artificial evolution to test and challenge complex control systems mr. john scott dr. carl anderson,...

Artificial Evolution to Test Artificial Evolution to Test and Challenge Complex and Challenge Complex

Control SystemsControl Systems

Mr. John Scott Dr. Carl Anderson, Dr. Eric Bonabeau

Icosystem Corp Cambridge, MA

Research Supported by ONR

NDIA T&E CONFERENCE 2004 LAKE TAHOE/RENO/SPARKS, NEVADA MARCH 2004

Copyright © 2004, Icosystem Corporation 2

2/19/2004

OverviewOverview

• Background: Design of Complex Systems

• Evolutionary Testing of Complex Systems


2/19/2004

Testing and DesignTesting and DesignUnderstanding our Systems

• Ignorance

(not knowing what you don’t know)

2. The combinatorial nature of systems

(too many parts)

- Hardware, software, people, processes

3. Emergent phenomena

(the parts interact)


2/19/2004

Combinatorial ProblemCombinatorial Problem

If every organization uses a different database schema, the interchange problem is combinatorial.


2/19/2004

Emergent BehaviorEmergent Behavior• Small change in local

rule leads to dramatic change in global, emergent behavior

• Change in behavior is very difficult to predict a priori, not intuitive

70 chgrp admin /home/alex/.bash_history

71 chown alex /home/alex/

72 chgrp admin /home/alex/

73 cat /.bash_history

74 echoAppend hacker:0:0:hacker:/:/bin/bash /etc/passwd

75 cat /etc/passwd

76 ftpGet login2

77 chmod login2 0 2 true

78 mv bin/login /usr/bin/temp.old

79 mv login2 /bin/login






75 cat /etc/passwd

76 ftpGet login2









75 cat /etc/passwd

76 ftpGet login2









75 cat /etc/passwd

76 ftpGet login2





2/19/2004

Ecosystem of BehaviorsEcosystem of Behaviors

Ecosystem

Entities

Interactions

Individual Actions lead to System Level Behaviors


2/19/2004

Complex SystemsComplex SystemsA system is complex when:

1. It consists of a large number of elements

2. Significant interactions exist between elements

3. System exhibits emergent behavior: cannot predict system behavior from analysis of individual elements


2/19/2004

Inevitable: any complex Inevitable: any complex system has loopholessystem has loopholes

And loopholes can (and will) And loopholes can (and will) be exploitedbe exploited


2/19/2004

Tax code

Software

Frequent flier programs

Health care, Medicare

1996 Telecommunications act

NBA rules

Elections

Power grid, water distribution

New York State power grid, From Strogatz, Nature, 2001


2/19/2004

What can we do about it?What can we do about it?

Depends on which side you’re Depends on which side you’re on!on!

Either way, you want to Either way, you want to systematically discover the systematically discover the system’s weaknessessystem’s weaknesses


2/19/2004

Hints from NatureHints from NatureParasites

Viruses

Co-evolutionary arms races

Rapid evolutionRapid evolution


2/19/2004

• Identify failure modes in complex systems• Engineers can only test a small fraction of all

possible configurations and damage scenarios

• Possible to find small investments that will dramatically improve robustness? i.e., better design

Evolutionary/Adaptive TestingEvolutionary/Adaptive Testing


2/19/2004

Design TestingDesign Testing – Ship Systems – Ship Systems

USS Arleigh Burke


2/19/2004

• Feasibility of evolutionary testing on a shipboard control system

• Modeling ship’s firemain system with local valve controls

• Evolving challenges• Pipe rupture, e.g. from

torpedo attack• Water demand, e.g.

ballasting water

ObjectivesObjectives

• Use evolutionary computing to search vast space of possible challenges

• Identify particularly problematic combinations of challenges

• Study effects of random vs. correlated challenges

Problem Problem StatementStatement

Evolving challengesEvolving challenges


2/19/2004

Modeling the shipModeling the shipUSS Arleigh Burke firemain


2/19/2004

EPANET (Environmental Protection EPANET (Environmental Protection Agency)Agency)

• Model city water• Any number of

• Pipes• Pumps• Tanks• Valves

• Calculates steady state flows, pressures etc.

