nach oben

Innovations in Systems and Software Engineering

Erschienen in:

01.12.2013 | SI: SwHM

Software health management with Bayesian networks

verfasst von: Johann Schumann, Timmy Mbaya, Ole Mengshoel, Knot Pipatsrisawat, Ashok Srivastava, Arthur Choi, Adnan Darwiche

Erschienen in: Innovations in Systems and Software Engineering | Ausgabe 4/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Software health management (SWHM) is an emerging field which addresses the critical need to detect, diagnose, predict, and mitigate adverse events due to software faults and failures. These faults could arise for numerous reasons including coding errors, unanticipated faults or failures in hardware, or problematic interactions with the external environment. This paper demonstrates a novel approach to software health management based on a rigorous Bayesian formulation that monitors the behavior of software and operating system, performs probabilistic diagnosis, and provides information about the most likely root causes of a failure or software problem. Translation of the Bayesian network model into an efficient data structure, an arithmetic circuit, makes it possible to perform SWHM on resource-restricted embedded computing platforms as found in aircraft, unmanned aircraft, or satellites. SWHM is especially important for safety critical systems such as aircraft control systems. In this paper, we demonstrate our Bayesian SWHM system on three realistic scenarios from an aircraft control system: (1) aircraft file-system based faults, (2) signal handling faults, and (3) navigation faults due to inertial measurement unit (IMU) failure or compromised Global Positioning System (GPS) integrity. We show that the method successfully detects and diagnoses faults in these scenarios. We also discuss the importance of verification and validation of SWHM systems.

Vorheriger Artikel Maintaining the health of software monitors

Nächster Artikel Deliberative, search-based mitigation strategies for model-based software health management

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://www.aerosocietychannel.com/aerospace-insight/2010/12/exclusive-qantas-qf32-flight-from-the-cockpit/.

http://www.ima.umn.edu/~arnold/disasters/patriot.html.

If there is a reason that this command signal is not reliable, the command node \(C\) is used in combination with a \(H\) node to impact state \(U\) (Fig. 3) as further discussed below.

For example, if we observe a vibration on sensor V, then \(\lambda _\mathrm{v} = 1\) and \(\lambda _{\sim \mathrm{v}} = 0\); if we observe no vibration on sensor V, then \(\lambda _{\sim \mathrm{v}} = 1\) and \(\lambda _\mathrm{v} = 0\); if we have not yet observed the sensor V, we leave \(\lambda _\mathrm{v} = 1\) and \(\lambda _{\sim \mathrm{v}} = 1\).

Open systems and their interfaces for the electronics in motor vehicles; http://www.osek-vdx.org/.

http://trampoline.rts-software.org/.

http://www.windriver.com.

http://www.ghs.com.

http://reasoning.cs.ucla.edu/samiam/.

http://reasoning.cs.ucla.edu/ace/.

http://defensesystems.com/articles/2011/12/22/ndaa-domestic-uas-test-sites.aspx.

http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html.

http://www.csmonitor.com/layout/set/print/content/view/print/437272.

Juvenal: “Who guards the guardians?”

http://www.teamqsi.com.

http://reasoning.cs.ucla.edu/samiam/.

Adler M (2006) The planetary society blog: spirit sol 18 anomaly. http://www.planetary.org/blog/article/00000702/

Anderson T, Lee PA (1981) Fault tolerance. Prentice-Hall International, Englewood Cliffs

Avižienis A (1976) Fault-tolerant systems. IEEE Trans Comput 25(12):1304–1312MATH

Avižienis A (1985) The N-version approach to fault-tolerant software. IEEE Trans Softw Eng 11(12):1491–1501CrossRef

Avižienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secure Comput 1(1):11–33CrossRef

Barringer H, Falcone Y, Finkbeiner B, Havelund K, Lee I, Pace GJ, Rosu G, Sokolsky O, Tillmann N (eds) (2010) Runtime verification—first international conference (RV 2010). Lecture Notes in Computer Science, vol 6418. Springer, Berlin

Bernstein L, Kintala CMR (2004) Software rejuvenation. CrossTalk J Defense Softw Eng 6:23–26

Binder RV (1994) Design for testability in object-oriented systems. Commun ACM 37(9):87–101CrossRef

Bochmann G, Dssouli R, Zhao J (1989) Trace analysis for conformance and arbitration testing. IEEE Trans Softw Eng 15(11):1347–1356CrossRef

10.

