Sage Journals: Discover world-class research

Abstract

To reduce personnel and equipment risks related to centrifugal pumps in nuclear power plants, safety integrity level for centrifugal pumps must be evaluated. The safety integrity level evaluation methods in the IEC 61508 standard depend on statistical historical failure-dependent data and static threshold. However, for centrifugal pumps in nuclear power plants, the statistical historical failure-dependent data are insufficient, and the static threshold is not easily determined, especially under dynamically changing operation conditions. To overcome the aforementioned problems, this article proposes a safety integrity level evaluation method for centrifugal pumps based on the performance degradation data. This method constructs a Wiener degradation model to describe the degradation process of centrifugal pumps. The degradation trajectories in the upcoming cycles are predicted using a particle filter algorithm. The degradation trajectories with high credibility are selected based on reputation index. The failure time of each selected degradation trajectory is judged using catastrophe theory. The safety integrity levels are defined by performance degradation threshold on demand. Experiments are performed using the simulation data and the component cooling water pump condition-monitoring data set. By comparing to the risk matrix analysis recommended in the IEC 61508 standard, the proposed method is more reasonable and obeys the rule of the bathtub-shaped curve.

Keywords

Centrifugal pump safety integrity level Wiener degradation model degradation trajectories prediction performance degradation threshold on demand

Introduction

Centrifugal pumps are widely used in nuclear power plants (NPPs). Many of them are located in the nuclear island, which is an irradiation environment. During maintenance operations, maintenance personnel must take necessary radiation precautions to reduce the risk of radiation-related injuries. Maintenance personnel must pay various degrees of attention to minimize risks related to maintenance procedures for centrifugal pumps.

Many factors contribute to the risk incident associated with centrifugal pumps in NPPs. These factors include false alarms in fault detection systems, late remaining useful life (RUL) evaluation results in prognostic systems, unexpected scenarios, and abnormal operating conditions. Prognostic and health management (PHM)¹ focuses on health assessment, fault diagnosis,^2,3 RUL estimation,⁴ and risk analysis.⁵ A formidable challenge in PHM⁶ is evaluating the safety level of mechanical equipment. One method for quantifying safety level is safety integrity level (SIL) evaluation. The SIL evaluation of centrifugal pumps attempts to mitigate safety issues facing maintenance personnel and equipment in NPPs.

Standard methods for SIL evaluation^7,8 are based on the IEC 61508 standard.⁹ These standard methods depend on a static threshold and historical statistical failure-dependent data. The static threshold is fixed from the initial service through many types of maintenance procedures, and it cannot be adapted to different operating conditions. However, the statistical historical failure-dependent data of centrifugal pumps in NPPs are insufficient. The SIL evaluation method in the IEC 61508 standard is not effective for centrifugal pumps in NPPs.

From normal degradation to the failure of centrifugal pumps, this process traverses a sequence of different performance degradation states. The performance degradation process is inextricably linked to the functional safety status. An alternative data-driven method for SIL evaluation is based on the performance degradation data. The degradation trajectory and thresholds are the key points for the data-driven SIL evaluation. The degradation trajectory is intimately associated with fault degradation.¹⁰ This article proposes an adaptive threshold for SIL evaluation. The SIL evaluation threshold is adapted for the different types and operating conditions.

The main contributions of this work are summarized as follows:

This article proposes an SIL evaluation method based on performance degradation data. This method differs from the SIL evaluation methods in the IEC 61508 standard, which is reliant on statistical failure-dependent data.

The SIL is defined by the adaptive threshold performance degradation threshold on demand (PDTD), which can be adjusted to the actual operating situation. The PDTD determination process is discussed in detail. To obtain the PDTD, the reputation index is used for the first time to select the most likely degradation trajectories. Degradation catastrophe theory is used for the first time to determine the catastrophe failure time.

Promising results from verification experiments on simulation data and the component cooling water pump condition-monitoring data set. The experiments demonstrate the effectiveness of the proposed method. By comparing to the risk matrix analysis recommended in the IEC 61508 standard, our method is found to be more reasonable and obeys the rule of the bathtub-shaped curve.

The remainder of this article is organized as follows. In section “Related work,” related work and some problems associated with the SIL evaluation are reviewed. Section “The proposed SIL evaluation method” describes the proposed SIL evaluation method in detail. Section “Experiments” presents the experimental results. Finally, the conclusions are established in section “Conclusion.”

Related work

In this section, we first review some related works on SIL evaluation and then we review some related works associated with the adaptive threshold.

The IEC 61508 standard is well developed for the SIL evaluation of machinery. The main research directions in this field include designing, developing, determining, and verifying a control system.^11,12 The SIL evaluation process is a combination of the probability of failure per hour (PFH), the severity of injury, the exposure time to the hazard, the possibility of avoiding the hazard, and the occurrence probability. The SIL evaluation method merges the concepts of fault analysis and failure probability in reliability engineering. The following methods have successfully been used in failure probability analysis: Monte Carlo method, Markov chains,¹³ reliability block diagrams,^14,15 proportional hazard models, and so on. In the literature, E Piesik et al.¹⁶ considered the sensitivity and uncertainty of probabilistic results for determining and verifying the SIL of control and protection systems. GY Kim et al.¹⁷ proposed a procedure for assessing the hardware safety integrity of a boiler control system using the HAZOP (hazard and operability study). To our knowledge, most SIL evaluation procedures are in accordance with the IEC 61508 standard.

In this study, we attempt to extend the application of the SIL evaluation method for centrifugal pumps in NPPs. However, the SIL evaluation method in the IEC 61508 standard cannot be directly applied to centrifugal pumps for the following reasons:

First, the SIL is defined by the probability of dangerous failure per hour on demand (PDFHD). The PDFHD is a type of static criterion. A static criterion cannot be adjusted to the operating conditions or the rated power.

