Optimal Mission Abort Decisions for Multi-Component Systems Considering Multiple Abort Criteria

Abstract

This paper studies the optimal mission abort decisions for safety-critical mission-based systems with multiple components. The considered system operates in a random shock environment and is required to accomplish a mission during a fixed mission period. If the failure risk of the system is very high, the main mission can be aborted to avoid higher failure cost. The main contribution of this study lies in the design and optimization of mission abort policies for multi-component systems with multiple abort criteria. Moreover, multi-level transitions are considered in this study to characterize the different shock-resistance abilities for components in different states. Mission abort decisions are determined based on the number of components in either defective or failed state. The problem is formulated in the framework of the finite Markov chain imbedding method. We use the Monte-Carlo simulation method to derive the mission reliability and system survivability. Numerical studies and sensitivity analysis are presented to validate the obtained result.

1. Introduction

Systems deployed in critical applications, such as underwater vehicles, high-speed trains, chemical reactors, aircraft fleets, wind turbines, and high-voltage power cables, are subject to system malfunction during mission execution, which can cause environmental pollution, economic loss, and even fatalities. Therefore, the execution of a rescue procedure (RP) to ensure system survival becomes necessary when certain deteriorating conditions are met [1,2]. For example, an aircraft with multiple engines can abort the primary mission (PM) and make a precautionary emergency landing when certain engines fail [3]. The degradation status of each engine can be detected through sophisticated sensors in real-time. When the detected engine states indicate a high system failure risk, the operators can decide to abort the mission and start the rescue procedure immediately. This decision process is feasible due to the rapid development of the Internet of Things.

For safety-critical systems with a possibility of mission abort, two distinct performance measures should be balanced: mission success probability (MSP) and system survival probability (SSP). Mission success probability is defined as the probability of mission success, while system survival probability measures the probability of system non-failure during mission execution or RP. The mission abort improves SSP but leads to a reduction in MSP [4]. To strike a balance between MSP and SSP, a significant body of research has been dedicated recently to modeling and optimizing mission abort policies with single or multiple criteria.

The design and optimization of mission abort policies have lately received a lot of attention due to their practical and theoretical importance. Various mission abort optimization models have been intensively explored, which can be divided into age-based and condition-based [5]. Condition-based risk control policies outperform age-based policies due to the effective use of in-suite degradation information [6]. Despite their enormous theoretical and practical ramifications, condition-based mission abort policies have gotten little attention [7]. When a certain deterioration condition defined by the mission abort policy is met, the system aborts its PM that is followed by a RP. Zhao, et al. [8] investigated the dynamic mission abort decision-making issue for regularly inspected systems by using the Markov decision process.

Mission abort policies with single criterion have been extensively studied. Mayer investigated the optimal mission abort policies based on the number of failed components for k-out-of-n: G systems [9]. Ref. [10] designed mission abort strategies based on early-warning information. Ref. [11] studied optimal condition-based mission abort decisions based on the defective duration. However, in many real situations, the operation of some safety-critical systems is affected by more than one factor. For example, the UAV suffers not only external shocks coming from random environments but also internal degradation caused by the working load. Therefore, the decision of mission abort should fully incorporate these factors. Mission abort policies with multiple criteria have also been extensively studied. Levitin et al. studied mission abort policy based on the number of failed components and the elapsed mission time [12]. Ref. [13] investigated mission abort policy based on the defective duration and the level of degradation., Yang et al. studied abort decision-making based on the level of degradation and the age of the system [14]. Levitin et al. studied mission abort policy based on performance constraints and system state subsets [15]. Zhao et al. investigated mission abort policy based on the cumulative number of valid shocks and the number of consecutive valid shocks [16].

