1. Introduction
Industrial applications have become more critical and complex over the past years, mainly due the intensification of processes automation and their distributed operation [
1]. Many of those applications comprise one or more Wireless Visual Sensor Networks (WVSN), aiming at multi-sensory monitoring for tasks as quality inspection, surveillance and system guidance. Whatever is the nature of such sensors-based networks, their failures can be dangerous to people, lead to environmental damages or even result in economic losses, pushing WVSN applications to pursue a sufficient dependability level [
2].
In general, the concept of dependability concerning scalar Wireless Sensor Networks (WSN) has addressed hardware and connectivity failures when modelling faulty conditions [
3]. However, for a visual monitoring context, a new type of failure must be also considered, since the way cameras sense the environment is subject to a whole new group of errors and impairments [
4]. In fact, visual coverage failures are resulted from total or partial lack of visual information retrieved from cameras, with different particularities depending on the way the environment is perceived. Therefore, when combining hardware, connectivity and coverage failures, more comprehensive dependability evaluations can be performed, potentially benefiting the management of critical sensing applications.
When assessing the dependability of wireless visual sensor networks in industrial environments, in a broader perspective, the concept of Quality of Monitoring (QoM) can be defined. The QoM refers to the capability of a network to perform the expected monitoring functions over a region of interest [
5]. In other words, it is not only considered the amount of retrieved visual information when assessing quality, but also definition and sharpness parameters [
6]. In practical means, any application may have a minimum expected level of QoM, changing the perception of coverage failures when evaluating dependability: a coverage failure will happen when an application fails to fulfill its expected minimum QoM level.
Several aspects can affect the normal operation of cameras. Common examples are dynamic external (outdoor) factors such as (high/low) luminosity, fog, rain, snow and dust. Particularly for indoor industrial areas, however, there will be two main causes of visual failures that will affect the retrieved visual data and, consequently, the achieved dependability of an application: (1) occlusion and (2) distance of view. Occlusion will be produced by some static or mobile obstacle, potentially reducing a camera’s Field of View (FoV) and indirectly impacting the overall monitoring quality. In a different way, the distance of view is associated to the sharpness of the retrieved visual data [
7]. Both types of impairments may simultaneously affect visual sensor nodes and thus they will be modeled as the main causes for QoM degradation.
This article proposes a methodology to allow dependability evaluations of wireless visual sensor networks under the effect of different types of failures. For that, we integrate some previous contributions into a single unified mathematical model, incorporating new elements to better encompass the challenges of industrial monitoring applications. Actually, the proposed methodology comprises common hardware and networking failures associated to scalar sensors, as well as visual coverage failures generated by occlusion or low monitoring quality (modelled as the distance of view). Doing so, researchers acquire a unified model that comprehensively cover frequent but complex failure conditions in such scenarios. Additionally, extensive discussions about practical definitions of the model’s parameters are conducted in this article, addressing an important researching gap that has not been properly considered by the literature. For this purpose, an example of a paper mill application is considered for simulations (Iggesund Paperboard [
8]), taking as reference the WirelessHART protocol to connect the sensors [
9].
In fact, we have addressed some dependability issues for scalar and visual wireless sensor networks in previous works. In Reference [
10], a formal methodology was proposed to model some aspects of hardware and networking failures, focused on scalar sensors. Then, in References [
10,
11], visual coverage failures were mathematically modelled and processed for dependability assessment, although no dependability evaluation was performed due to the lack of a proper method for this task. In this article, however, we leveraged the mathematical formulations in those work to achieve a more complete model based on different coverage failures that are considered at once. We provide adaptations in the methodology proposed in Reference [
10] in order to incorporate this more complete model and consequently to evaluate WVSN in a more comprehensive way. The resulted model and the performed simulations are important contributions that enhance the knowledge in this field, significantly supporting new developments in industrial WSN.
Therefore, the expected contributions of this article can be summarized as follows:
Integrate different methodologies proposed in previous works, defining a comprehensive unified mathematical model to assess the dependability of wireless visual sensor networks, specially considering the particularities of sensors-based industrial applications;
Create a consistent reference for quality assessment in critical applications, associating the most relevant failure causes in visual monitoring, which has not been considered before by the literature;
Discuss how the parameters of the proposed mathematical model can be achieved in practical applications, potentially supporting more effective dependability evaluations;
Demonstrate a practical use of the proposed methodology considering realistic parameters, which can be easily replicated when evaluating other applications in industrial scenarios.