Second, the failure probability is an important prerequisite for calculating the dangerous failure per hour probability. However, in most cases, the failure-dependent data of centrifugal pumps are insufficient, especially for new products.

To overcome the aforementioned problems, we propose an SIL evaluation method for centrifugal pumps based on the performance degradation data.

The performance degradation process is represented using performance degradation trajectories. Current research on predicting degradation trajectories primarily focuses on data-driven methods. There are three types of data-driven methods¹⁸ for the degradation data analysis: linear regression, degradation path, and stochastic process. The most sophisticated method is the stochastic process. Stochastic degradation processes¹⁹ can provide a flexible way to describe the failure mechanism.

Unfortunately, due to the lack of an accurate performance degradation state prediction, the catastrophic failure time for each stochastic degradation process is highly uncertain. Generally, the probability of catastrophic failure is a function of the performance degradation level and stress.²⁰ The classical degradation–threshold–shock model proposed by A Lehmann²¹ shows great flexibility and can provide the failure time based on the degradation processes when the product operates in a dynamic environment.²² NC Caballé et al.²³ developed a condition-based maintenance degradation threshold–shock model with multiple degradation processes. Currently, all alternative degradation–shock models require a priori statistical failure information.

Many factors lead the SIL evaluation threshold into a state of uncertainty, including the load, operating environment, maintenance level, safety requirements, and other specific conditions. Thus, we need to propose an adaptive threshold for SIL evaluation according to the actual situation. The adaptive threshold refers to dynamically adjusting the threshold according to the actual situation, providing a reference for accurate evaluation.

To the best of our knowledge, the standard adaptive threshold is determined from the state probability distribution of historical monitoring data. A threshold on demand with an adaptive ability for SIL evaluation has not been studied in the IEC 61508 standard or in other papers.

The proposed SIL evaluation method

The flow chart of the proposed SIL evaluation method based on the performance degradation data is shown in Figure 1.

Figure 1.

Flow chart of the proposed SIL evaluation.

The SIL evaluation procedure described in detail as follows:

Raw vibration monitoring data acquisition. According to the ASME OM-S/G-2004, standards and guidelines for the operation and maintenance of NPPs, detailed sensor locations, and measured parameters are recommended for centrifugal pump. The raw vibration data are obtained from the vibration sensors that are located in each bearing housing and pump shaft of the centrifugal pump. The vibration monitoring directions are horizontal, vertical, and axial. The selection of the parameter being measured is velocity, acceleration, or displacement. Raw vibration data are gathered at fixed intervals. The specified interval is every 1 week or 24 h. The vibration monitoring data may be generated from different sensors or by a single sensor equipped with multiple physical sensors.

Extract degradation features. The centrifugal pump will deteriorate over a period of time in normal use. One method for characterizing the degradation status is to generate a degradation trajectory by combining degradation features. The degradation features have good prediction performance that can be extracted from the vibration monitoring data with monitoring cycles from the initial monitoring cycle 1 to the current monitoring cycle t_p.

Construct a Wiener degradation model. The Wiener degradation model is used for describing the degradation process of a centrifugal pump. In our case, the sample size of the degradation trajectories is one. All of the Wiener degradation model parameters are estimated using the particle Metropolis–Hastings (PMH) algorithm. We can also use the maximum likelihood estimation (MLE) algorithm to estimate the mean and variance of the degradation rate in the Wiener degradation model. The other unknown model parameters are estimated using the PMH algorithm. The Wiener degradation model and model parameter estimation algorithm will be discussed first in the following section.

All the possible degradation trajectories in the upcoming cycles are predicted using a particle filter algorithm. After obtaining the Wiener degradation model parameters, the sampling importance re-sampling particle filter algorithm (SIR-PF) algorithm is used to predict the degradation trajectories in the upcoming cycles.

Degradation trajectories with high monotonicity and credibility are selected based on reputation index. The second following section will describe the degradation trajectory selection in detail.

Failure times of the selected degradation trajectories are determined. The performance degradation process of centrifugal pump contains catastrophic failure, gradual failure, or the coexistence of both failures. The gradual failure time occurs in the designed functional life value and is easily determined. The catastrophic failure times of the specific degradation trajectories are determined using cusp catastrophe theory. The detailed failure time determination method will be discussed in the third section.

Determination of the PDTD. The PDTD refers to the critical minimum or maximum value of the degradation trajectory parameter.

The SILs are defined by the PDTDs. The relationship between the SILs and PDTDs is defined in Table 1. The proposed PDTD determination process will be discussed in detail in the final section.

Table 1.

Relationship between SILs and PDTDs.

SIL	PDTD
SIL3	0–PDTD1
SIL2	PDTD1–PDTD2
SIL1	>PDTD2

SIL: safety integrity level; PDTD: performance degradation threshold on demand.

The key points of the proposed SIL evaluation method are to obtain the PDTDs and the degradation trajectories X. The goal of this article is to investigate how to obtain them.

In the next section, the degradation trajectory prediction method will be introduced. The Wiener degradation model and the model parameter estimation algorithm will be discussed first.

Degradation trajectory prediction

Brownian motion (BM)²⁴ with a nonlinear drift is used for modeling the degradation process of a centrifugal pump. Let x_t denote the stochastic degradation process and x₀ denote the initial degradation value. The performance degradation process is driven by a standard BM B(t), t ≥ 0. The Wiener process²⁵ with drift is given by the following equation

x_{t} = x_{0} + μ Λ (t) + σ B (Λ (t)) = μ τ + σ B (τ)

(1)

where Λ(t) is the timescale transformation, given by τ = Λ(t) = t^α, Λ(0) = 0, where α is any real number; μ is the degradation rate; and σ is the diffusion coefficient, characterizing the degradation process dynamics and uncertainty, σB(τ) = N(0, σ²τ).