By reviewing existing studies, we found that many practical engineering systems operate in a shock environment, and external shocks are often directly related to system failures [17]. The shock models can be classified into five categories: cumulative shock model [18], extreme shock model [19,20], run shock model [21], δ-shock model [22,23], and mixed shock model. In the extreme shock model, a system breaks down because of an individual shock with a magnitude that exceeds a critical level [24]. The existing shock models mostly consider a binary-state system and component [25], which have more than two states ranging from perfect to entirely failed in practical engineering systems [26]. A multi-state system under an extreme shock model was first proposed in [20]. Ref. [27] explored mission abort policies for multi-state systems, which may operate in intermediate states with varied PL. In this paper, the component may have three states: perfect, defective, and failed. When a shock arrives, the state of components will transfer to an adjacent worse state with a certain probability.

Due to the harsh shock environment, the system state deteriorates as the system ages. Each shock increases the probability of failure resulting in multi-level transition probabilities [28]. For example, some systems can resist the damage of shocks due to their material, structure, or affiliated devices. The resistance to shocks will also deteriorate as the system degrades causing more prone failures, which is a function related to the system state or the system age [29]. Thus, when the failure risk of the system continuously increases to a certain threshold, it is reasonable to abort the mission and execute a rescue. This paper supposes that the probability of defective state transfer to a failed state is larger than the probability of perfect state transfer to a defective state.

Overall, the study of mission abort policy with the consideration of failure propagation for multi-component systems in a shock environment is not enough. Hence, this study proposes an optimal mission abort policy with multiple abort criteria for multi-component systems. The system is considered to be failed when the number of defective components and failed components exceeds the predefined critical threshold during the execution of a mission. Hence, a mission abort policy is implemented when the number of defective components and failed components reach the mission abort criteria to improve the mission success reliability and system survival probability with the minimization of average cost. The contribution of this study is threefold:

•

Multi-level transition probabilities which indicate the defective components deteriorate to a worse state with higher probability than the normal components are considered in this study;

•

Both the number of defective components and failed components have an effect on the mission abort activity and rescue procedures;

•

A cost minimization model that balances the mission success reliability and system survivability is constructed to determine the optimal mission abort decision parameters.

The organization of this study is described as follows. Section 2 formulates a mission abort policy with multiple criteria for multi-component systems in a shock environment. Section 3 derives the closed-form of mission reliability and system survival probability by using the finite Markov chain embedding method. The total average cost minimization model is constructed to find the optimal mission abort policy. In Section 4, an illustrative example is presented to verify the availability and efficiency of the proposed mission policy. Section 5 discusses the conclusions and some possible future research directions.

2. Problem Formulation

In this paper, we consider a multi-component system operating in a shock environment and required to perform a mission while maintaining normal functioning within a time period $\tau$. Each component in the system can be in one of three possible states: normal, defective, and failed. When the number of defective components in the system is higher than $M_1$ or the number of failed components is higher than $M_2$, the system fails. External shocks randomly affect the components in the system. Specifically, each external shock has a probability of deteriorating the component’s state by one level (e.g., from normal to defective), and another probability of having no effect on the component’s state. Due to different levels of resilience against shocks between normal and defective components, we assume that the probability of a shock deteriorating the state of a defective component is higher than that of a normal component. The impacts of random shocks on N components in the system are independent of each other. The abort criteria for the system’s mission are when the number of defective components reaches a predefined threshold $R_1$ or/and the number of failed components exceeds a certain threshold $R_2$. If the abort condition is met before time s, the mission will be immediately aborted and the rescue procedure will be started to save the system. The time required for rescue is dependent on these two abort thresholds and the states of the components and the system will stay in the original state until the rescue procedure is completed. Otherwise, if the abort condition is met after time s, the mission is continuous because the required time for the rest of the mission completion is less than the time for a successful rescue.

Figure 1 shows an illustrative example of the proposed mission abort policy with 4 possible cases when $M_1=5,M_2=4,R_1=3,R_2=2$. Case 1 means the mission is aborted and the rescue procedure is started at time $t_{1,k}$ with duration $t_1$ due to the number of defective components reaching $R_1$. When the number of failed components exceeds $R_2$, the mission is aborted and the rescue procedure is triggered with duration $t_2$ as shown in Case 2. The mission is failed in these two cases, while the system survives. In Case 3, although the abort condition is satisfied at time $t_{3,k}$, the mission is not aborted due to $t_{3,k}>s$ which means the left time $\tau -t_{3,k}$ is not enough to accomplish the rescue procedure. The system failed at time $t_{2,n}$ since the number of failed components reaches $M_2$ before the mission is completed at time $\tau$. Case 4 indicates the mission is successfully finished and the system keeps functioning before time $\tau$.