The remainder of the article is organized as follows.
Section 2 presents related works regarding dependability evaluation and coverage failures in wireless visual sensor networks. Fundamental concepts for this work are presented in
Section 3. The proposed methodology is described in
Section 4, detailing the different evaluation phases.
Section 5 presents and discusses important results considering a study case in an industrial scenario. Finally, the conclusions are stated in
Section 6.
4. Proposed Methodology
The dependability assessment methodology proposed in this article is aimed at solving an important quality evaluation gap in critical applications that employ scalar and visual sensors to perform monitoring tasks. For that, we integrate and unify some previous methodologies [
5,
10,
11], achieving a more complete mathematical solution for such scenarios. In this way, the proposed methodology for dependability evaluation considers different visual coverage failures, which occur when the required area coverage or quality of monitoring level are not fulfilled, either by an incorrect deployment or by occlusion.
The flowchart of the proposed evaluation methodology is presented in
Figure 5 and depicts the methodology in four stages:
coverage analysis,
connectivity analysis,
Fault Tree generation and
dependability analysis. Backwards, the
dependability analysis (the last stage) is performed in terms of its quantitative attributes (reliability and availability), as it is commonly addressed in the literature [
23,
24,
25,
26]. For this task, the SHARPE (Symbolic Hierarchical Automated Reliability and Performance Evaluator) tool [
27] is used to numerically compute a hierarchical model of a fault tree embedded with Markov chains. It is worthy to remark that it is an automated methodology, which means that, besides the input data at the initial stage of the methodology, no further interaction with the user is required for dependability assessment.
The hierarchical model is built in the previous stage of the methodology, the Fault Tree generation. For this, the proposed methodology assumes a network that is organized in a tree topology, rooted at the gateway node. This node manages the system monitoring application, receiving data from the other visual nodes. Therefore, a visual application will fail if the network is not capable to deliver the required visual information to the gateway. This can happen due to failures of network nodes that compose the Network Failure Condition (NFC), which is a logical expression that indicates which nodes or combination of nodes () must fail to lead to the application failure. The nodes participating in the NFC are called essential nodes.
The NFC is used to build a fault tree. In this case, an application failure is identified whether the NFC is assessed equals to
true, which is equivalent to the TOP event of the fault tree be assessed equals to
true.
Figure 6 shows the gates of the fault tree structure considered in the methodology.
A combination of nodes (devices) fails if all paths (
) that connect the gateway to each node in the combination fail. A path fails if any link (
) or node (
) in the path from the node to gateway fails. Finally, a node fails if its hardware (
) fails or if its battery discharges (
) [
10]. The basic events
,
and
must be assigned to battery, hardware and link dependability functions (reliability or availability functions, according to the evaluation interest), resulting from the respective Markov chain evaluation, according to
Figure 7. These Markov chains describe the component behavior through two states:
(operational) and
(failed). Transitions between these two Markov chain states are described by the failure (
,
) and repair rates (
,
,
), respectively. In case of battery, the states
represent progressive discharging states, the state
represents a fully discharge battery and the transition rates
,
, are the battery discharge rates in function of the power consumption.
At the
connectivity analysis step (the second stage in
Figure 5), the paths from the nodes of NFC to the gateway are represented in the fault tree, and they are defined according to the routing strategy. For this, it is necessary to know the NFC of the considered network.
At this point, we extended our previous work presented in Reference [
10]. In that work, the NFC was generated based on the covered area. However, as important as the amount of visual information, the quality of the gathered information is crucial for applications. Actually, both the amount and quality of this information can be jeopardized by occlusion, leading to a dependability decreasing.
That way, these coverage failures in the considered network have to be properly processed. In fact, coverage failures may happen in different ways and in different moments of the network lifetime. Nevertheless, in order to properly evaluate the dependability of the applications, the proposed methodology processes all coverage failures at once, achieving a final dependability perception. Therefore, the standard procedure is to sequentially compute all modelled coverage failures, first computing occlusions on all visual sensors and then processing the QoM associated to the Depth of View based on Occluded FoV (OFoV).