For a discrete time point t_k, k = 1, 2, 3, …, the discrete time state equation is described by the following equation

x_{k} = x_{k - 1} + μ_{k} (Λ (t_{k}) - Λ (t_{k - 1})) + v_{k}

(2)

where x_k is the performance degradation feature value, $x_{k} \in X \subseteq ℜ^{n_{x}}$ , and when t₀ = 0, x₀ = 0; μ_k is the degradation rate, $μ_{k} ~ N (μ, η^{2})$ ; and t_k is the degradation time, $t_{k} \in T \subseteq ℜ^{n_{t}}$ . Thus

v_{k} = σ [B (t_{k}) - B (t_{k - 1})], v_{k} ~ N (0, σ^{2} (t_{k} - t_{k - 1}))

(3)

The Wiener degradation state equation (2) will be nonlinear if it does not apply the timescale transformation.

The measurement values are subject to drift, which is caused by the measurement instruments or environmental factors. The discrete measurement values are given by the following equation

y_{k} = x_{k} + ε_{k}

(4)

where y_k is the measurement value, $y_{k} \in Y \subseteq ℜ^{n_{y}}$ and ε_k is the measurement noise, which is assumed to have a normal distribution, N(0, R²), in which R is standard variance.

The equations (2) and (4) have three sources of variability:

Inherent performance degradation x_k with time-varying uncertainty;

An uncertain drift term μ_k;

An uncertain measurement value y_k.

Previous research has suggested that the Wiener degradation model parameters should be estimated using the MLE algorithm.²⁶ However, the estimation accuracy of the model parameters is related to the sample size of the degradation trajectories. In our case, when the sample size of the degradation trajectories is one, the MLE algorithm is not used to estimate all the model parameters. The log-likelihood function of the timescale transformation coefficient α, the diffusion coefficient σ, and the measurement noise variance R are non-convergent when using the MLE algorithm in our case.

We can use the MLE algorithm to estimate the mean μ and variance η of the degradation rate in the Wiener degradation model. The other unknown model parameters are estimated using the PMH algorithm.²⁷ In addition, all the unknown model parameters can also be estimated using the PMH algorithm, and such a case will be described in the following. The latent performance degradation state x_k and $θ = {μ, η, α, σ, R}, θ \in ℜ^{d}$ , are regarded as unknown variables. The measured values are $y_{1 : T} = {y_{1}, \dots, y_{T}}$ . The Bayesian method is used to model random variables with a known prior distribution $p (θ)$ , $x_{0} ~ p (x_{0} | θ)$ .

The Wiener degradation state equations (2) and (4) can also be represented using a stochastic description

x_{k} ~ f_{θ} (x_{k} | x_{k - 1,} μ_{k - 1 : k})

(5)

y_{k} ~ g_{θ} (y_{k} | x_{k})

(6)

where $f_{θ} (\cdot)$ and $g_{θ} (\cdot)$ are the probability density functions of unknown parameters θ. A straightforward way to proceed would now be to form the full posterior distribution using Bayes rule

p (x_{0 : T}, θ | y_{1 : T}) = \frac{p (y_{1 : T} | x_{0 : T}, θ) p (x_{0 : T} | θ) p (θ)}{p (y_{1 : T})}

(7)

The energy function is considered to obey the following simple recursion

φ_{T} (θ) = - \log p (y_{1 : k} | θ) - \log p (θ)

(8)

The energy function is evaluated recursively as follows. Start from $φ_{0} (θ) = - \log p (θ)$ . At each step $k = 1, 2, \dots, t$ , compute the following

φ_{k} (θ) = φ_{k - 1} (θ) - \log p (y_{k} | y_{1 : k - 1}, θ)

(9)

where the terms $p (y_{k} | y_{1 : k - 1}, θ)$ are computed recursively.

Then, the PMH algorithm is used for inferring the marginal likelihood of the unknown parameters θ. It is preferable to use the approach in the same class for both model parameter estimation and state prediction.²⁸

After obtaining the Wiener degradation model parameters, the SIR-PF algorithm²⁹ is used to predict the degradation trajectories in the upcoming cycles.

The following section describes the degradation trajectory selection and the failure time judgment in detail.

Degradation trajectory selection criteria

Reputation is used to select the highly credible degradation trajectories. The degradation trajectories are denoted by $X = {x_{i 1}, x_{i 2}, \dots, x_{iT}}$ and the corresponding reputations are denoted by $RE = {R E_{1}, R E_{2}, \dots, R E_{i}}$ , where i is the label of one degradation trajectory and T is the number of monitoring cycles. The reputation³⁰ is given by the following equation

R E_{i} = \frac{γ + 2 \sum_{t = 1}^{T} x_{i, t}}{2 (γ + T)}

(10)

where the reputation RE_i is any value in [0, 1] and γ is a reputation parameter, also known as the Dirichlet distribution³¹ parameter, γ > 0. At the initial cycle, when there is no prior knowledge or evidence, each degradation trajectory has a reputation of RE_i = 0.5 from replacing T = 0. With x_i,t = 0, the bad degradation trajectory has the final reputation where $lim_{T \to \infty} R E_{i} = 0$ .

After the degradation trajectories with high monotonicity and credibility are selected based on the reputation index, the failure time of each degradation trajectory is judged.