3. Reliability Evaluation of the System

In this section, we would like to analyze the reliability indexes of the considered multi-component system. Mission reliability and system survivability are derived by using the Markov chain embedding approach. For the sake of balancing these two indexes, an optimization model with the object of minimizing the total expected cost is then constructed.

3.1. Mission Reliability and System Survivability

When the system meets the mission abort condition, $K_1$ represents the total number of shocks. Let the random variable T denote the time when the system reaches the mission abort condition. Then, T can be expressed as $T={\sum }_{i=1}^{K_1}{Y}_i$, where $Y_i$ is the time interval between the $(i-1)$-th shock and the i-th shock. $P_1$ is the probability that the component degrades from a normal state to a defective state after a shock arrives. The probability that the component transitions from the defective state to the failed state after being subjected to a shock is denoted by $P_2$. $P_1^{{}^{\prime }}$ and $P_2^{{}^{\prime }}$ respectively represent the probability that the component degrades to the adjacent state after a shock arrives during the rescue process.

Denote $N_D^i$ and $N_F^i$ as the number of components in defective state and failed state after the arrival of the i-th shock, respectively. Then, the Markov chain can be constructed as follows:

$$X_i=(N_D^i,N_F^i),i=1,2,\dots$$

(1)

The corresponding state space can be shown as follows.

$$\begin{array}{c}\hfill {\mathsf{\Omega }}_1=\left\{O_1\right\}\cup \left\{E_f^a\right\}=\left\{(n_D,n_F),0\le n_D\le R_1-1,0\le n_F\le R_2-1,n_D+n_F\le N\right\}\cup \left\{E_f^a\right\}\end{array}$$

(2)

where $O_1$ represents the set of states that have not reached the mission abort threshold, and $E_f^a$ is the absorbing state indicating the system meets the mission abort condition. The transition probabilities can be listed as follows at the end of this paragraph.

(1)

If $0\le a<R_1$, $0\le b<R_2$, $P\left\{X_i=(a,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)(1-P_2)$,

(2)

If $0\le a<R_1-1$, $0\le b<R_2$, $P\left\{X_i=(a+1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1(1-P_2)$,

(3)

If $0\le a<R_1$, $0\le b<R_2-1$, $P\left\{X_i=(a-1,b+1)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)P_2$.

Since the probability distribution of the different absorbing states affects the initial distribution of the next stage, it is necessary to write down all possible states of the absorbing state and the corresponding probability. The following shows the transition probability of the system from the working state to the absorbing state.

(4)

If $a=R_1-1$, $0\le b<R_2-1$, $P\left\{X_i=(R_1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1(1-P_2)$,

(5)

If $0\le a\le R_1-1$, $b=R_2-1$, $P\left\{X_i=(a-1,R_2)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)P_2$.

Based on the above transition rules, the one-step transition probability matrix ${\mathsf{\Lambda }}_1$ can be constructed as follows,

$${\mathsf{\Lambda }}_1=\left[\begin{array}{cc}{\mathit{U}}_1& {\mathit{W}}_1\\ \mathit{0}& {\mathit{I}}_1\end{array}\right]$$

(3)

where matrix ${\mathit{U}}_1$ with size $h_1\times h_1$ represents the transition probability matrix among $h_1$ transition states, where $h_1=R_1\times R_1$. Matrix ${\mathit{W}}_1$ with size $h_1\times h_1^{{}^{\prime }}$ denotes the transition probability matrix from transition states to absorbing states, where $h_1^{{}^{\prime }}=R_1+R_2$. Matrix ${\mathit{I}}_1$ is an identity matrix with size $h_1^{{}^{\prime }}\times h_1^{{}^{\prime }}$ which denotes the one-step transient matrix among the absorbing states.