The computation of the OFoV will consider all static or moving obstacles that can produce some level of occlusion on the deployed visual sensors. For that, the formulations in Reference [
11] can be leveraged to achieve a set of Occluded FoV for the considered network, reflecting the impacts of the obstacles along the time. Then, the QoM of that set of active visual sensors can be also processed based on the definitions in Reference [
5], but now assuming that the FoV of any visual sensors may be not an isosceles triangle. In other words, two sequential layers of coverage failures will be computed for the visual sensors, and their resulted coverage on the monitored field will already reflect the impacts of both types of coverage failures. This general processing principle is depicted in
Figure 8.
As an important remark in
Figure 8, while a visual sensor may be not occluded by an obstacle, which may result in an OFoV similar to the original FoV, the QoM-aware FoV of that sensor will be always computed.
Based on the processing of these coverage failures, we define the NFC considering that the application will fail if a combination of nodes are not able to cover a minimum amount of covered area, a minimum quality of monitoring and also considering the minimum percentage of FoV of each visual sensor. For this last case, it is considered that, if a single sensor node cannot cover its minimum FoV, its camera is turned off, and the node operates as a relay node, that is, a node that only re-transmits messages, therefore consuming less power, saving battery, extending its lifetime, and so increasing the system dependability.
Initially, the methodology requires some supplementary data from the user in order to characterize the network and the application requirements. This information is related to network configuration (e.g., topology), visual coverage attributes, nodes, the evaluation process itself and specially the application requirements, which is the minimum visual coverage percentage (), the minimum QoM () and the minimum FoV ().
The Algorithm 1 describes the redesigned NFC generation, when a combination of sensor nodes is included into the NFC expression if it provides the required area coverage and QoM (Line 33). Doing so, the dependability evaluation can be carried out considering the mathematical parameters of the scenario.
The Algorithm 1 starts computing the OFoV of each visual sensor according to Jesus et al. [
11] (Line 2). Then, it is verified which monitoring blocks are covered by each visual sensor and their respective QoM. For this, the procedure
in Lines 6, 11–13 checks if the center of a
is within of the OFoV of a visual sensor
, and within of one of its quality level sub-regions
,
or
, respectively. This procedure implements a Ray casting algorithm [
28,
29]. Notice that we first verify if a
is within of the OFoV of
(Line 6). This is important to not consider monitoring blocks in occluded areas. According to how a sensor
covers a monitoring block
, the functions
and
are updated (Lines 14–25). This information is used to proper compute the overall coverage area
and QoM
provided by a subset of visual sensor
(Lines 30–32). Finally, the NFC is updated if the sensors in this subset are able to fulfill the application requirements together,
, if they cover an area greater or equal to
with QoM greater or equal to
(Lines 33–34).
Algorithm 1: NFC. |
|
Following all these steps, the dependability of any wireless visual sensor networks can be evaluated, potentially supporting in the designing, deployment and management of those networks. At this point, what is required is the proper setting of the evaluation parameters, which will be discussed in next section.
5. Practical Dependability Assessment
In this section it is presented the dependability assessment of an industrial application in order to show the applicability of the proposed methodology. Actually, for this task, the methodology parameters could be empirically set. However, in order to facilitate the usage of the methodology in real scenarios, some approaches are enhanced in relation of previous works, and employed to determine most of these parameters.
There are many possibilities to determine each parameter. Of course, each approach will be as accurate as the considered detailing level. In fact, we are not focused on strictly determining the parameters, but providing possible solutions when defining them. With a realistic parameters setting, we can more confidently evaluate the impact of visual coverage failures on the system dependability.
The proposed scenario used as case study is a merging of specifications of two real industrial shop floors into a single realistic model. This industrial scenario is similar to a paper mill proposed in Reference [
8] (Iggesund Paperboard), which contains machinery such as boilers, mixing and storage tanks, conveyors and storage racks. We assume that the factory occupy an area
of 250 m
m, where the monitored area
is 240 m
m. Over this
are deployed 11 visual sensor nodes and one gateway node, according to the industrial wireless network presented in Reference [
9], implementing a network topology according to the WirelessHART standard (one of the most adopted wireless communication protocol in industrial applications [
30]). The visual nodes are oriented in a way to monitor regions of production more susceptible to failures, accidents and intrusion.
Figure 9 shows the shop floor layout and
Figure 10 presents the network topology. The percentage on the edges of the graph are the packet reception rates (PRR), which are link quality metrics that will be used to determine the link failure rates.
Next we show how to obtain the dependability methodology parameters from the component specifications. The interested reader is referred to Reference [
10] for more details on the parameters meaning.