Failure time determination

The performance degradation process of centrifugal pumps contains catastrophic failure, gradual failure, or the coexistence of both failures. The gradual failure time occurs in the designed functional life value and is easily determined. However, the catastrophic failure time determination is not easy. In our method, cusp catastrophe theory is used to judge the catastrophic failure time of each degradation trajectory.

Each of the degradation trajectories can be written in the form of a power series, as given by the following equation

x_{i} = a_{i 0} + a_{i 1} t + a_{i 2} t^{2} + a_{i 3} t^{3} + a_{i 4} t^{4}

(11)

where x_i is the degradation trajectory vector, i is the label of the degradation trajectory, t is a variable indicating the cycles, and a_ij are the fitting parameters, j = 0, 1, …, 4, to be calculated using the least-squares fitting algorithm.

Equation (11) can be transformed into the cusp catastrophe model using the diffeomorphism transformation, which is described as follows. Let

t = g - q and q = \frac{a_{3}}{4 a_{4}}

Then, the following equation is obtained

x_{i} = b_{4} g^{4} + b_{2} g^{2} + b_{1} g + b_{0}

(12)

where

\begin{matrix} b_{0} = a_{0} - a_{1} q + a_{2} q^{2} - a_{3} q^{3} + a_{4} q^{4} \\ b_{1} = a_{1} - 2 a_{2} q + 3 a_{3} q^{3} - 4 a_{4} q^{4} \\ b_{2} = a_{2} - 3 a_{3} q + 6 a_{4} q^{2} \\ b_{4} = a_{4} \end{matrix}

Again, let

g = {\begin{matrix} \sqrt[4]{\frac{1}{4 b_{4}}} z_{i} & b_{4} > 0 \\ \sqrt[4]{- \frac{1}{4 b_{4}}} z_{i} & b_{4} < 0 \end{matrix}

Then, the potential function is obtained using the following equation

x_{i} = \frac{1}{4} z_{i}^{4} + \frac{1}{2} u_{i} z_{i}^{2} + v_{i} z_{i} + c_{i}

(13)

where

\begin{matrix} u_{i} = {\begin{matrix} b_{2} / \sqrt{b_{4}} & b_{4} > 0 \\ - b_{2} / \sqrt{- b_{4}} & b_{4} < 0 \end{matrix} \\ v_{i} = {\begin{matrix} b_{1} / \sqrt[4]{4 b_{4}} & b_{4} > 0 \\ - b_{1} / \sqrt[4]{- 4 b_{4}} & b_{4} < 0 \end{matrix} \end{matrix}

where c_i is a constant term that can be neglected in the analysis and z_i is the coordinate transformation of the cycle t. The cusp catastrophe model has a degradation state variable x_i and two control factors u_i and v_i in three-dimensional phase space. The catastrophe manifold is calculated using the first derivative of the potential function. The calculation is performed using the following equation

\frac{d x_{i}}{d z_{i}} = z_{i}^{3} + u_{i} z_{i} + v_{i} = 0

(14)

The singular set is calculated by the second derivative of the potential function. The calculation is performed using the following equation

\frac{d^{2} x_{i}}{{dz}_{i}^{2}} = 3 z_{i}^{2} + u_{i} = 0

(15)

A bifurcation set is used to investigate the catastrophic region of the performance degradation state variable. It is solved using the catastrophe manifold equation (14) and the singular set equation (15) simultaneously. The bifurcation sets are given by the following equation

\nabla_{i} = 4 u_{i}^{3} + 27 υ_{i}^{2}

(16)

For each degradation trajectory in the upcoming cycles, ${x_{i 1}, x_{i 2}, \dots, x_{it}, \dots, x_{iT}}$ . By gradually increasing the degradation feature sample until $\nabla_{i} < 0$ , the abrupt phenomenon will occur at cycle t of the degradation trajectory x_i.

In the next section, the proposed PDTD determination process will be discussed in detail.

Determination of PDTD

The process of determining the PDTD is described as follows: first, the performance degradation values are extracted from historical monitoring data and used to estimate the Wiener degradation model parameters. Based on the Wiener degradation state equation (2), the possible degradation trajectories in the upcoming cycles are predicted using the SIR-PF algorithm. Then, the degradation trajectories above the reputation value are selected, and the catastrophic failure times of the degradation trajectories are determined.

Second, the cumulative probability distribution of the pseudo-threshold sample (PTS) is obtained. Figure 2 shows the relationship between the degradation trajectories and the PTS. In this figure, all possible degradation trajectories in the prediction cycles are indicated by dotted lines. The solid line represents one of the most likely degradation trajectories. The performance degradation feature values at the cross points of the degradation trajectories X and designed functional life threshold T_end are denoted by the PTS. The PTS at cycle T_end is defined as $Δ = inf {δ_{i} : xt | X, T_{end}}$ .

Figure 2.

Relationship between degradation trajectories and PTS.

The designed functional life threshold T_end is determined by the number of faults n and design life T_d of a centrifugal pump, T_end = T_d/n, where n = 1, 2, or 3 is allowed.

One factor of particular concern is the coexistence of both catastrophic failure and gradual failure. For the catastrophic degradation trajectory, the catastrophic failure time is less than the designed functional life threshold T_end. In this situation, the performance degradation feature values at the catastrophic failure time are chosen as the PTS.

Finally, the PDTD is obtained from the percentage of the cumulative probability distribution that the PTS is following. The PDTD is equal to the performance degradation feature value, which corresponds to the probability of failure per hour on demand (PFHD). Figure 3 shows the relationship between PDTDs and PFHDs.

Figure 3.

Relationship between PDTDs and PFHDs.