According to the state transition probability matrix ${\mathsf{\Lambda }}_1$, the probability that the unit will be in each Markov chain state after suffering i shocks can be obtained as

$${\mathbf{P}}_1\left(i\right)={\mathsf{\pi }}_1{\left({\mathsf{\Lambda }}_1\right)}^i=(P_1^a\left(i\right),P_2^a\left(i\right),\dots ,P_{h_1}^a\left(i\right),P_{h_1+1}^a\left(i\right),\dots ,P_{h_1+h_1^{{}^{\prime }}}^a\left(i\right)),$$

(4)

where $P_x^a\left(i\right)$ denotes the probability that the system is in Markov chain state $x(x=1,$$2,\dots ,h_1+h_1^{{}^{\prime }})$. ${\mathsf{\pi }}_1$ is the initial state probability vector of the system after suffering the i-th shock, and ${\mathit{I}}_1={(1,1,\dots ,1)}_{h_1^{{}^{\prime }}\times 1}$. The probability that the system reaches the mission abort threshold within $\tau$ is as follows,

$$F_T\left(\tau \right)=P\left\{T\le \tau \right\}={\mathsf{\pi }}_1{\left({\mathit{U}}_1\right)}^{K_1-1}{\mathit{W}}_1{\mathit{I}}_1.$$

(5)

When the system reaches the mission abort threshold but does not abort the mission, the lifespan of the system is $L_1$. $K_2$ is the total number of shocks that the system experienced during $\tau$. The state space can be defined as follows:

$$\begin{array}{cc}\hfill {\mathsf{\Omega }}_2& =\left\{O_2\right\}\cup \left\{O_3\right\}\cup \left\{E_f^b\right\}\hfill \\ & =\left\{(n_D,n_F),R_1\le n_D\le M_1,0\le n_F\le M_2,n_D+n_F\le N\right\}\cup \hfill \\ & \left\{(n_D,n_F),0\le n_D\le R_1-1,R_2\le n_F\le M_2,n_D+n_F\le N\right\}\cup \left\{E_f^b\right\},\hfill \end{array}$$

(6)

where $O_2$ is the state space of the states that the number of defective components reaches the mission abort threshold and the number of failed components may or may not reach the threshold for task termination, and $O_3$ is used to denote the set of states that the number of failed components meets the mission abort condition while the number of defective components not reaches the mission abort threshold. $E_f^b$ is the absorbing state representing system failure, where the number of defective or failed components reaches the threshold of system failure. Then, the transition probabilities are listed as follows at the end of this paragraph.

(1)

If $R_1\le a\le M_1$, $0\le b\le M_2$, $P\left\{X_i=(a,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)(1-P_2)$,

(2)

If $0\le a\le R_1-1$, $R_2\le b\le M_2$, $P\left\{X_i=(a,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)(1-P_2)$,

(3)

If $R_1\le a\le M_1-1$, $0\le b\le M_2$, $P\left\{X_i=(a+1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1(1-P_2)$,

(4)

If $0\le a\le R_1-1$, $R_2\le b\le M_2$, $P\left\{X_i=(a+1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1(1-P_2)$,

(5)

If $0\le a\le R_1-1$, $R_2\le b\le M_2-1$, $P\left\{X_i=(a-1,b+1)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)P_2$,

(6)

If $R_1\le a\le M_1$, $0\le b\le R_2-1$, $P\left\{X_i=(a-1,b+1)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)P_2$,

(7)

If $a=M_1$, $0\le b\le M_2$, $P\left\{X_i=E_f^b|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1(1-P_2)$,

(8)

If $0\le a\le M_1$, $b=M_2$, $P\left\{X_i=E_f^b|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1)P_2$.

