Failure Detection and Isolation in Integrator Networks

Multi-agent network systems have found promising applications in areas such as motion coordination of robots [1]. Cooperative dynamics over a network can be strongly affected by the network failures. Hence, studying the effects of link or node failures on the network dynamics is an important topic in network science and it has various practical implications [2, 3].

Fault Detection and Isolation (FDI) in networked systems is an active area of research with application to power networks [4], and security of cyber-physical systems [5]. In a systematic approach the so-called FDI filter uses available measurements to generate a residual signal, which is then used for fault diagnosis [6]. Various observer and Kalman filter techniques are used to obtain the residual signal [7], which can be then compared with a threshold signal to detect faults. In [8] the residual signal and threshold signals are generated using filtering techniques that allow for noise suppression and less conservative detection thresholds. Failures and attacks are modeled as disturbances in the descriptor systems approach that is adopted in [5], and some fundamental limitations of detection and identification in cyber-physical systems are established from systems-theoretic or graph-theoretic perspectives.

The mathematical framework for investigating the ability to detect and distinguish failures based on the observed output responses is established in [9], where conditions in terms of the inter-nodal distances to the observation points are provided for the detectability of links. Subsequent results in [10] provide a method for detection and isolation of failures under the Laplacian network dynamics. These results relate the presence of discontinuities in the derivatives of particular orders in the output responses of a subset of nodes to occurrence and location of link failures; and coupled with efficient sensor placement algorithms they can be used to pin down the location of failures in the network. In this paper, we analyze the particular case of networked single integrator dynamics and extend the proofs and FDI algorithms to allow for efficient sensor location in a (directed or undirected) integrator network where link failures can be either unidirectional or bidirectional.

The remainder of this paper is organized as follows. In Section II we set up the notation and give the preliminaries on weighted digraphs and their algebraic properties. Our main analytical findings are set forth in Section III where we first prove the results relating link failures to jump discontinuities of the output derivatives for single-integrator networks, and then consider the case when the links can fail simultaneously in both forward and reverse directions. In Section IV we flesh out the necessary formalism to accommodate both cases of unidirectional and bidirectional link failures within the framework of the previously developed sensor placement algorithms. Computer experiments on large networks in Section V elucidate the results and offer interesting insights on the effects of the network size and edge directionality. Section VI concludes the paper.

Throughout the paper, $\varnothing$ is the empty set, $\mathbb{N}$ denotes the set of all natural numbers, and $\mathbb{R}$ denotes the set of all real numbers. Also, the set of integers $\{1,2,\ldots,k\}$ is denoted by $\mathbb{N}_{k}$, and any other set is represented by a calligraphic capital letter. The cardinality of a set $\mathcal{X}$ is denoted by $|\mathcal{X}|$, and $\mathcal{P}(\mathcal{X})=\{\mathcal{M};\mathcal{M}\subset\mathcal{X}\}$ denotes the power-set of $\mathcal{X}$, which is the set of all its subsets. The difference of two sets $\mathcal{X}$ and $\mathcal{Y}$ is denoted by $\mathcal{X}\fgebackslash\mathcal{Y}$ and is defined as $\left\{x;x\in\mathcal{X}\wedge x\notin\mathcal{Y}\right\}$, where $\wedge$ is the logical conjunction. In addition the logical implication and bi-implication are denoted by $\rightarrow$ and $\leftrightarrow$, respectively, and $\vee$ denote the logical disjunction. The fixed integer $n$ represents the number of nodes in the network. Matrices are represented by capital letters, vectors are expressed by boldface lower-case letters, and the superscript ^T denotes the matrix transpose. Moreover, $I$ denotes the identity matrix with proper dimension, $\mathbf{e}_{i}$ is the $i$-th unit vector in the standard basis of $\mathbb{R}^{n}$, and $m_{ij}:=\left[M\right]_{ij}$ indicate the element of matrix $M$ which is located at its $i-$th row and $j-$th column.