The PFHD is calculated using the following equation

PFHD = \frac{PDFHD}{(S \cdot F \cdot (1 - C))}

(17)

where S is the severity of injury, F is the exposure time to the hazard, and C is the possibility of avoiding the hazard. The PFHD is directly dependent on the risk parameters S, F, and C. The PDFHD is shorthand for the probability of dangerous failure per hour on demand in the IEC 61508 standard.

According to the IEC 61508, the relationship between the SILs and PDFHDs is shown in Table 2, where SIL1 is the lowest and SIL3 is the highest. Note that the probability of dangerous failure per day on demand (PDFDD) (per day) is equal to the PDFHD (per hour) × 24 h.

Table 2.

Relationship between the SILs and PDFHDs in the IEC 61508 standard.

SIL	PDFHD (per hour)	PDFDD (per day)
SIL3	1 × 10⁻⁴–1 × 10⁻³	0–0.024
SIL2	1 × 10⁻³–1 × 10⁻²	0.024–0.24
SIL1	1 × 10⁻²–1 × 10⁻¹	>0.24

SIL: safety integrity level; PDFHD: probability of dangerous failure per hour on demand; PDFDD: probability of dangerous failure per day on demand.

Experiments that correspond to different data sources and different purposes are described in detail in the next section.

Experiments

In this section, two experiments are performed and the experimental results are presented.

Two aspects must be considered for the SIL evaluation. The first is the failure probability of the centrifugal pump and the second is the risk caused by a failure. It is assumed that the severity of an injury is 1, the exposure time to the hazard is 1, and the possibility of avoiding the hazard is 0. It is important to note that these parameters are determined subjectively.

Simulation experiment

One purpose of the simulation experiment is to verify the model parameter estimation algorithm. Another purpose is to illustrate the feasibility of the PDTD calculation process.

According to the ASME OM-S/G-2004, standards and guidelines for the operation and maintenance of NPPs, the vibration velocity is recommended as the monitoring parameter for centrifugal pumps. As the accepted criteria of the vibration velocity peak value, the alarm threshold is 8 mm/s and the maximum allowable threshold is 17 mm/s. In this experiment, the vibration velocity peak values are simulated. The parameters of the Wiener degradation model are set as follows: the timescale transformation coefficient Λ(t) = t^α, α = 1, degradation rate μ ∼ N(0.1, 0.032), diffusion coefficient σ = 0.03, noise variance R = 0.03, and sampling interval △t = t_k − t_k −₁ = 1. The simulated data include N = 150 data points, and the sample size of the degradation trajectories is m = 1. The first 100 cycles are used to identify the unknown model parameters, and the remaining cycles are predicted.

Figure 4 shows the simulated vibration velocity peak values under different cycles, in units of mm/s. The predicted values are obtained using the Wiener degradation model. The model parameters are estimated using the MLE + PMH algorithm. The MLE + PMH algorithm refers to the case wherein the MLE algorithm is used to estimate the mean μ and variance η of the degradation rate, and the remaining unknown parameters are estimated using the PMH algorithm. This result shows that the Wiener degradation model can effectively describe the degradation process. Table 3 presents a comparison of the degradation model parameter estimation results using different algorithms. The average prediction error using the MLE + PMH algorithm is 0.203 mm/s. This experiment also verified that when the sample size of the degradation trajectories is only one, the log-likelihood function of α, σ, and R in the MLE algorithm is non-convergent. This result shows the effectiveness of the MLE + PMH algorithm.

Figure 4.

Curve of simulated performance degradation feature values under different cycles.

Table 3.

Comparison of the degradation model parameter estimation results obtained using various algorithms.

Algorithm	μ ₀	η	α	σ	R	MSE_x
Real	0.1	0.03	1	0.03	0.03	–
PMH	0.180	0.194	0.864	0.022	0.014	0.217
MLE + PMH	0.091	0.050	1.021	0.163	0.031	0.203

MLE: maximum likelihood estimation; PMH: particle Metropolis–Hastings.

After obtaining the model parameters using the MLE + PMH algorithm, the degradation trajectories in the upcoming cycles are predicted using the SIR-PF algorithm. Some trajectories with a reputation of less than 0.5 are rejected. The catastrophic termination time of the degradation trajectory is determined using degradation catastrophe theory. The corresponding performance degradation values at the termination time are regarded as the PTS.

Figure 5 shows the pseudo-threshold probability density distribution curve for the 100-day cycle. The PDTDs are 8.53 and 11.88 mm/s.

Figure 5.

Curve of the failure probability density obtained by the PTS for the 100-day cycle.

Table 4 shows the SILs and their respective PDTDs. After obtaining the Wiener degradation model parameters, the SIR-PF algorithm is used to predict the degradation trajectories in the upcoming cycles. Figure 6 shows the SILs defined by PDTD1 and PDTD2. The figure shows the most likely degradation trajectory after the 100-day cycle and is the mean values of many degradation trajectories predicted using the SIR-PF algorithm. Note that the SIL evaluation effect is not analyzed in the simulation experiment.

Table 4.

SILs and their respective PDTDs for the simulation experiment.

SIL	PDTD (mm/s)
SIL3	0–8.53
SIL2	8.53–11.88
SIL1	>11.88

SIL: safety integrity level; PDTD: performance degradation threshold on demand.

Figure 6.

Effect of SIL evaluation after the 100-day cycle.

Figure 7 shows the changing curves of the PDTD1 and PDTD2 starting from the 100-day cycle, and they are obtained by gradually increasing the degradation feature point. Both the PDTD1 and PDTD2 fluctuate in a fixed range during the short period of [100, 112] days. The PDTD1 and PDTD2 fluctuate in a wider range after 112 days.

Figure 7.

Changing curves of PDTD1 and PDTD2 under different cycles.