The state transition probability matrix ${\mathsf{\Lambda }}_2$ can be constructed as follows,

$${\mathsf{\Lambda }}_2={\left[\begin{array}{cc}{\mathit{U}}_2& {\mathit{W}}_2\\ \mathit{0}& {\mathit{I}}_2\end{array}\right]}_{h_2\times h_2}.$$

(7)

${\mathit{U}}_2$ is the matrix with size $(h_2-1)\times (h_2-1)$ representing the transition probability matrix among $(h_2-1)$ transition states, where $h_2=(M_1-R_1+1)\times (M_2+1)+R_1\times (M_2-R_2+1)+1$. The matrix ${\mathit{W}}_2$ with size $(h_2-1)\times 1$ denotes the transition probability matrix from transition states to absorbing states. ${\mathit{I}}_2$ is the identity matrix.

Based on the transition probability matrix ${\mathsf{\Lambda }}_2$, we can derive the probability that the system is in state i after experiencing i shocks.

$${\mathbf{P}}_2\left(i\right)={\mathsf{\pi }}_2{\left({\mathsf{\Lambda }}_2\right)}^{i-K_1}=(P_1^b\left(i\right),P_2^b\left(i\right),\dots ,P_{h_2}^b\left(i\right)),$$

(8)

where ${\mathsf{\pi }}_2={\left(\frac{P_{h_1+1}^a\left(i\right)}{{\sum }_{j=1}^{h_1}{P}_{h_1+j}^a\left(i\right)},\dots ,\frac{P_{h_1+h_1}^a\left(i\right)}{{\sum }_{j=1}^{h_1}{P}_{h_1+j}^a\left(i\right)},0,\dots ,0\right)}_{1\times h_2}$ and $P_x^b\left(i\right)$ denotes the probability that the component is in state $x(x=1,2,\dots ,h_2)$. Then the probability of the system failure within $\tau$ can be calculated using the following formula when the system exceeds the task termination threshold but does not abort the mission.

$$P\left\{L_1>\tau |s\le T<\tau \right\}={\mathsf{\pi }}_2^{{}^{\prime }}{\left({\mathit{U}}_2\right)}^{K_2-K_1}{\mathit{I}}_2^{{}^{\prime }},$$

(9)

where ${\mathsf{\pi }}_2^{{}^{\prime }}={\left(\frac{P_{h_1+1}^a\left(i\right)}{{\sum }_{j=1}^{h_1}{P}_{h_1+j}^a\left(i\right)},\dots ,\frac{P_{h_1+h_1}^a\left(i\right)}{{\sum }_{j=1}^{h_1}{P}_{h_1+j}^a\left(i\right)},0,\dots ,0\right)}_{1\times (h_2-1)}$, ${\mathit{I}}_2^{{}^{\prime }}={(1,1,\dots ,1)}_{1\times (h_2-1)}^T$.

The probability of mission success can be calculated as follows:

$$\begin{array}{cc}\hfill MSP& =P\left\{T\ge \tau \right\}+P\left\{L_1>\tau |s\le T<\tau \right\}\hfill \\ \hfill & =1-{\mathsf{\pi }}_1{\left({\mathit{U}}_1\right)}^{K_1-1}{\mathit{W}}_1{\mathit{I}}_1^{{}^{\prime }}+{\mathsf{\pi }}_2^{{}^{\prime }}{\left({\mathit{U}}_2\right)}^{K_2-K_1}{\mathit{I}}_2^{{}^{\prime }}\hfill \end{array}$$

(10)

Denote $L_2$ as the lifespan of the system when it reaches the mission abort threshold and abort the mission. The state space can be defined as follows:

$$\begin{array}{cc}\hfill {\mathsf{\Omega }}_3& =\left\{O_4\right\}\cup \left\{O_5\right\}\cup \left\{E_f^c\right\}\hfill \\ & =\left\{(n_D,n_F),R_1\le n_D\le M_1,0\le n_F\le M_2,n_D+n_F\le N\right\}\cup \hfill \\ & \left\{(n_D,n_F),0\le n_D\le R_1-1,R_2\le n_F\le M_2,n_D+n_F\le N\right\}\cup \left\{E_f^c\right\},\hfill \end{array}$$

(11)

where $O_4$ is the space of the states that the number of defective components reaches the mission abort threshold and the number of failed components may or may not reach the threshold for task termination, and $O_5$ is used to denote the set of states that the number of failed components meets the mission abort condition while the number of defective components not reaches the mission abort threshold. $E_f^c$ is the absorbing state representing system failure, where the number of defective or failed components reaches the threshold of system failure. Then, the transition probabilities are listed as follows at the end of this paragraph.

