of experts of the needed knowledge to develop a disturbance source.
2 Fuzzy approach to determine the risk The fuzzy approach (Peikert et al., 2015) is divided into two main parts, the fuzzy set theory and the fuzzy logic.The set theory (Zadeh, 1965) allows an object belonging to multiple exclusive sets.Instead to the classical set theory in which an individual object is either a member or non-member of a set.Due to insufficient knowledge or imprecise data of a system, it is often impossible to definite assign an object is belonging to a set or not.The fuzzy set A of X is characterized by a membership function µ A (x) which is associated with a number in the interval [0, 1], representing the degree of x belonging to X and is expressed with the follow equation: (1) These membership functions are typically linear and have often the shape of a triangle, trapezoid, sigmoidal or Gaussian bell.Exemplary, the Gaussian bell shape is describe with the following membership function: More flexible classes of membership functions are also possible, an example of the description of the breakdown behavior probability of a system is shown in Peikert et al. (2015).As in the classical set theory, fuzzy sets have their own mathematical operators such as union, intersection and complement (Fig. 1).This three typically aggregation operators of two sets A as µ A (x) and B as µ B (x) are based on Takagi and Sugeno (T-S) model Aliev (2013) and defined as follow: Instead to the classical set theory, the mathematical operation on fuzzy sets are based on the membership functions.The operation for classical sets are shown in Fig. 1a-c and leads for A ∪ B to {x, y, z}, for A ∩ B to {y} and the complement leads for Â to {z}.In contrast, the fuzzy set theory obtained results (Fig. 1d) for a max-min rule is show in Table 1.The degree of truth that an element belongs to the union of some fuzzy sets is the maximum of the degrees of truth that the element belongs to each of the fuzzy sets.For the intersection it is the minimum and for complement of a fuzzy set is one deducted by the degree of truth that the element belongs to the fuzzy set.

Prediction of the risk-level by analytical description
To predict the risk at system level of a complex electronic installation (example the complete IT-System of a critical infrastructure) it is necessary to characterize the behavior of each subsystem.Furthermore, it is important to characterize the environment of the investigated infrastructure with their buildings and surrounding areas.In the paper of (Peikert et al., 2015) a fuzzy membership function for the breakdown failure probability (BFP) from (Genender et al., 2011a) is presented and are used to predict the BFP ra , in which "ra" means the random angle of incident, of each subsystem and  is calculated as follows: where f (t; α, β) is the standard beta probability density function (PDF), and B(α, β) is the beta function.The shape of the beta model is completely determined by the two shape parameter, α and β and depending on the applied EM field E MC is shown in Fig. 2a.
To predict the risk level for the system with the consideration of its environment, a map of accessibility zones and needed mobility (Genender et al., 2014) is used.In Fig. 6b the infrastructure with their buildings and surrounding are illustrated.
This information of the IEMI scenario are not enough to predict the risk.Non-physical data are added with linguistic terms.This data can be the accessibility to the infrastructure, the mobility of a source, the availability of a source and any other experts opinion to improve the prediction of the risk level (Peikert et al., 2015).In the work of Sabath and Garbe (2015) the opinion of different experts are published, for ex-ample in Fig. 3 are the opinion of the experts for the availability and the cost for an IEMI source illustrated.The bars in Fig. 3 depict the different rating from the experts.This leads to imprecise data and is typical for the risk classification.The fuzzy approach is perfect to handle these uncertainty and linguistic terms from Fig. 3.

Test environment and system setup
A compound of different microcontroller circuits is used as the victim system in determination of breakdown failure levels and is illustrated in Fig. 4. The compound obtain one main system (CORE MCU) which communicate with every other one and is protected in a shielding box.The MCU subsystems are divided in three different systems.The first one (MCU 1-x) works in series and need for the calculation the result from the one before.The second system (MCU 2-x) operates as a redundant system and have varied circuit layouts.The layouts consider different EMC methodologies as grounding or placing of components.The last system (MCU 3-x) communicate to the core system with different protocols.The chosen protocols are Ethernet, twi and spi.The various protocols and every subsystem leads to a different behavior in a IEME.The whole system is used as the victim system and shown in Fig. 4a.A block diagram of the function and interconnection of the whole system are shown in Fig. 4b.For the test environment an open GTEM-cell is used.