Verification experiment of the component cooling water pump

The purpose of this experiment is to verify the feasibility of the PDTD determination process. The same data set is also used to verify the proposed SIL evaluation method, which is described in detail in the next section.

This experiment is performed using data obtained from the component cooling water pump (a type of centrifugal pump) condition-monitoring data set of an NPP in China. The motor has a rated power of 580 kW. The rated rotation speed is 1480 r/min. The vibration is measured using an ENDEVCO 2273AM20 accelerometer. According to ASME OM-S/G-2004, the arrangements of the accelerometers are as follows: horizontal direction H, vertical direction V, and axial direction A of the pump housing. The data provided by the accelerometers are stored every 24 h, and the time span is 1.5 years.

The degradation features are extracted using the standard deviation of an inverse hyperbolic cosine,³² defined as σ (acosh), which was verified in the IEEE PHM 2012 data challenge. Note that the degradation features in the vertical channel V are highly monotonic compared to the other channels.

The degradation feature values in the vertical channel V are shown in Figure 8. To reduce the variability in the degradation features and filter unwanted noise, a smoothing process is performed to capture important trends. The smoothing operation is considered to be local by the LOESS (locally weighted scatterplot smoothing) filter.³²

Figure 8.

Curve of performance degradation features of the component cooling water pump.

Data from the first 160 days are used to identify the Wiener degradation model parameters. Let α = 1, and the estimated model parameters are μ = 0.007, η = 0.098, σ = 0.164, and R = 0.154. The average error between the measured values and the predicted values is 0.59 m/s². This is a point-by-point prediction. The errors will be very large if it is long-point prediction.

After obtaining the Wiener degradation model parameters, the degradation trajectories of the remaining cycles are predicted using the SIR-PF algorithm. Predicted trajectories that have a reputation of less than 0.5 are rejected.

Figure 9 shows the pseudo-threshold probability density distribution curve for the 160 days. For PFHD1 = 0.024 per day and PFHD2 = 0.24 per day, PDTD1 = 0.767 m/s² and PDTD2 = 1.568 m/s², respectively.

Figure 9.

Curve of failure probability density obtained by the PTS for the 160-day cycle.

Figure 10 shows the effect of the SIL evaluation. The figure shows the most likely degradation trajectory after the 160-day cycle, which represents the composite of many degradation trajectories predicted using the SIR-PF algorithm. Note that the error in the degradation trajectory prediction using the SIR-PF algorithm is significant in contrast to the true degradation feature values in the cycle of [160, 220] days. The Wiener degradation state equation parameter estimation error results from the three sources of uncertainty in equation (2). The sample size of the degradation trajectories is too small. Another reason is the dynamics of the actual situation on longer days.

Figure 10.

Effect of SIL evaluation after the 160-day cycle.

The SILs are defined using the PDTDs, as shown in Table 5.

Table 5.

SILs and their respective PDTDs for the component cooling water pump.

SIL	PDTD (m/s²)
SIL3	0–0.767
SIL2	0.767–1.568
SIL1	>1.568

SIL: safety integrity level; PDTD: performance degradation threshold on demand.

Figure 11 shows the curves of the PDTD1 and PDTD2. The variation trends of the PDTD1 and PDTD2 monotonically increase with the cycles but increase within a small range in the future weeks. There is a fixed range fluctuating during the short period of [160, 172] days, and a wider range fluctuating is entered after 172 days.

Figure 11.

Curves of the PDTD1 and PDTD2 under different cycles.

Comparison of SIL evaluation

The component cooling water pump condition-monitoring data set is used to verify the effectiveness of the PDTD for SIL evaluation. The comparison methods are as follows:

M1: risk matrix analysis recommended in the IEC 61508 standard. A risk matrix is a semi-quantitative assessment tool commonly utilized for risk analysis and evaluation. The risk matrix is also a mapping of probability and consequence to risk. To build the risk matrix, the following steps need to be taken: identification of the different hazards that endanger the equipment, determination of the risk level for each hazard by finding its likelihood of occurrence, and taking into account the hazards consequences. A risk assessment has to be undertaken to determine the SIL, typically, using risk matrices. The risk matrix parameters⁹ in the IEC 61508 standard are as follows: the frequency and duration are from 1 day to 2 weeks, Fr = 4; the probability of a hazard event is rarely, Pr = 2; avoidance is possible Av = 3; and the severity is Se = 3. Then, we can obtain the class: CI = Fr + Pr + Av = 9. The SIL assignment class is SIL1 level.

M2: Monte Carlo method. The Monte Carlo method relies on repeated random sampling to obtain degradation trajectory model parameters. For each degeneration trajectory path that meets its predefined threshold, a degradation soft failure is detected. The failure probability is the cumulative probability distribution of the soft failures. First, a general path model (GPM) for only one degradation trajectory is obtained by exponential curve fitting. Second, the GPM model parameters are sampled using a Monte Carlo simulation. In the experiment, the threshold for calculating the failure probability is set to 2. Third, the probability of a dangerous failure is calculated, and the functional SILs are evaluated according to the PDFHDs shown in Table 2.

M3: the proposed method in this article. Data from the first 160 days are available. Assume that designed functional life threshold T_end of the component cooling water pump is 300 days. The goal is to evaluate the SILs of the component cooling water pump after 160 days.

The comparison of the SIL evaluation results is shown in Table 6. Note that it is meaningless to evaluate the SIL before 160 days.

Table 6.

SIL evaluation results with different methods in the 160-day cycle (units of days).

SIL	M1	M2	M3
SIL2	–	[161, 186]	[161, 209]
SIL1	[1, 300]	[186, 300]	[209, 300]

SIL: safety integrity level.