5.1. Experimental Parameter Settings
The methodology requires some data related to visual nodes, components failure and repair rates, network communication (topology, routing, radio range, etc.) and the application requirements. We assume that all the visual sensor nodes are composed of a camera FLIR BLACKFLY
S BFS-U3-13Y3 and that they communicate through an IEEE 802.15.4 radio interface at 2.4 GHz, using a CC2420 antenna which can support WirelessHART setting [
31]. Each node is powered by a typical battery of WirelessHART field devices, a lithium battery unit BU 191 [
32] and they communicate based on flooding routing strategy.
We assume that the useful visual information from cameras can be retrieved of a distance not higher than 75 m from the camera, which implies in a sensing radius of
m with the viewing angle of
(an intermediate value and also the average viewing angle of several commercial cameras). Regarding the monitored area, its dimensions are
m and
m, divided into monitoring blocks with
m (approximately
of the FoV [
22]) and
=
. The position of each sensor node was generated according to
Figure 10. The dependability parameters, according to the information available in References [
32,
33,
34], were pessimistically set, with the hardware failure and repair rates
and
=
, respectively, considering the worst case scenario of the hardware components specifications. In this article, all failures, repair and discharging rates are measured by hour.
The battery has an initial capacity Ah rated by h and a Peukert’s constant . Considering that the average continuous discharge current needed to supply the sensor node (radio, camera, etc.) is about mA, then the discharge rates of a 4-discharging stages of the battery model are = , = , = and = h. Once discharged, we consider that it takes 2 hours to repair (replace or recharge) the battery, so .
The estimation of the link rates is more complex since the link has a transient behavior, which means that a failed link will reestablish its connection after a while, without an external intervention. A link failure could be caused by an obstruction produced by an external object, shadowing, signal attenuation, multi-path fading, radio interference, background noise, an occupied channel or a data collision [
35]. Due to several uncertainties or difficulties when modelling these aspects, usually resulted from a lack of sufficient data, we consider the fuzzy model approach presented in Reference [
36] to estimate link failure rates based on link quality metrics. These metrics could be, for instance, packet reception rate, packet error rate (PER), link failure probability or time to link failure (TLF). They can be obtained by simulation [
37], estimation [
38] or by radio propagation models [
39].
The approach proposed in Reference [
36] expresses reliability data (failure probability) in a qualitative natural language and mathematically represented by a membership function of fuzzy numbers. That way, a defuzzification technique is needed to convert the membership function into a reliability score, and later into their corresponding fuzzy failure rates, which is a good approximation for probabilistic failure rates [
36]. We use an area defuzzification technique (ADT), since it presented the best results in Reference [
36].
Let
be a fuzzy function, where
are the parameters of a trapezoidal membership function. The parameter
can be converted to a crisp score by ADT (Equation (
11)) and this score can be used to estimate the link failure rate associated to
according to Equation (
12). We use the PRR available in Reference [
9] to define the values of the membership function of each link based on the fact that the higher is the PRR, the lower is the probability of the link to fail.
It is important to remark that, according to Purba et al. [
36], the relation between the qualitative natural language of the failure probability and its mathematical representation through the membership function (defined by fuzzy function parameters
a, b, c, d) must be stated by experts’ belief of the most expected value that a failure event may occur. That way, the association between these parameters was a relatively subjective choice of us, the authors, based on our familiarity, considerable training in and knowledge of this application field. The same was applied to the association between these parameters and the PRR.
Thereby, we consider that a PRR under
indicates a down link (nonoperational link). The fuzzy function was proportionally generated over the range of 50–100% and the link failure rates (
) were computed through Equations (
11) and (
12), according to Purba et al. [
36]. These rates, as well as the other parameters of the fuzzy model approach, are shown in
Table 2. Once a communication failure occurs, due to the transient nature of links, the connection from a node to the gateway node could be reestablished naturally, eventually, or by the re-routing or self-healing features of routing protocols, which lead us to consider in this scenario the link repair rate
= 4, which means about 15 min to reestablish.
5.2. Dependability Evaluation
Once the dependability parameters are set, the application requirements need to be defined to assess the system dependability. In this case, it is necessary to define the minimum acceptable area coverage (
) and quality of monitoring (
),
and
, respectively. For this, based on the layout shown in
Figure 9, we consider two obstacles on the monitoring area: a wall separating a management station to the chemical processes and a forklift that spends most part of time near to a conveyor belt to get the paperboard boxes.