Brown D, Roggio R, Cross JH, McCreary C (1992) An automated oracle for software testing. IEEE Trans Reliab 41(2):272–280

11.

Chavira M, Darwiche A (2007) Compiling Bayesian networks using variable elimination. In: Proceedings of the twentieth international joint conference on artificial intelligence (IJCAI-07), pp 2443–2449

12.

Chen L, Avižienis A (1995) N-version programming: a fault-tolerance approach to reliability of software operation. Twenty-fifth international symposium on fault-tolerant computing, ’ Highlights from Twenty-Five Years’, p 113

13.

Codetta-Raiteri D, Portinale L, Guiotto A, Yushstein Y (2012) Evaluation of anomaly and failure scenarios involving an exploration rover: a Bayesian network approach. In: Proceedings of the 11th international symposium on artificial intelligence, robotics, and automation in space (iSAIRAS-2012)

14.

Costa M, Crowcroft J, Castro M, Rowstron A, Zhou L, Zhang L, Barham P (2005) Vigilante: end-to-end containment of Internet worms. In: Proceedings of the symposium on systems and operating systems principles (SOSP), pp 133–147

15.

Darwiche A (2001) Recursive conditioning. Artif Intell 126(1–2):5–41MathSciNetCrossRefMATH

16.

Darwiche A (2003) A differential approach to inference in Bayesian networks. JACM 50(3):280–305MathSciNetCrossRef

17.

Darwiche A (2009) Modeling and reasoning with Bayesian networks. Cambridge University Press, Cambridge

18.

Deconinck G, Vounckx J, Lauwereins R, Peperstraete JA (1993) Survey of backward error recovery techniques for multicomputers based on checkpointing and rollback. Int J Model Simul 18:262–265

19.

Delgado N, Gates AQ, Roach S (2004) A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans Softw Eng 30(12):859–872. doi:10.1109/TSE.2004.91

20.

Djurdjanovic D, Liu J, Marko KA, Ni J (2010) Immune systems inspired approach to anomaly detection, fault localization and diagnosis in automotive engines. In: Schumann J, Liu Y (eds) Applications of neural networks in high assurance systems, Studies in Computational Intelligence, vol 268. Springer, Berlin, pp 141–163

21.

Doong RK, Frankl PG (1994) The Astoot approach to testing object-oriented programs. ACM Trans Softw Eng Methodol 3(2):101–130CrossRef

22.

Dubey A, Karsai G, Kereskenyi R, Mahadevan M (2010) A real-time component framework: experience with CCM and ARINC-653. IEEE international symposium on object-oriented real-time distributed computing

23.

Elnozahy ENM, Alvisi L, Wang YM, Johnson DB (2002) A survey of rollback-recovery protocols in message-passing systems. ACM Comput Surv 34(3):375–408CrossRef

24.

Firesmith D (1993) Testing object-oriented software. In: Proceedings of the 11th international conference on technology of object-oriented languages and systems (TOOLS), pp 407–426

25.

Forrest S, Beauchemin C (2007) Computer immunology. Immunol Rev 216(1):176–197

26.

Gärtner FC (1999) Fundamentals of fault-tolerant distributed computing in asynchronous environments. ACM Comput Surv 31(1): 1–26

27.

George S, Evans D, Marchette S (2003) A biological programming model for self-healing. In: Proceedings of the 2003 ACM workshop on survivable and self-regenerative systems (SSRS ’03), ACM, pp 72–81

28.

