Veri¯cation and Anomaly Detection for Event-Based Control of Manufacturing Systems by Lindsay Victoria Allen A dissertation submitted in partial ful¯llment of the requirements for the degree of Doctor of Philosophy (Electrical Engineering: Systems) in The University of Michigan 2010 Doctoral Committee: Professor Dawn M. Tilbury, Chair Professor Stephane Lafortune Associate Professor Jionghua Jin Associate Research Scientist James R. Moyne Lindsay Victoria Allen °c All Rights Reserved 2010 This work is dedicated to Bobby and my family, for all their love and support. ii ACKNOWLEDGEMENTS I would like to thank Rackham Graduate School, the NSF Engineering Research Center for Recon¯gurable Manufacturing Systems, NSF grants EEC 95-92125 and CMS 05-28287, and the NSF EAPSI Fellowship program for each providing ¯nancial support at some point during my doctoral work. This very worthwhile pursuit would not have been possible without this generosity. I am grateful for Professor Dawn Tilbury's guidance as my PhD advisor. She pushed me to do better and be stronger than I thought I could, and yet encouraged my independence. Numerous thanks go to my student and research colleagues, from whom I have learned so much, both academic and otherwise. The RFT students were always willing to be a sounding board when I got stuck and made work enjoyable even when things got tough. I thank James Moyne for always reminding me of the industry perspective, and Kiah Mok Goh for helping me see the commonalities in research and people, regardless of the part of the world. Finally, I want to express my deep appreciation to Bobby, my family, and my friends. Without you, I would not have had the passion, persistence, nor sanity to reach this goal. iii TABLE OF CONTENTS DEDICATION :::::::::::::::::::::::::::::::::::::::::: ii ACKNOWLEDGEMENTS :::::::::::::::::::::::::::::::::: iii LIST OF TABLES ::::::::::::::::::::::::::::::::::::::: vii LIST OF FIGURES :::::::::::::::::::::::::::::::::::::: viii ABSTRACT ::::::::::::::::::::::::::::::::::::::::::: x CHAPTER I. Introduction ....................................... 1 1.1 Motivation . 1 1.2 Research Approaches . 4 1.2.1 Veri¯cation . 4 1.2.2 Detection Solution . 6 1.2.3 Detection Application . 7 1.3 Contributions . 7 1.4 Summary . 9 II. Background and Related Work ........................... 10 2.1 Discrete Event System (DES) Models . 10 2.1.1 Finite State Machine (FSM) . 11 2.1.2 Petri Nets . 12 2.1.3 System Identi¯cation for DES . 14 2.2 Logic Controllers . 15 2.2.1 IEC 61499 . 16 2.2.2 ECA MFSM . 17 2.3 Handling Faults in DES . 19 2.3.1 Veri¯cation . 19 2.3.2 Fault Detection and Diagnosis . 20 III. Veri¯cation of Input Order Robustness ...................... 22 3.1 Related Concepts . 23 3.2 Logic Controllers and Networks of Controllers . 25 3.2.1 Logic Controllers . 25 3.2.2 Network of Controllers . 27 3.3 IOR Theory . 30 3.3.1 Input Order Robustness . 31 3.3.2 Pairwise Input Order Robustness of a Single Controller . 33 iv 3.3.3 Input Order Robustness of a Network of Controllers . 34 3.4 IOR Veri¯cation Procedure . 39 3.4.1 General Procedure . 39 3.4.2 Example System for Veri¯cation . 41 3.4.3 First Steps of Veri¯cation Example . 44 3.4.4 ECA MFSM Veri¯cation . 46 3.4.5 IEC 61499 Veri¯cation . 46 3.5 Application to IEC 61499 . 47 3.5.1 Open Execution Semantics Issues . 47 3.5.2 Application of Veri¯cation to IEC 61499 Network of Controllers . 51 3.6 Computational Complexity . 55 3.7 Conclusions . 56 IV. Anomaly Detection for Event-Based Systems Without Pre-Existing For- mal Models ........................................ 57 4.1 Description of Small Manufacturing Cell . 58 4.2 System of Processes That Interact Through Shared Resources . 60 4.2.1 Intuition and Examples for SPSRs . 60 4.2.2 Formal De¯nitions for SPSRs . 62 4.3 Petri Net Models for System of Processes that Interact Through Shared Resources . 64 4.4 Problem Statements . 74 4.5 Model Generation . 75 4.5.1 Steps for Set-Up . 75 4.5.2 ®+ Algorithm . 