Figure 11 shows the network deployment, including the obstacles (blue rectangles) and the quality perspective of
. Notice that the FoV of visual sensors
and
are partially occluded by the forklift and the FoV of visual sensors
and
are partially occluded by the wall. The coverage area is
m
, which is approximately
of total
, and the quality of monitoring is approximately
. Since in this work it is not considered network redeployment, the maximum coverage area and the maximum quality of monitoring are those ones presented by the network deployment. This means that
and
, otherwise this network will not fulfill the application requirements.
In order to evaluate the impact of visual failures on dependability, first we perform the system availability assessment considering that
, varying
from
to the maximum value of the area able to be covered by the network deployment (
). In this case, we intend to verify how large is the portion of area of the monitored field that the system can cover considering the proposed deployment. We can observe in
Figure 12a that the system presents an acceptable availability (>
) for values of
from
to
.
Then, the same analysis is performed considering
and varying
from
to the maximum value of quality of the monitoring provided by the network deployment (
). Here we intend to verify how well the monitoring field is covered considering the proposed deployment. We can observe in
Figure 12b that the system presents an acceptable availability (>
) for values of
from
to
. This analysis implies that, if an application intends to implement the proposed deployment, it will have a considerably satisfactory availability if its requirements of coverage area and monitoring area are
and
, respectively.
Actually, dependability is assessed here in terms of availability. Notice that, in order to perform a system reliability evaluation, it is only necessary to disregard the repair activities, which means setting the repair rates , and equal to zero.
Next, we evaluate the system availability with the maximum values of
and
that guarantee
of availability, which are
and
, and the maximum possible values, which are the coverage values of network deployment (
and
). With this, it is possible to verify, respectively, the maximum and minimum availability response which the system can present for the considered deployment. The
Figure 13 shows the respective steady availability values,
and
.
If we consider that the nodes are supplied by a power line instead of a battery, we can re-evaluate the system dependability without the effect of batteries. This can be achieved by removing the battery Markov Chain from the model or simply by setting the battery discharge rates (
) to zero, avoiding to change the fault tree model. In this case, the system availability increases to
and
, respectively, achieving expected results of a well formed WirelessHART network [
40].
Finally, it is analyzed the impact of transforming sensors with low coverage (
) into relay sensors.
Figure 14 shows an example where the sensor
is occluded and its OFoV is less than
. In this case we consider that this sensor cannot provide enough visual information and then its camera is turned off to save battery, but the node keeps working re-transmitting messages. We analyze the worst case scenario, that is, the maximum possible values of
and
, which is the coverage values of network deployment (
and
). In this case, the application availability considering
as a visual sensor node is
. When the sensor is considered as a relay node, the assessed availability is
. This is a very small increase in terms of the absolute values, although, in terms of dependability, it is very significant, which shows that the proper management of power consumption turning some visual nodes into relay nodes compensates somehow the visual failure.
6. Conclusions
In this article, we proposed a comprehensive methodology for dependability evaluation in wireless sensor networks considering hardware, networking and visual coverage failures. While hardware and network failures had been already considered in other works, visual failures were addressed in this article as an important element of dependability, since they are related to the inability of the sensors to perform sufficient area coverage respecting the minimum required quality of monitoring. Moreover, in order to make this problem computationally tractable for large networks, an efficient algorithm for area coverage and QoM computation was proposed, bringing then an important contribution to this area.
As additional contributions, we also addressed an important issue, which is practical aspects of parameters setting. Moreover, it was considered the study case of a paper mill with a WirelessHART network. The methodology provided coherent results for an industrial context, pointing out important development directions in future works.
We believe that industrial WSN applications can significantly benefit from the proposed approach. In fact, we expect not only a more efficient planning of new monitoring applications in these scenarios, but also a continued understanding of how failures may impact the final quality and how and where improvements can be performed.
As future works, an interesting research area would be to analyze the systems’ dependability in runtime, during an application operation. Doing so, we could dynamically analyze a system’s dependability, tracking system alterations due to failures or repairs, as soon as they happen. This dynamic evaluation context also allows the inclusion of mobile obstacles in the mathematical model, making the methodology useful for more realistic applications. Also, the system dependability could be improved by an optimization process with some nodes parameters being altered (cameras’ orientation, nodes’ position, link quality, power consumption), aiming at dependability improvement in case of a bad deployment configuration or in response to changes in obstacles positions.