Ghosh D, Sharman R, Rao RH, Upadhyaya S (2007) Self-healing systems—survey and synthesis. Decis Support Syst 42(4): 2164–2185

29.

Groce A, Joshi R (2008) Exploiting traces in static program analysis: better model checking through printfs. Int J Softw Tools Technol Transf 10(2):131–144CrossRef

30.

Hamou-Lhadj A, Braun E, Amyot D, Lethbridge, T (205) Recovering behavioral design models from execution traces. In: Ninth European conference on software maintenance and reengineering, CSMR 2005, pp 112–121

31.

Harrold M, McGregor J, Fitzpatrick K (1992) Incremental testing of object-oriented class structure. In: Proceedings of the 14th international conference of software engineering, pp 68–80

32.

Hart E, Timmis J (2008) Application areas of AIS: the past, the present and the future. Appl Soft Comput 8(1):191–201CrossRef

33.

Havelund K, Rosu G (2004) Efficient monitoring of safety properties. Int J Softw Tools Technol Transf 6(2):158–173CrossRef

34.

Hecht H (1976) Fault-tolerant software for real-time applications. ACM Comput Surv 8(4):391–407CrossRefMATH

35.

Huang Y, Kintala C, Kolettis N, Fulton ND (1995) Software rejuvenation: analysis, module and applications. Twenty-Fifth international symposium on fault-tolerant computing (FTCS-25), pp 381–390

36.

Jensen FV, Lauritzen SL, Olesen KG (1990) Bayesian updating in causal probabilistic networks by local computations. SIAM J Comput 4:269–282MathSciNet

37.

Johnson D (2007) Raptors arrive at Kadena. http://www.af.mil/news/story.asp?storyID=123041567

38.

Keromytis A (2007) The case for self-healing software. In: Aspects of network and information security. Proceedings NATO Advanced Studies Institute (ASI) on network security and intrusion detection

39.

Keromytis AD (2007) Characterizing self-healing software systems. In: Proceedings of the 4th international conference on mathematical methods, models and architectures for computer networks security (MMM-ACNS)

40.

Khurshid S, Sen K (eds) (2012) Runtime verification—second international conference, RV 2011. Lecture Notes in Computer Science, vol 7186. Springer, Berlin

41.

Koo R, Toueg S (1987) Checkpointing and rollback-recovery for distributed systems. IEEE Trans Softw Eng 13(1):23–31CrossRefMATH

42.

Lauritzen S, Spiegelhalter DJ (1988) Local computations with probabilities on graphical structures and their application to expert systems (with discussion). J R Stat Soc Ser B 50(2):157–224MathSciNetMATH

43.

Li Z, D’Ambrosio B (1994) Efficient inference in Bayes nets as a combinatorial optimization problem. Int J Approx Reason 11(1):55–81MathSciNetCrossRefMATH

44.

Lindsey AE, Pecheur C (2004) Simulation-based verification of autonomous controllers via Livingstone Pathfinder. In: Proceedings of 10th international conference on tools and algorithms for the construction and analysis of systems (TACAS), Lecture Notes in Computer Science, vol 2988. Springer, Berlin, pp 357–371

45.

Lyu MR (1995) Software fault tolerance. Wiley, New York

46.

Mengshoel OJ (2007) Designing resource-bounded reasoners using Bayesian networks: system health monitoring and diagnosis. In: Proceedings of the 18th international workshop on principles of diagnosis (DX-07), Nashville, pp 330–337

47.

Mengshoel OJ, Chavira M, Cascio K, Poll S, Darwiche A, Uckun S (2010) Probabilistic model-based diagnosis: an electrical power system case study. I. EEE Trans Syst Man Cybern 40(5): 874–885

48.

Mengshoel OJ, Darwiche A, Uckun S (2008) Sensor validation using Bayesian networks. In: Proceedings of the 9th international symposium on artificial intelligence, robotics, and automation in space (iSAIRAS-08)

49.

Mengshoel OJ, Roth D, Wilkins DC (2011) Portfolios in stochastic local search: Efficiently computing most probable explanations in Bayesian networks. Journal of Automated Reasoning 46(2): 103–160

50.