76 4.5.3 Model Generation Algorithm . 80 4.5.4 Theory . 87 4.6 Performance Assessment . 89 4.7 Anomaly Detection . 91 4.8 Application of Solution to Simulated RFT Cell . 93 4.9 Conclusions . 97 V. Application of Anomaly Detection to Industrial Manufacturing Line ... 99 5.1 Description of Machining Cell . 99 5.2 Initial Application of Solution . 102 5.3 Inconsistencies Between Academic Assumptions and Industry Realities . 104 5.3.1 Observable Events to Acquire/Release Resources . 105 5.3.2 String of Ordered Events . 107 5.3.3 Consistent Mapping Between Event and Meaning . 109 5.3.4 System Starts in Initial State for Each Event Stream . 111 5.3.5 Separate, Labeled Event Streams . 112 5.4 Barriers to Application to Machining Cell . 113 5.5 Conclusions . 114 VI. Application of Anomaly Detection to Simulated Systems ........... 115 6.1 Multiple Bit Change (MBC) Inconsistency . 115 6.1.1 Handling Combination Events in DES . 118 6.1.2 MBC Algorithm . 119 6.1.3 Application of MBC Decision Algorithms to Small Manufacturing Cell . 122 6.1.4 Limitations of Heuristic MBC Algorithms . 126 v 6.2 Initial State Inconsistency . 127 6.2.1 Model Producing Event Stream From Unknown Initial State . 127 6.2.2 Theory and Algorithms . 130 6.2.3 Application of Initial State Algorithms to Small Manufacturing Cell 134 6.3 Results for Simulated RFT Cell . 138 6.4 Conclusions . 141 VII. Conclusions and Future Work ............................ 142 7.1 Veri¯cation Contributions . 142 7.2 Anomaly Detection Contributions . 143 7.3 Future Work . 145 VIII. Appendix: List of Acronyms ............................. 150 Bibliography ::::::::::::::::::::::::::::::::::::::::::: 152 vi LIST OF TABLES Table 3.1 Events for Cell 1 Controller . 42 3.2 Veri¯cation of Event Pairs: P = cannot occur nearly same time, D = order should matter, S = need to verify . 44 3.3 States Removed by Restrictions R1 - R3 where ² = any valid value . 45 3.4 Event Modi¯cations for Application to IEC 61499 . 47 3.5 IEC 61499 Execution Open Issues . 51 4.1 Events in Manufacturing Cell . 59 4.2 Resource information for Manufacturing Cell . 60 4.3 Comparison of Petri net formalisms that use resources . 67 4.4 Comparison of Sound SW F -nets and TP s....................... 68 4.5 Event Pair Occurrences in Example . 78 4.6 Ordering Relations for Event Pairs in Example . 78 4.7 Ordering Relations Due to Resources for Event Pairs in Process 1 . 85 4.8 Relationships from Event Log Minus Relationships Due to Resources for Process 1 85 4.9 Unique Models Generated from Algorithm for Given Log . 94 4.10 Performance Results in Percentage for Each Model Generation Event Log, Where Num is the number of events in the stream and the results are expressed as Max, Min, and Mean . 96 5.1 Physical and Data Events That Acquire and Release Cell's Resources With Unob- servable Events in italics ................................. 104 5.2 Inconsistencies and Their Resolutions, Where Responsible Party is Either Academia or Industry . 113 6.1 Ordering Relations for Event Pairs in MBC Example . 125 vii LIST OF FIGURES Figure 1.1 Closed loop system consisting of plant and controller that exchange events. 2 1.2 Illustration of input order robustness error for Part 1 arriving . 4 2.1 FSM that describes simple machine. 12 2.2 Petri net that describes simple machine. 14 2.3 IEC 61499 controller for Cell 1 of RFT. 16 2.4 ECC for Cell 1 FB. 17 2.5 Schematic ECA MFSM for cell controller . 18 A B A A 3.1 Simple network of controllers where ¼ ⊆ fa; cg, ¼ ⊆ fgA2(¼ ; x ); bg and the outputs of Component A are segmented into outputs to the environment and to A A A A A A Component B, gA(¼ ; x ) = gA1(¼ ; x ) [ gA2(¼ ; x )............... 29 3.2 Network of controllers with no feedback loops, which means it can be labeled using partial ordering. 30 3.3 Left: Network of controllers with two feedback loops, Right: Equivalent network of controllers where components have been combined to eliminate feedback loops . 38 3.4 Cell controller's decision-making . ..