IEMI source -hazard level
For one minute the system is exposed by 200, 500, 1000, 2000 or 5000 pulses at different positions in the GTEM-cell.The different positions lead to a different electric field magnitude.The results of the malfunction of the 300 repetition and a field amplitude of 20 kV m −1 are shown in Fig. 2b.

Risk prediction
The prediction of the risk level for the victim system includes the breakdown behavior of the microcontroller compound (Fig. 2a), the knowledge of the area (Fig. 6b) and of possible IEMI sources (Fig. 3).The expert opinions are uses as the fuzzy rules in the fuzzification and defuzzification block which is shown in Fig. 5a and are defined as If -Then fuzzy rules.The inputs are defined by the vector e 1 to e n and lead to the output u.
An example to estimate the hazard level as a function of the mobility, the scale of accessibility challenge, the likelihood of occurrence and the detection level for IEMI sources is shown in Fig. 6a.More than 500 rules are used to determine the hazard level.The four inputs are combined with the AND-Operator and lead to a hazard level of this combina-tion by the fuzzy rule.A general rule for the fuzzy system in Fig. 6a is: If A and B and C and D then Hazard Level(x).The expert opinions are used to improve the rules for the risk estimation.The more precisely the knowledge of experts describe the system, the better the risk can be estimated.
The results of the technology challenge, mobility-, threatand hazard level of the fuzzy systems lead to a probability of occurrence and a possible field strength.Both results are mapped on the risk level membership function (Fig. 5b) and lead to risk estimation of the system.
The obtained results have to integrate onto the area plan (Fig. 6b) with the zones of accessibility and their mobility level.The zone number four with the mobility level of five stands for the victim system.The complete area are divided into rectangle with a fix size of the area.For every rectangle the distance to the victim system is calculated.The distance and the accessibility zone of the rectangle leads to possible IEMI sources and its maximum field amplitude.The far field conditions leads to an attenuation of the field strength by a factor of 1/r, in which r is the distance from a source to the victim system.The obtained field strength and the result of the risk level of the IEMI source are combined with the breakdown probability of the victim system leads to a risk level.This is calculated for every rectangle and the results are mapped into the area plan.The result of the risk level matrix for the area plan of the zone of accessibility is shown in Fig. 6b.This map shows locations in which a IEMI source can harm the victim system.In this example the victim system is located in the upper right corner of the area and a IEMI source in zone number two right of the victim system has a risk level of 0.6 (yellow filled rectangle) to harm the system.This location is a point of interest for a better protection of the system and has to consider in the EMC shielding of the system.

Conclusions
We show the usage of the theoretical approach published in Peikert et al. (2015) for a real complex electronic system and its environment.This method helps to analyze the risk of a system exposed to IEMI.It combines physical (e.g.BFP) as well as non-physical quantities (e.g.linguistic terms and experts opinions), non-precise and uncertainness data for the analysis.The fuzzy risk analysis approach combines the breakdown behavior of an electronic system with the infrastructure and the surrounding area, demonstrated for a compound of different microcontroller circuits.The fuzzy method delivers a estimation of a risk level matrix of the area, which provides points of interest.This points of interest show locations of IEMI sources which can harm the victim system and have to consider in the EMC protection plan.

Figure 3 .
Figure 3. Mapping of the availability on the probability of occurrence (a) and the cost on the probability of occurrence (b) by Sabath and Garbe (2015).

Figure 4 .
Figure 4. (a) Compound of different microcontroller and (b) block diagram of the MCU.

Figure 5 .
Figure 5. (a) The fuzzification and fuzzy rules of the expert opinions and (b) are the risk level membership function.
Figure 6.(a) Fuzzy sets and their fuzzification rules and (b) the area zones with risk level for IEMI-Sources.