(1)

If $R_1\le a\le M_1$, $0\le b\le M_2$, $P\left\{X_i=(a,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1^{{}^{\prime }})(1-P_2^{{}^{\prime }})$,

(2)

If $0\le a\le R_1-1$, $R_2\le b\le M_2$, $P\left\{X_i=(a,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1^{{}^{\prime }})(1-P_2^{{}^{\prime }})$,

(3)

If $R_1\le a\le M_1-1$, $0\le b\le M_2$, $P\left\{X_i=(a+1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1^{{}^{\prime }}(1-P_2^{{}^{\prime }})$,

(4)

If $0\le a\le R_1-1$, $R_2\le b\le M_2$, $P\left\{X_i=(a+1,b)|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1^{{}^{\prime }}(1-P_2^{{}^{\prime }})$,

(5)

If $0\le a\le R_1-1$, $R_2\le b\le M_2-1$, $P\left\{X_i=(a-1,b+1)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1^{{}^{\prime }})P_2^{{}^{\prime }}$,

(6)

If $R_1\le a\le M_1$, $0\le b\le R_2-1$, $P\left\{X_i=(a-1,b+1)|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1^{{}^{\prime }})P_2^{{}^{\prime }}$,

(7)

If $a=M_1$, $0\le b\le M_2$, $P\left\{X_i=E_f^c|X_{i-1}=(a,b)\right\}=a(n-a-b)P_1^{{}^{\prime }}(1-P_2^{{}^{\prime }})$,

(8)

If $0\le a\le M_1$, $b=M_2$, $P\left\{X_i=E_f^c|X_{i-1}=(a,b)\right\}=a(n-a-b)(1-P_1^{{}^{\prime }})P_2^{{}^{\prime }}$.

The state transition probability matrix ${\mathsf{\Lambda }}_3$ can be obtained using the state transition probabilities mentioned above.

$${\mathsf{\Lambda }}_3={\left[\begin{array}{cc}{\mathit{U}}_3& {\mathit{W}}_3\\ \mathit{0}& {\mathit{I}}_3\end{array}\right]}_{h_3\times h_3}.$$

(12)

${\mathit{U}}_3$ is the matrix with size $(h_3-1)\times (h_3-1)$ representing the transition probability matrix among $(h_3-1)$ transition states, where $h_3=(M_1-R_1+1)\times (M_2+1)+R_1\times (M_2-R_2+1)+1$. The matrix ${\mathit{W}}_3$ with size $(h_3-1)\times 1$ denotes the transition probability matrix from transition states to absorbing states. ${\mathit{I}}_3$ is the identity matrix.

Based on the transition probability matrix ${\mathsf{\Lambda }}_3$, we can derive the probability that the system is in state i after experiencing i shocks.

$${\mathbf{P}}_3\left(i\right)={\mathsf{\pi }}_2{\left({\mathsf{\Lambda }}_3\right)}^{i-K_1}=(P_1^c\left(i\right),P_2^c\left(i\right),\dots ,P_{h_3}^c\left(i\right)),$$

(13)

where $P_x^c\left(i\right)$ denotes the probability that the component is in state $x(x=1,2,\dots ,h_3)$. Let $K_3$ denote the total number of shocks that the system reaching the mission abort threshold starts rescue at T and does not fail within $T+\phi \left(T\right)$. Then the probability of the system failure within $\tau$ can be calculated using the following formula when the system exceeds the task termination threshold and terminates the mission.

$$P\left\{L_2>T+\phi \left(T\right)|T<s\right\}={\mathsf{\pi }}_2^{{}^{\prime }}{\left({\mathit{U}}_3\right)}^{K_3-K_1}{\mathit{I}}_2^{{}^{\prime }}.$$