A directed graph or digraph is defined as an ordered pair of sets $\mathcal{G}:=(\mathcal{V},\mathcal{E})$, where $\mathcal{V}=\left\{{\nu}_{1},\ldots,{\nu}_{n}\right\}$ is a set of $n=|\mathcal{V}|$ vertices and $\mathcal{E}\subseteq\mathcal{V}\times\mathcal{V}$ is a set of directed edges. In the graphical representations, each edge $\epsilon:=({\tau},{\nu})\in\mathcal{E}$ is depicted by a directed arc from vertex ${\tau}\in\mathcal{V}$ to vertex ${\nu}\in\mathcal{V}$. Vertices ${\nu}$ and $\tau$ are referred to as the head and tail of the edge $\epsilon$ and a $(\nu,\nu)$ edge is called a self-loop on $\nu$. Given an integer $k\in\mathbb{N}$, a set of (possibly repeated) indices $\{\alpha_{1},\alpha_{2},\ldots,\alpha_{k}\}$ $\subseteq$ $\mathbb{N}_{n}$ and two vertices $\tau,\nu$ $\in$ $\mathcal{V}$, an ordered sequence of edges of the form $\mathcal{W}$ $:=$ $({\tau},{\nu}_{\alpha_{1}}),({\nu}_{\alpha_{1}},{\nu}_{\alpha_{2}}),$ $\ldots$ , $({\nu}_{\alpha_{k-1}},{\nu}_{\alpha_{k}}),({\nu}_{\alpha_{k}},{\nu})$ is called a ${\tau}{\nu}$ walk with start-node $\tau$, end-node $\nu$ and length $k+1$. A cycle on node $\nu$ signifies a $\nu\nu$ walk. For any $\{{q},{p}\}\subset\mathbb{N}_{n}$, $\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{p}})$ is the set of all ${\nu_{q}}{\nu_{p}}$ walks in $\mathcal{G}$ with length $k$. Similarly for $\{{q},{r},{p}\}$ $\subset$ $\mathbb{N}_{n},$ $\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{r},\nu_{p}})$ $=$ $\{\mathcal{W}$ $\in$ $\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{p}});(\nu_{q},\nu_{r})$ $\in$ $\mathcal{W}\}$, i.e. the set of $\nu_{q}\nu_{p}$ walks with length $k$ that include the edge $(\nu_{q},\nu_{r})$. In the same venue, the integer $\textrm{dist}(\mathcal{G};{\nu_{q}},{\nu_{p}})=\min\{k\in\mathbb{N}:,\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{p}})\neq\varnothing\}$ is referred to as the distance from ${\nu_{q}}$ to ${\nu_{p}}$ in $\mathcal{G}$, and by convention, $\textrm{dist}(\mathcal{G};{\nu_{q}},{\nu_{q}})=0,\forall q\in\mathbb{N}_{n}$ and $\textrm{dist}(\mathcal{G};{\nu_{q}},{\nu_{p}})=\infty$ if $\forall k\in\mathbb{N}$, $\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{p}})=\varnothing$. For ease of notation we usually use $\textrm{dist}({\nu_{q}},{\nu_{p}}):=\textrm{dist}(\mathcal{G};{\nu_{q}},{\nu_{p}})$. The diameter of $\mathcal{G}$, denoted by $\mbox{diam}(\mathcal{G})$, is defined as the maximum distance between any pair of nodes $\nu_{p},\nu_{q}\in\mathcal{V}$: $\mbox{diam}(\mathcal{G})=\max_{\nu_{q},\nu_{p}\in\mathcal{V}}\textrm{dist}(\nu_{q},\nu_{p})$. A matrix $A\in\mathbb{R}^{n\times n}$ is called an in-weighting on $\mathcal{G}$ if $\forall\{\nu_{p},\nu_{q}\}\subset\mathcal{V},(\nu_{q},\nu_{p})\not\in\mathcal{E}\rightarrow a_{pq}=0$. If $A$ is an in-weighting on $\mathcal{G}$, then $\omega(\mathcal{W},A)=\prod_{(\nu_{q},\nu_{p})\in\mathcal{W}}a_{pq}$ is referred to as the weight of walk $\mathcal{W}$ w.r.t. $A$. Given a set of walks $\Omega$ in digraph $\mathcal{G}$ and the in-weighting $A$ on $\mathcal{G}$, the function $\Phi(\Omega,A)=\sum_{\mathcal{W}\in\Omega}\omega(\mathcal{W},A)$ is defined, which finds use in the proof of the main results in Section III. Note that this function satisfies $\Phi(\Omega^{k}(\mathcal{G};{\nu_{q},\nu_{r},\nu_{p}}),A)=a_{rq}\Phi(\Omega^{k-1}(\mathcal{G};{\nu_{r},\nu_{p}}),A)$. It is also known that given an in-weighting $A$ on $\mathcal{G}$ and vertices $\{\nu_{q},\nu_{p}\}\subset\mathcal{V}$, that [11, 12]:

The following definition comes handy in the statement and proof of the main theorem in the next section. At each time $t_{f}$ and for all $p\in\mathbb{N}_{n}$ and $k\in\mathbb{N}_{z}$, define $\Delta_{t_{f}}:\mathbb{N}_{n}\times\mathbb{N}_{z}\to\mathbb{R}$ as $\Delta_{t_{f}}(p,k):=\frac{{\textrm{d}}^{k}}{\textrm{d}t^{k}}({x}_{p})(t_{f}^{+})-\frac{{\textrm{d}}^{k}}{\textrm{d}t^{k}}(x_{p})(t_{f}^{-})$. The function $\Delta_{t_{f}}(p,k)$ as defined, measures the jump in the $k-$th derivative of the response of agent $p$ at the time of failure $t_{f}$, and the parameter $z\leqslant\mbox{diam}(\mathcal{G})+1$ is a fixed integer, denoting the highest order of derivatives to which the designer has access.

Let us consider a network of $n$ single-integrators, where each integrator is described by a single state $x_{i}$, with the following dynamics:

where $\mathbf{x}\left(t\right)=\left(x_{1},\ldots,x_{n}\right)^{T}\in\mathbb{R}^{n}$, $\mathbf{w}(t)\in\mathbb{R}^{m}$, $B\in\mathbb{R}^{N\times m}$, and $A\in\mathbb{R}^{N\times N}$ is an in-weighting of graph $\mathcal{G}$. We assume that the entries of $\mathbf{w}\left(t\right)$ are $\left(\mathrm{diam}(\mathcal{G})+1\right)$-differentiable. Let us assume link $\bar{\epsilon}=(\nu_{j},\nu_{i})$ fails at time $t=t_{f}$, resulting in a faulty connectivity graph $\bar{\mathcal{G}}=(\mathcal{V},\mathcal{E}\fgebackslash\{\bar{\epsilon}\})$ for $t>t_{f}$. The corresponding in-weighting of $\bar{\mathcal{G}}$, denoted by $\bar{A}$, is a perturbed version of $A$ that satisfies $\bar{a}_{ij}=0$, and $\bar{a}_{qr}=a_{qr}$ for all $q\neq i$; i.e. entries on the $i$-th row of $A$ are allowed to change while every other entry remains unaffected.

The following theorem characterizes the effect of link failures on the output derivatives of a network of single integrators:

The next lemma and the following corollary show in particular how the result of Theorem 1 agrees with and maps to the result of Theorem 1 in [13], where we consider the case of networked LTI agents. However, the proofs in [13] rely on Laplace domain techniques rather than the combinatorial arguments in the time-domains that helped us prove Theorem 1; indeed, the flexibilities in the latter case facilitate some extensions that are of particular interest to FDI scenarios.

The following is now immediate upon combining the results of Theorem 1 and Lemma 1.

The condition stated in Lemma 1 is intuitive because $\mbox{{dist}}(\nu_{i},\nu_{p})$ $=$ $k-1$ $<$ $\mbox{{dist}}(\nu_{j},\nu_{p})$ $=$ $k$ holds true only if there exist a shortest path of length $k$ connecting $\nu_{j}$ to $\nu_{p}$ and with $(\nu_{j},\nu_{i})$ as its first edge. In other words, the failed link $(\nu_{j},\nu_{i})$ contributes to the flow of information from $\nu_{j}$ to $\nu_{i}$ as an element of a shortest path from node $\nu_{j}$ to node $\nu_{i}$. These observations are in perfect agreement with the sufficient conditions previously studied in [9]. On the other hand, Corollary 1 shows how Theorem 1 may follow as a special case of Theorem 1 in [13] (up to a known constant multiplier), after setting the relative degree $r=1$ for the involved networked LTI systems. The proofs in the single-integrator case, however, admit additional niceties that we discuss next.