Mengshoel OJ, Wilkins DC, Roth D (2011) Initialization and restart in stochastic local search: computing a most probable explanation in Bayesian networks. IEEE Trans Knowl Data Eng 23(2):235–247MathSciNetCrossRef

51.

Milea NA, Khoo SC, Lo D, Pop C (2011) Nort: runtime anomaly-based monitoring of malicious behavior for windows. In: [7]

52.

Musliner D, Hendler J, Agrawala AK, Durfee E, Strosnider JK, Paul CJ (1995) The challenges of real-time AI. IEEE Comput 28:58–66CrossRef

53.

Neumann P (2009) Illustrative risks to the public in the use of computer systems and related technology. http://www.csl.sri.com/users/neumann/illustrative.html

54.

O’Malley TO, Richardson DJ, Dillon LK (1996) Efficient specification-based oracles for critical systems. In: Proceedings of the California software symposium, pp 50–59

55.

Park JD, Darwiche A (2004) Complexity results and approximation strategies for MAP explanations. J Artif Intell Res (JAIR) 21: 101–133

56.

Pasareanu CS, Rungta N (2010) Symbolic pathfinder: symbolic execution of Java bytecode. In: Proceedings of the conference on automated software engineering (ASE), ACM, pp 179–180

57.

Pearl J (1988) Probabilistic reasoning in intelligent systems: networks of plausible inference. Morgan Kaufmann, San Mateo

58.

Pearl J (1995) Causal diagrams for empirical research. Biometrika 82(4):669–710MathSciNetCrossRefMATH

59.

Peters DK, Member S, David I, Parnas L, Member S (1998) Using test oracles generated from program documentation. IEEE Trans Softw Eng 24:161–173CrossRef

60.

Pierce WH (1965) Failure-tolerant computer design. Academic Press, New York

61.

Poll S, Patterson-Hine A, Camisa J, Garcia D, Hall D, Lee C, Mengshoel OJ, Neukom C, Nishikawa D, Ossenfort J, Sweet A, Yentus S, Roychoudhury I, Daigle M, Biswas G, Koutsoukos X (2007) Advanced diagnostics and prognostics testbed. In: Proceedings of the 18th international workshop on principles of diagnosis (DX-07), Nashville, pp 178–185

62.

Randell B (1975) System structure for software fault tolerance. In: Proceedings of the international conference on reliable software. ACM, New York, pp 437–449

63.

Reed E, Schumann J, Mengshoel OJ (2011) Verification and validation of system health management models using parametric testing. In: Proceedings of Infotech@Aerospace

64.

Richardson DJ, Aha SL, O’Malley TO (1992) Specification-based test oracles for reactive systems. In: ICSE ’92: Proceedings of the 14th international conference on software engineering. ACM, pp 105–118

65.

Ricks BW, Mengshoel OJ (2009) Methods for probabilistic fault diagnosis: an electrical power system case study. In: Proceedings of annual conference of the PHM Society 2009, PHM-09

66.

RTCA (2012) DO-178C/ED-12C: software considerations in airborne systems and equipment certification. http://www.rtca.org

67.

Rushby J (2004) Runtime certification. In: Proceedings of runtime verification (RV 2008), Lecture Notes in Computer Science, vol 5289. Springer, New York, pp 21–35

68.

SafeCode L (2012) Qantas flight 72 accident caused by a software bug. http://safecodellc.net/component/content/article/1-latest-news/112-qf-72-software-bug

69.

Schroeder B (1995) On-line monitoring: a tutorial. Computer 28(6):72–78CrossRef

70.

Schumann J, Bajwa A, Berg P (2010) Parametric testing of launch vehicle FDDR models. In: AIAA space

71.

Schumann J, Gundy-Burlet K, Pasareanu C, Menzies T, Barrett T (2009) Software V &V support by parametric analysis of large software simulation systems. In: Proceedings of IEEE aerospace. IEEE Press

72.