(14)

Thus, $SSP$ can be obtained as follows.

$$\begin{array}{cc}\hfill SSP& =P\left\{T\ge \tau \right\}+P\left\{L_1>\tau |s\le T<\tau \right\}+P\left\{L_2>T+\phi \left(T\right)|T<s\right\}\hfill \\ \hfill & =1-{\mathsf{\pi }}_1{\left({\mathit{U}}_1\right)}^{K_1-1}{\mathit{W}}_1{\mathit{I}}_1^{{}^{\prime }}+{\mathsf{\pi }}_2^{{}^{\prime }}{\left({\mathit{U}}_2\right)}^{K_2-K_1}{\mathit{I}}_2^{{}^{\prime }}+{\mathsf{\pi }}_2^{{}^{\prime }}{\left({\mathit{U}}_3\right)}^{K_3-K_1}{\mathit{I}}_2^{{}^{\prime }}\hfill \end{array}$$

(15)

Because of the dependency between $K_i(i=1,2,3)$ and T, it is difficult to obtain the analytical solution of $MSP$ and $SSP$. To obtain the optimal strategy, the Monte-Carlo simulation method is used. The Monte-Carlo simulation method, also known as the random sampling statistical test method, is a branch of experimental science. The simulation flowchart is shown in Figure 2. The general steps of the simulation are listed as follows at the end of this paragraph.

Step 1:

Initialize the parameters of the model;

Step 2:

Generate variables to simulate the shock process and the impact of the shock;

Step 3:

Judge whether the time exceeds $\tau$;

Step 4:

Simulate the shock arrival process and the changes in component states;

Step 5:

Judge if the system reaches the mission abort threshold;

Step 6:

Decide whether to abort the mission;

Step 7:

Judge whether the system meets the failure threshold;

Step 8:

Obtain the result of a round simulation;

Step 9:

Derive the probability of mission success and the probability of system survival based on all simulation results.

3.2. Optimization Model

Intuitively, when the mission abort condition is easier to achieve, the system reliability increases while the mission success probability decreases. To this end, to balance the trade-off between mission reliability and system survivability, an optimization model is constructed as follows. The cost of the system consists of two parts: mission failure cost and system failure cost. Denote $C_u$ and $C_d$ as the cost of mission abort and system failure, respectively. The objective of optimizing the model is to find the optimal mission abort thresholds that minimize the total expected cost. Besides, for safety-critical systems, system survival probability is important. Therefore, in the optimization model, the system survival probability is taken into consideration as a constraint condition. Additionally, the values of $MSP$ and $SSP$ are related to $R_1$ and $R_2$. Then, the optimization model can be constructed as follows, where $\overline{SSP}$ is a preset value of desired $SSP$.

$$\min C(R_1,R_2)=C_u\left(1-MSP(R_1,R_2)\right)+C_d\left(1-SSP(R_1,R_2)\right)$$

(16)

$$s.t.\left\{\begin{array}{c}SSP(R_1,R_2)\ge \overline{SSP},\hfill \\ 1\le R_1\le M_1,\hfill \\ 1\le R_2\le \min \left\{R_1,M_2\right\}.\hfill \end{array}\right.$$

4. Case Study

4.1. Background

Consider a military unmanned aerial vehicle (UAV) consisting of $N=5$ engines operating in a harsh battlefield environment. The UAV is designed to perform a reconnaissance mission within a specific time period $\tau =10$. Each engine in the UAV can be in one of three possible states: normal, defective, and failed. The external shocks that affect the engines in the UAV are caused by gunfire, explosions, and other hostile actions on the battlefield. The arrival of shocks follows a homogeneous Poisson process with a parameter $\lambda =1$. Each shock can cause the engine to deteriorate from a normal state to a defective with a probability $P_1$, or cause the engine to deteriorate from a defective state to a failed state with a higher probability $P_2=0.25$. Furthermore, the impacts of random shocks on each engine are independent of each other. The UAV will crash if the number of defective engines reaches $M_1=5$ or the number of failed engines reaches $M_2=4$.