The bathtub curve is typically used to illustrate the three key periods of centrifugal pump failure. The bathtub curve consists of three periods: an infant mortality period, a relatively constant failure period, and finally a notable growth in the later wear period. The infant mortality period occurs in the early operation period. Because of unknown material defect, manufacturing defects, or other reasons, the failure rate is very high at the beginning and then gradually decreases to a steady state. However, the only information available is past failure times of similar components used under similar conditions. Due to the failure-dependent data of component cooling water pump is insufficient, the SIL evaluation method based on performance degradation data is invalid in the early operation period.

In the constant failure period, as the component cooling water pump operates, it begins to degrade and consume its available life. This life consumption may be a function of system stresses, and the failure distribution should be updated to account for the system’s operational stress levels. The failure rate is caused by unexpected overloads, and so on. The SIL is at a moderate level.

In the later wear period, the degradation of the component cooling water pump becomes apparent. This may be caused by fatigue, abrasion, radiation, and so on. The failure rate increases rapidly. If it continues to operate, the increasing maintenance scope, times, or frequency can create significant danger to maintenance personnel. The SIL is at the lowest level.

In our method, two aspects must be considered for the SIL evaluation. The first is the failure probability and the second is the risk caused by a failure. If we suppose that the danger caused by a failure is known, the desired SILs’ evaluation result should obey a bathtub-shaped curve.

As shown in Figure 12, the curve change trends of the SIL based on the M2 and M3 present a bathtub-shaped curve. It is rare to have sufficient short-term or long-term failure data to obtain a calibrated bathtub curve. In the later periods [209, 300] days, the result is SIL1, which is the lowest level. This result corresponds to the failure probability rapidly increasing. The M2 has a shortcoming in that the selected threshold for calculating the failure probability is uncertain because of the expert assessment subjectivity. The M3 is more reasonable than the other methods.

Figure 12.

SIL evaluation results and the possible failure bathtub curve. Note that the cycles from 0 to 160 days are the past. It is meaningless to evaluate the SIL before 160 days.

Parameter analysis

In our method, the SIL evaluation results are primarily affected by the degradation trajectory and PDTDs. After obtaining the Wiener degradation model parameters, the SIR-PF algorithm is used to predict the degradation trajectories in the upcoming cycles. The SIR-PF algorithm implementation relies on the Wiener degradation state equation (2). In the Wiener degradation state equation (2), the diffusion coefficient σ and degradation rate μ_k are uncertain. This uncertainty influences the effects of the SIR-PF algorithm. A detailed study of the Wiener degradation state equation (2) parameter estimation is not the focus of this article. In a real-world trial, the prediction accuracy of the degradation trajectory is restricted in terms of the hidden degradation information of the centrifugal pump.

The threshold PDTD is another important factor in SIL evaluation. The PDTD is primarily affected by selected highly monotonic degradation trajectories and their failure times. The reputation index is used to select the highly monotonic degradation trajectories. Cusp catastrophe theory is used to determine the failure time.

To obtain the desirable PDTDs for more effective SIL evaluation, the reputation parameter γ is the only parameter that needs to be controlled within a range. We must analyze the reputation parameter γ and its influence on the PDTDs.

For the simulation experiment, Figure 13 shows the PDTDs versus the reputation parameter γ for the 100-day cycle. The PDTD1 and PDTD2 are not affected by the reputation parameter γ∈[0, 0.3]. The range γ∈[0, 0.7] is thus usable. When γ∈(0.7, 1], no degradation trajectories satisfy the reputation requirements.

Figure 13.

PDTDs versus the reputation parameter in the simulation experiment for the 100-day cycle.

For the experiment on the component cooling water pump, Figure 14 shows the PDTDs versus the reputation parameter γ for the 160-day cycle. The PDTD1 and PDTD2 are not affected by the parameter γ∈[0, 0.5], which is the usable range. When γ∈(0.5, 1], no degradation trajectories satisfy the reputation requirements.

Figure 14.

PDTDs versus the reputation parameter in the verification experiment of the component cooling water pump for the 160-day cycle.

Conclusion

Functional safety evaluation is a formidable challenge in PHM. The SIL evaluation methods in the IEC 61508 standard are inappropriate for the centrifugal pumps in NPPs because their historical statistical failure-dependent data are insufficient in most cases. This article proposed an SIL evaluation method based on the performance degradation data. The key features of this method concern obtaining the thresholds and degradation trajectories. This work proposed an adaptive performance degradation threshold, called the PDTD. The SILs are defined by the PDTDs. The Wiener degradation state equation is used to describe the degradation state of the centrifugal pump. The degradation trajectories are predicted by the SIR-PF algorithm for future cycles. After selecting the highly monotonic degradation trajectories and obtaining their catastrophic failure time, the PDTD determination process is described in detail. In our case, the sample size of the degradation trajectories is one. The Wiener degradation model parameters were estimated using the PMH algorithm.

Experiments are performed using the simulation data and the component cooling water pump condition-monitoring data set. The results demonstrate that the proposed PDTD for SIL evaluation is effective. This article also analyzes the range of the reputation parameter, which needs to be less than 0.5. By comparing to the risk matrix analysis recommended in the IEC 61508 standard, our method is found to be more reasonable and produces a result that obeys a bathtub-shaped curve.

Footnotes

Handling Editor: Dong Wang

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: The research work described in this paper was supported by the Natural Science Foundation of China under grant no. 61472216.

References

Cubillo

Perinpanayagam

Esperon-Miguez

. A review of physics-based models in prognostics: application to gears and bearings of rotating machinery. Adv Mech Eng 2016; 8: 1–21.

Di Maio

Baraldi

Zio

et al . Fault detection in nuclear power plants components by a combination of statistical methods. IEEE T Reliab 2013; 62: 833–845.