• Implement network in minutes

• Simple, local controls


2/19/2004 Pump, under local control

Scale model

Modeling the ship

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2

SV4 SV5 SV6 SV7 SV8 SV9 SV10 SV11

SV12

SV13

SV14SV15SV16SV17SV18SV19SV20

SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

Stop valve, under local control

Sprinkler valve

Challenges:

• Pipe rupture—e.g. torpedo attack [63pts]

• Water demand—e.g. ballasting [49pts]


2/19/2004

EPANET network


2/19/2004

Hydraulic model (EPANET)

C++ interface

Genetic Algorithm

Set of challenges = rupture list + demand list

Results = fitness function

Implementation


2/19/2004

Evolutionary computationEvolutionary computation

Individuals are represented by genetic stringIndividuals are represented by genetic string

oror

Two genetic operations

11011011001001011010

11010110001001101110

Crossover1101001000

1101011000

Mutation

1101011000…

Evolving challenges


2/19/2004

From Ken de Jong

Evolving challenges


2/19/2004

000010000000001000 … 000010000

010000000000000010 … 000010000

Rchromosome [list of all 63 rupture locations]

Dchromosome [list of all 49 locations where water can be drawn off]

Genotype: Specifies set of challengesGenotype: Specifies set of challenges

Unconstrained state space = 2(63+49) 1034

Rupture location 5 [time 0, emitter coefficient 2]

Draw 500 gallons per minute from location 2

Evolving challenges


2/19/2004

Meiosis : form of genetic crossover

Parent 1

Parent 2

R

D

R

D

Offspring 1

Offspring 2

mating

Evolving challenges


2/19/2004

Mutation : rupture nearby pipes instead

1 2 . . . 63

1 0 105 307 226 178 300

2 105 0

. 307 0

. 226 0

. 178 0

63 300 0

e.g. rupture point 1 and rupture point 2 are 105 feet apart

Proximity matrix

000010000000001000 … 000010000

Rchromosome

1. Select one of the 1s from the R chromosome

2. Get list of physical distances to all other rupture locations from proximity matrix

3. Take reciprocals of distances; sum them; divide each by sum

4. Choose new location probabilistically from this normalized vector

Evolving challenges


2/19/2004

0 1 0 1 0 0 0 1 0 0 1

0 0 0 0 1 0 1 0 0 1 1Rchromosome of parent 1

Rchromosome of parent 2

3 pairs available for crossover

Crossover : while conserving #ruptures

1. Pick a red pair and a blue pair at random2. With Probability 0.5 swap them [change 1 0 and 0 1]3. Do for all pairs (i.e. all remaining reds + their blue partners)

Evolving challenges


2/19/2004

Parameters• Population size 50• Elite size 10• Number of Ruptures 1–3• Number of Demands 0–2• Mutation Probability 0.5• Meiosis Probability 0.5• Crossover Probability 0.5• Fitness metric 9 to choose from

“Deadwater” length Maximum pump flow

Evolving challenges

Results:Results:Finding worst case rupturesFinding worst case ruptures


2/19/2004

Single Ruptures

Total length of dead water (ft)

0 100 200 300 400

0

100

200

300

400

500

0

20

40

60

80

100

120

x

y

tota

l le

ng

th o

f de

ad

wa

ter

(ft)

Conclusions:

1. Several “sensitive” areas of the ship, mostly on the port side, fore and aft.

2. Four equivalent “worst” locations—GA returns all of them simultaneously

Results


2/19/2004

total length of dead water[Dual ruptures]

0 10 20 30 40 50 60 70

0

200

400

600

800

1000

010

2030

4050

6070

rupture pt ID

rup

ture

pt I

D

tota

l le

ng

th (

ft.)

Results

Dual Ruptures

Color = scaling on z-axis


2/19/2004

Conclusion:

• GA found these worst cases < 3min (vs. systematic search: > 3 hrs)

• GA took median of 49 generations, i.e. 1 % of state space

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

Triple Ruptures

Results


2/19/2004

Is the worst 3pt rupture a combination

of worst single point ruptures?