It is assumed that at each instant of time, the designer is given access to the response of a subset of agents, as well as the nominal network information flow digraph $\mathcal{G}$ (prior to the link failure) and the set of bidirectional $\mathcal{B}$. Neither the location of the failure (nodes $\nu_{i}$ and $\nu_{j}$), nor the time of failure $t_{f}$ are known to the designer. In the case of detection, the designer is interested in determining the existence of any single link failure in the network at the instant of failure. For the isolation problem, however, the designer would like to determine “instantaneously”, not only the existence of a failure, but also its location. That is to determine which link, if any, has failed and exactly at the same instant as it fails. The significance of “instantaneous” detection and isolation is better understood upon noting that if the time of failure is random and has a continuous sample space, then “simultaneous” failure of more than one link is a measure zero event; hence, justifying the focus of investigation in this paper, which is on the “single” (possibly bidirectional) link failures. Before shifting attention to the sensor placement problem, two assumptions are set forth:

The first assumption above is a provision of consistency that is assumed with regard to the in-weighting matrix $A$. This assumptions is satisfied almost surely for any assignment of weights on the graph. In particular, it holds true for the Laplacian consensus networks considered in [10]. The second assumption involves the values of the agents states at the time failure $t_{f}$. This condition also holds true, almost surely, for any in-weightings $A$, its perturbed version $\bar{A}$, and a random time of failure $t_{f}>t_{0}$; since $\sum_{q=1}^{N}\left(\bar{a}_{iq}-a_{iq}\right)x_{q}(t_{f})=0$ specifies a low-dimensional hyperplane in the agents’ state space that the agents almost surely avoid given a random time of failure.

To enable the designer to handle the desired FDI tasks, she is given access to the output response of a subset of nodes as well as their derivatives upto the $z$-th order. In this section, we offer efficient procedures for determining such a subset of nodes, given the network topology and parameter $z$; and in such a way that all link failures in the networks can be detected or isolated from the occurrence of jump discontinuities in the observed outputs and their derivatives. Furthermore, we would like to achieve this goal using as few observation points (sensors) as possible. From Corollary 1 it follows that if the existence of a jump discontinuity in the $k-$th derivative of the output response of agent $p$ is to serve as the basis for a method to detect the failure of edge $\bar{\epsilon}$ at time $t_{f}$, then it should be true that $\mbox{dist}({\mathcal{G}};{\nu}_{i},{\nu_{p}})$ $=$ $k-1$ $<$ $\mbox{dist}({\mathcal{G}};{\nu}_{j},{\nu_{p}})$ $=$ $k$. The latter happens only if there exist a shortest path of length $k$ connecting $\nu_{j}$ to $\nu_{p}$ and with $(\nu_{j},\nu_{i})$ as its first edge. In [10] we use this observation in the case of Laplacian network dynamics to define binary relations $\mathcal{R}_{k},k\in\mathbb{N}_{z}$ and $\mathcal{R}_{0}$ between the sets $\mathcal{V}$ and $\mathcal{E}$ such that for all $p\in\mathcal{V}$ and $\epsilon\in\mathcal{E}$ if $(p,\epsilon)\in\mathcal{R}_{k}$, then the failure of link $\epsilon$ produces a jump in the $k-th$ derivative of the response of node $p$ and if $(p,\epsilon)\in\mathcal{R}_{0}$ then the failure of edge $\epsilon$ does not produce a jump in any of the derivatives of the response of node $p$ upto the $z-$th order. We now go ahead and redefine the binary relations per Proposition 1 to accommodate bidirectional link failures. Indeed, bidirectional links are treated specially as any of the two edges in reverse directions can provide us with the required relation for detection when a bidirectional failure occurs.

The FDI problems can now be posed as follows.

The idea for proposing efficient sensor placement algorithms that approximate the solutions of the above problems is by counting the number of edges that are not yet detectable or isolatable from the currently chosen nodes and add new nodes to the existing sets in a greedy manner: in each addition of a new node to the existing sensor set, we aim to decrease the number of edges that are not yet detectable or isolatable as much as possible. To this end, we define a correspondence $\mathcal{I}:$ $\mathcal{P}(\mathcal{V})\times\mathcal{E}$ $\to$ $\mathcal{P}({(\mathbb{N}_{z}\cup\{0\})\times\mathcal{V}})$ which maps an order pair $(\mathcal{M},\epsilon)$, comprised of a sensor set $\mathcal{M}$ and an edge $\epsilon$, to the set of ordered pairs that specify the relations between edge $\epsilon$ and nodes in $\mathcal{M}$. Accordingly, those edges $\epsilon_{1}$ and $\epsilon_{2}$ which produce the exact same pattern of jumps and at the exact same order of derivatives in the output responses of the nodes in $\mathcal{M}$ would satisfy $\mathcal{I}$ $(\mathcal{M},\epsilon_{1})$ $=$ $\mathcal{I}$ $(\mathcal{M},\epsilon_{2})$; and none of them can be identified using just the nodes in $\mathcal{M}$. We further define two set functions $f_{D}$ and $f_{I}$ which take a subset of nodes $\mathcal{M}$ and map it to the number of edges that are, respectively, not detectable or not isolatable using the sensor set $\mathcal{M}$. In [13] these functions are shown to be supermodular; wherefore per the theory of submodular set coverings [14], adding nodes greedily with respect to these functions would guarantee that the chosen sensor set is within a factor $\log(|\mathcal{E}|)$ of the minimal sensor sets that achieve detection or isolation goals (solutions of Problems 1 and 2). The following algorithms are proposed in [10], and included below for completeness, to implement this idea of supermodular greedy minimization.