Wang

Tsui

Zhou

. Novel Gauss–Hermite integration based Bayesian inference on optimal wavelet parameters for bearing fault diagnosis. Mech Syst Signal Pr 2016; 72–73: 80–91.

Zhang

Kang

Jin

. Degradation modeling and maintenance decisions based on Bayesian belief networks. IEEE T Reliab 2014; 63: 620–633.

Flage

Aven

Baraldi

et al . An imprecision importance measure for uncertainty representations interpreted as lower and upper probabilities, with special emphasis on possibility theory. Proc IMechE, Part O: J Risk and Reliability 2012; 226: 656–665.

Zio

. Some challenges and opportunities in reliability engineering. IEEE T Reliab 2016; 65: 1769–1782.

Satur

Kim

Bae

et al . Cost effective alternative in meeting the required safety integrity level (SIL). J Loss Prevent Proc 2016; 40: 406–418.

Shu

Zhao

. A simplified Markov-based approach for safety integrity level verification. J Loss Prevent Proc 2014; 29: 262–266.

Smith

Simpson

. Safety critical systems handbook: a straight forward guide to functional safety, IEC 61508 (2010 Edition) and related standards, including process IEC 61511 and machinery IEC 62061 and ISO 13849. Oxford: Elsevier, 2010.

10.

Liao

Jin

Pavel

. Enhanced restricted Boltzmann machine with prognosability regularization for prognostics and health assessment. IEEE T Ind Electron 2016; 63: 7076–7083.

11.

Sang

Son

Jung

et al . Risk assessment of safety data link and network communication in digital safety feature control system of nuclear power plant. Ann Nucl Energy 2017; 108: 394–405.

12.

Lee

Moon

et al . Design and development of a functional safety compliant electric power steering system. J Electr Eng Technol 2015; 10: 1915–1920.

13.

Cartella

Sahli

. Online adaptive bearings condition assessment using continuous hidden Markov models. Adv Mech Eng 2014; 7: 1–21.

14.

Jin

Pang

Zhao

et al . Quantitative assessment of probability of failing safely for the safety instrumented system using reliability block diagram method. Ann Nucl Energy 2015; 77: 30–34.

15.

Kaczor

Mlynarski

Szkoda

. Verification of safety integrity level with the application of Monte Carlo simulation and reliability block diagrams. J Loss Prevent Proc 2016; 41: 31–39.

16.

Piesik

Sliwinski

Barnert

. Determining and verifying the safety integrity level of the safety instrumented systems with the uncertainty and security aspects. Reliab Eng Syst Safe 2016; 152: 259–272.

17.

Kim

Yoo

et al . Procedure for assessing hardware safety integrity in legacy systems. J Loss Prevent Proc 2016; 40: 461–470.

18.

Zuo

Jiang

Yam

RCM

. Approaches for reliability modeling of continuous-state devices. IEEE T Reliab 1999; 48: 9–18.

19.

Alaswad

Xiang

. A review on condition-based maintenance optimization models for stochastically deteriorating system. Reliab Eng Syst Safe 2017; 157: 54–63.

20.

Lehmann

. Joint modeling of degradation and failure time data. J Stat Plan Infer 2009; 139: 1693–1706.

21.

Lehmann

. Failure time models based on degradation processes. In: Nikulin

Limnios

Balakrishnan

et al . (eds). Advances in degradation modeling. Statistics for industry and technology. Boston, MA: Birkhäuser, 2010, pp.209–233.

22.

Singpurwalla

. Survival in dynamic environments. Stat Sci 1995; 10: 86–103.

23.

Caballé

Castro

Pérez

et al . A condition-based maintenance of a dependent degradation-threshold-shock model in a system with multiple degradation processes. Reliab Eng Syst Safe 2015; 134: 98–109.

24.

Wang

Tsui

. Brownian motion with adaptive drift for remaining useful life prediction: revisited. Mech Syst Signal Pr 2018; 99: 691–701.

25.

Chib

Greenberg

. Understanding the Metropolis-Hastings algorithm. Am Stat 1995; 49: 327–335.

26.

Särkkä

. Bayesian filtering and smoothing. vol. 3. Cambridge: Cambridge University Press, 2013.

27.

Jouin

Gouriveau

Hissel

et al . Particle filter-based prognostics: review, discussion and perspectives. Mech Syst Signal Pr 2016; 72–73: 2–31.

28.

Baraldi

Di Maio

et al . Online performance assessment method for a model-based prognostic approach. IEEE T Reliab 2016; 65: 718–735.

29.

Rigamonti

Baraldi

Zio

et al . Particle filter-based prognostics for an electrolytic capacitor working in variable operating conditions. IEEE T Power Electr 2016; 31: 1567–1575.

30.

Wang

Ding

Wang

. Trust evaluation sensing for wireless sensor networks. IEEE T Instrum Meas 2011; 60: 2088–2095.

31.

Wang

Ding

. Reputation-enabled self-modification for target sensing in wireless sensor networks. IEEE T Instrum Meas 2010; 59: 171–179.

32.

Iwaniec

Lisowski

Uhl

. Nonparametric approach to improvement of quality of modal parameters estimation. J Theor Appl Mech 2005; 43: 327–344.

Safety integrity level evaluation of nuclear centrifugal pump based on performance degradation data

Abstract

Keywords

Introduction

Related work

The proposed SIL evaluation method

Degradation trajectory prediction

Degradation trajectory selection criteria

Failure time determination

Determination of PDTD

Experiments

Simulation experiment

Verification experiment of the component cooling water pump

Comparison of SIL evaluation

Parameter analysis

Conclusion

Footnotes

Declaration of conflicting interests

Funding

References