The abort criteria for the UAV’s mission are when the number of defective components reaches $R_1$ or the number of failed components reaches $R_2$. If the abort condition is met, the mission will be immediately aborted, and the rescue will be started to save the UAV. The time required for rescue is $\phi \left(t\right)=0.3t$, when the mission is aborted at time t. The UAV system will remain in its original state until the rescue is completed. During the rescue, the probability of a shock deteriorating the state of a defective component is $P_2^{{}^{\prime }}=0.1$, higher than $P_1^{{}^{\prime }}=0.05$. The mission will continue to be executed if the required time for the rest of the mission completion is less than the time for rescue. The cost of the UAV failure is $C_d=5000$, and the cost of mission failure is $C_u=2000$.

For a given $P_1$, we can derive the corresponding mission reliability and system survivability, and then obtain the total expected cost for different $R_1$ and $R_2$. Based on the constructed optimization model in Section 3.2, we use the one-dimensional search method to find the optimal solutions of $R_1$ and $R_2$ which minimize the total expected cost.

4.2. Result Discussion

Under different probabilities that the component degrades from normal state to defective state, the optimal values for $R_1$ and $R_2$ in terms of $P_1$ are shown in

Table 1. The optimal solutions of $R_1$ and $R_2$ in terms of $P_1$.

${\mathit{P}}_1$	0.1	0.11	0.12	0.13	0.14	0.15	0.16	0.17	0.18	0.19	0.2
$R_1$	4	4	3	3	3	3	3	3	3	3	3
$R_2$	1	1	1	1	1	1	1	1	1	1	1

. It can be seen that, as $P_1$ increases, $R_1$ changes from 4 to 3 and $R_2$ remains 1. These changes in $R_1$ can be explained by the fact that the probability of system state degradation will decrease after starting the rescue, so the mission should be aborted sooner to prevent system failure since the probability of components changing from their normal state to defective state grows as $P_1$ increases. Under the current parameters setting, when $P_1$ is 0.1, the optimal value of $R_2$ is 1. As $P_1$ changes from 0.1 to 0.2, it is better to obtain a smaller $R_2$. But $R_2=1$ is already the minimum value that can be taken, so, $R_2$ remains constant at 1. The values of $MSP$ and $SSP$ in terms of $P_1$ are shown in Figure 3. It can be seen that as $P_1$ increases, $MSP$ decreases and $SSP$ increases. The reason is that a larger value of $P_1$ leads to a higher probability of mission abort.

Comparisons of the optimal expected total cost between mission abort optimization and the absence of abort policy are illustrated in Figure 4. It can be seen the optimal mission abort policy can greatly reduce the expected total cost compared to the absence of an abort policy. When $P_1=0.12$, for example, the expected total cost with a mission abort decision is 2174.02, which is significantly less than the expected total cost of 4019.88 without a mission abort. Therefore, it is very necessary to adopt the mission abort policy to minimize the expected total cost.

5. Conclusions

This paper investigates the optimal mission abort policy with multiple abort criteria for multi-component systems operating in random environments. By incorporating multi-level transition probabilities, a shock model is utilized to characterize the impact of the environment. Mission abort policies are designed based on the number of defective components and failed components. Due to the dependence between variables, we use the Monte Carlo simulation method to derive the mission reliability and system survivability. In order to balance the trade-off between these two indexes, the optimization model is constructed to find the optimal mission abort thresholds. For comparison purposes, the total expected cost under a heuristic policy without aborting is obtained. It is found that the mission abort action can effectively reduce the total expected cost.

There are a number of extensions to the current study that deserve some attention. Firstly, single mission execution is assumed in this model, one practical extension is to consider the optimal mission abort policy for systems performing multiple tasks or one task with multiple executing chances. Secondly, internal degradation can also be incorporated into this model to refine the state transition process of the considered system. Finally, some preventive maintenance activities before mission abort or system failure are worth investigating because these actions can highly improve both mission reliability and system survivability.