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

Results

Triple vs. Single Ruptures

Worst [1-4 / 63] 5th worst [11/63]

13th worst [28-30 / 63]

Conclusion:

• No: worst 3 pt rupture involved “insignificant” locations, low down on list

• r56 vulnerable: add in pump → starboard loop riser?

Results:Results:Threshold searchThreshold search


2/19/2004

Threshold search

Component constraint• Pump flow rate• Max. safely: 1000 gpm• Threshold 1000

• GA searches and lists all results > threshold

> 1500: dangerous> 1250: warning> 1000: overheating

Results


2/19/2004

• 2 ruptures (6-2) 1500 = 6000 gpm

• 2 demands 2 2000 = 4000 gpm

• Set threshold @ 1000 gpm, see what happens…

Threshold search

Spare capacity: 2000 gpm

Results


2/19/2004

Conclusions:

• 1. Some huge values (4000 gpm)

• 2. Damage Control (DC) protocol: no-go locations for drawing off water

Results

0 10 20 30 40 50

1000

1500

2000

2500

3000

3500

4000

010

2030

4050

demand pt ID

de

ma

nd

pt I

D

ma

xim

um

pu

mp

flo

w (

gp

m)


2/19/2004

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

Why was value so high?

Results

Results:Results:Correlated damageCorrelated damage


2/19/2004

Correlated vs uncorrelated damage

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

N ruptures clustered

(take N - 1 nearest locations)

N ruptures uncorrelated

Results

Results:Results:OperationsOperations

- Condition Zebra- Condition Zebra


2/19/2004

Results

Condition zebra

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

partition ship into 2 isolated mains: part & starboard

s1 s2 s3 s4 s5

s6 s7

s8 s9 s10 s11 s12 s13

SV1

SV3

SV2


SV12

SV13


SV21

SV22

SV23

SV24 SV25

SV26

SV27 SV28 SV29

SV30

SV31

Why was value so high?

Results


2/19/2004

No. rupturesMaximum pump flow

X-ray Zebra

1 367.68 1025.27

21025.2

71025.27

31025.2

71025.27

Results

X-ray vs. zebra clustered ruptures

2 demands

Conclusion:

• Zebra has a large effect for MPF only with single ruptures


2/19/2004

• GA proved itself in optimizing worst case scenarios for both correlated and uncorrelated damage

• Some surprising results: e.g. worst 3pt rupture involved an insignificant rupture location halfway down list

• Huge potential for searching for bounds of working conditions [threshold search]

• Tool for design of more robust systems and control strategies (e.g., where to add pipes, where NOT to draw water, ...)

ConclusionsConclusions


2/19/2004

• Beyond simple challenges: dynamic challenges, correlated challenges

• Identifies risk mitigation strategies• Huge potential for searching for bounds of

working conditionsCan be applied to:• System Concept Designs • Existing Systems

• Software/Hardware

• System Health and Monitoring

Application ofApplication of


2/19/2004

Paper is available, for more information, contact:

John M. Scott

[email protected]

phone - 240.401.6574

Icosystem Corporation10 Fawcett StreetCambridge, MA 02138

Questions?Questions?


2/19/2004Source: NewScientist.com, 31 August 2002

In 2002, Paul Layzell and Jon Bird of U. Sussex in Brighton, UK, tried to design an oscillator using evolutionary computation.

They discovered an intriguing arrangement of transistors that produced an oscillating output.

But the circuit was not an oscillator.

They had evolved a radio receiver that was picking up a signal from a nearby computer and delivering it as output.

In essence, the evolved circuit had found a loophole in the experimental setup, and relayed oscillations generated elsewhere rather than generating its own.

artificial evolution to test and challenge complex control systems mr. john scott dr. carl anderson,...

Documents

icosystem corporation

mv login2 binlogin slide

pts slide

chgrp admin homealex

epanet network slide

mv binlogin

ftpget login2

chmod login2