It was noted in Subsection III-A that the set of bidirectional links $\mathcal{B}\subset\mathcal{E}$ should be made known to the designer. To facilitate the application of Algorithms 1 and 2 to the case of bidirectional link failures in networked single-integrator agents, we define an equivalence relation $\sim$ on the set $\mathcal{E}$ that identifies two parallel edges in reverse directions only if they are bidirectional. Specifically, for any $\{\tau,\nu\}\subset\mathcal{V}$ such that $(\tau,\nu)\in\mathcal{B}$ and $(\nu,\tau)\in\mathcal{B}$, set $(\tau,\nu)\sim(\nu,\tau)$, while for any two edges $\{\alpha,\beta\}\subset\mathcal{E}$ that $\{\alpha,\beta\}\cap\mathcal{E}\fgebackslash\mathcal{B}\neq\varnothing$, $\alpha\sim\beta$ iff $\alpha=\beta$. The task of the equivalence relation $\sim$ is to identify those edges who share the same head and tail but at opposite directions, only if they are bidirectional. Every other edge in the network is distinguished and therefore identified only with itself. With the afore-defined equivalence relation $\sim$, for any edge $\epsilon\in\mathcal{E}$, $\llbracket\epsilon\rrbracket=\{\hat{\epsilon}\in\mathcal{E};\hat{\epsilon}\sim\epsilon\}$ denotes the equivalence class of $\epsilon$, and for any subset of edges $\mathcal{X}\subset\mathcal{E}$, $\left({\raisebox{1.99997pt}{$\mathcal{X}$}\left/\raisebox{-1.99997pt}{$\sim$}\right.}\right)$ is the quotient of $\mathcal{X}$ by $\sim$, which is the set of all equivalence classes of the elements of $\mathcal{X}$. Last but not least, is the issue of self-loops which are specific to the case of single-integrator agents. In particular, every self-loop would always satisfy an $\mathcal{R}_{0}$ relation with all nodes in the network and the proposed algorithms cannot be applied for the detection and isolation of a self-loop $(\nu_{i},\nu_{i})$, although its value (weight) is allowed to change with the failure of a link incoming to node $\nu_{i}$. In the sequel, the set of all self-loops in $\mathcal{G}$ is denoted by $\mathcal{H}$. Next, changing the definitions of the correspondence $\mathcal{I}(\cdot)$, and the supermodular functions $f_{D}(\cdot)$ and $f_{I}(\cdot)$ as follows, allows us to apply Algorithms 1 and 2 to single-integrator networks, while properly identifying bidirectional links and accommodating self-loops. Define for all $\mathcal{M}\subset\mathcal{V}$ and any of the equivalence classes in ${\raisebox{1.99997pt}{$\mathcal{E}\fgebackslash\mathcal{H}$}\left/\raisebox{-1.99997pt}{$\sim$}\right.}$:

In the following subsections, the performance of the developed routines is tested for different random graph models and with varying model parameters.

In this paper, we developed FDI techniques for single-integrator networks that enable the designer to detect and isolate link failures based on the observed jumps in the derivatives of the output responses of a subset of nodes by relating the jumps in the derivatives at the time of failure to the distance of the failed link from the observation point. Our results covered both cases of unidirectional and bidirectional link failures. We also extended our previously developed sensor placement algorithms to accommodate both types of link failures (unidirectional and bidirectional). These algorithms were tested in large random networks, and the results suggest that link failures in directed networks are harder to detect but easier to isolate, as compared to undirected networks. The latter effect can be attributed to the increased diversity that is brought about by the directionality of the links. Moreover, both the cardinality of the detection sets and the required order of derivatives are shown to scale up reasonably well with the network size, and this agrees with the performance guarantees that are available from the theory of submodular set coverings and bound the size of the chosen sets to within a multiplicative $\log(|\mathcal{E}|)$ factor of the minimal sensor set, where $|\mathcal{E}|$ is the size of the edge set.

[Proofs of The Main Results]