Schumann J, Mbaya T, Mengshoel OJ (2011) Bayesian software health management for aircraft guidance, navigation, and control. In: Proceedings of conference on prognostics and health management (PHM-2011)

73.

Schumann J, Mengshoel OJ, MBaya T (2011) Integrated software and sensor health management for small spacecraft. In: Proceedings of the 2011 IEEE fourth international conference on space mission challenges for information technology, SMC-IT ’11, IEEE

74.

Schumann J, Mengshoel OJ, Pasareanu CS, Reed E, Yang G (2010) D1: report on initial results of parametric analysis and prototype definition of model-based test case generation. Technical Report NASA/OSMA (SARP)

75.

Schumann J, Mengshoel OJ, Srivastava AN, Darwiche A (2010) Towards software health management with Bayesian networks. In: Proceedings of the FSE/SDP workshop on future of software engineering research, FoSER ’10, ACM, pp 331–336

76.

Schumann J, Morris R, Mbaya T, Mengshoel OJ, Darwiche A (2011) Report on Bayesian approach for dynamic monitoring of software quality and integration with advanced IVHM engine for ISWHM. Technical Report USRA-RIACS

77.

Shenoy PP (1989) A valuation-based language for expert systems. Int J Approx Reason 5(3):383–411CrossRef

78.

Shepard P, Bhatti JA, Humphreys TE (2012) Drone hack: spoofing attack demonstration on a civilian unmanned aerial vehicle. GPS World

79.

Smith R, Korel B (2000) Slicing event traces of large software systems. In: Proceedings of the fourth international workshop on automated debugging (AADEBUG)

80.

Somayaji A, Hofmeyr S, Forrest S (1997) Principles of a computer immune system. In: Proceedings of the second new security paradigms workshop, pp 75–82

81.

Srivastava AN, Schumann J (2011) The case for software health management. In: Proceedings of the 2011 IEEE fourth international conference on space mission challenges for information technology, SMC-IT ’11. IEEE Computer Society, Washington, DC, pp 3–9

82.

Tippenhauer NO, Popper C, Rasmussen K, Capkun S (2011) On the requirements for successful GPS spoofing attacks. In: Proceedings of Chicago communications security conference

83.

Wang J, Guo C, Liu F (2005) Self-healing based software architecture modeling and analysis through a case study. In: Proceedings of networking, sensing and control, IEEE, pp 873–877

84.

Wang Y, King G, Court I, Ross M, Staples G (1997) On testable object-oriented programming. SIGSOFT Softw Eng Notes 22(4):84–90CrossRef

85.

Wang Y, King G, Wickburg H (1999) A method for built-in tests in component-based software maintenance. Software maintenance and reengineering, 1999. In: Proceedings of the third European conference, pp 186–189

86.

Wang Y, Patel D, King G, Court I, Staples G, Ross M, Fayad M (2000) On built-in test reuse in object-oriented framework design. ACM Comput Surv 32:7–12

87.

Garfinkel S (2009) History’s worst software bugs. Wired.com

88.

Zhang NL, Poole D (1996) Exploiting causal independence in Bayesian network inference. J Artif Intell Res 5:301–328MathSciNetMATH

Titel: Software health management with Bayesian networks
verfasst von: Johann Schumann
Timmy Mbaya
Ole Mengshoel
Knot Pipatsrisawat
Ashok Srivastava
Arthur Choi
Adnan Darwiche
Publikationsdatum: 01.12.2013
Verlag: Springer London
Erschienen in: Innovations in Systems and Software Engineering / Ausgabe 4/2013
Print ISSN: 1614-5046
Elektronische ISSN: 1614-5054
DOI: https://doi.org/10.1007/s11334-013-0214-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 4/2013

Maintaining the health of software monitors

Software health management

Copilot: monitoring embedded systems

Deliberative, search-based mitigation strategies for model-based software health management

Software health management: a necessity for safety critical systems

Premium Partner