Abstract
Consider a cyber-physical system which has the purpose of maintaining the security of some physical asset. A particularly relevant scenario is one in which the system must perform its functions while at the same time enduring malicious attacks for an extended amount of time without energy renewal. We will study a theoretical model analogous to this cyber-physical system with an arbitrary number of nodes. The nodes in this system are able to communicate with one another and have the task of maintaining the security of the system. Initially all nodes comprising this system are in working order, however, due to attacks they can eventually become corrupted and then work against the security of the system. Of particular interest is the calculation of a number of metrics related to reliability of the system including the reliability function and the mean-time to failure. A particular case of this model has been examined by many researchers in the past, mostly using numerical methods. The contribution of this paper is the presentation of explicit expressions for the transient-state transition probabilities, reliability function, and the mean-time to failure along with rigorous proofs for the validity of these expressions. A result such as this is stronger than previous results via numerical methods and is an extension of previous analytical results where additional constraints on the model were imposed.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
A cyber-physical system (CPS) is a system comprised of a physical component and a computational component (Rawat et al. 2015). The physical component is made up of objects such as actuators, sensors and control units. The computational component processes the information provided by the physical components in order to make decisions and control or protect some physical asset. CPSs are ubiquitous in todays world and are found in everyday devices including appliances, cell phones, vehicles and are used heavily by many industries such as the medical and manufacturing industries. CPSs have been studied extensively over the last few decades and many reliability models have been analyzed using various techniques. In Kumar et al. (2021), a Markov model is studied where the value of system availability is calculated using the 4th order Runga-Kutta method.
In many cases, a CPS will be the target of hostile attacks aimed at making the CPS fail and will exist in an environment where energy cannot be renewed for long periods of time. Under these circumstances, the CPS needs to have a way of protecting itself to ensure it remains in working order for as long as possible. Intrusion detection systems (IDS) or intrusion detection and response systems (IDRS) are often utilized to detect and respond to these malicious attacks. Of particular interest, is the quantification of the reliability of such a system. Several models for a CPS with an IDS system have been analyzed previously. Al-Hamadi and Chen (2013) proposed a redundancy management of heterogeneous wireless sensor networks. In Cho et al. (2010), the use of a linear time attacker function for modeling attacker behavior is considered. Mitchell and Chen (2011) developed a generic hierarchical model for performance analysis of intrusion detection techniques. The survivability issue of a mobile CPS comprising sensor-carried agents is addressed in Mitchell and Chen (2012b). In Mitchell and Chen (2016), an analytical model was developed based on stochastic Petri nets to capture the dynamics between adversary behavior and defense for CPSs. Orojiloo and Azgomi (2019) proposed a model for evaluating the security of CPSs. In Kholidy (2021), a new Autonomous Response Controller is introduced to respond against attacks on a CPS. Wang et al. (2018) developed a modelling and simulation framework for generating cyber attack scenarios using Monte Carlo sampling. In Fang et al. (2017), a general framework is proposed for cyber-physical system reliability models where cyber-intrusion is modeling by a semi-Markov process. Tripathi et al. (2021) proposed a design-time methodology to map and analyze system security using stochastic Petri nets. For a thorough review on the research advances regarding CPSs with intrusion detection systems, we refer the reader to Mitchell and Chen (2014).
The objective of this paper is to present a mathematical analysis of a generalized version of the mathematical model first introduced in Mitchell and Chen (2013) that is based on stochastic Petri nets (Chen and Wang 1996a; Chen and Wang 1996b; Robin et al. 1996) which is representative of a CPS in order to characterize the reliability function and mean-time to failure of such a system. The stochastic Petri net for the model we study here is shown in Fig. 1.
The CPS which will be considered in this paper has the following characteristics:
-
The CPS is designed to function for extended time periods without the renewal of energy, however, the system has a finite reserve of energy. At the time of energy exhaustion, the system fails.
-
The components of the CPS, which from now on we will refer to as nodes, are vulnerable to attacks that will corrupt the target node. Once a node is corrupted, it will act against the security of the system through attacks of its own. A successful attack by a corrupted node will cause impairment failure.
-
Nodes that are functioning properly have the job of detecting nodes in the system that have been corrupted. The detection of a node that has been corrupted will lead to the eviction of that node from the system. In the search for corrupted nodes, it is possible that a properly functioning node is incorrectly identified as corrupted, resulting in the eviction of this node from the system.
In addition to energy exhaustion and impairment-failure due to attacks from a corrupted node, there are other conditions for failure of the system that can be considered. For example:
-
Byzantine failure: When the number of corrupted nodes exceeds 1/3 of the total number of nodes left in the system, the system fails due to a Byzantine failure (Lamport et al. 1982).
-
Intrusion-detection failure: In many cases, the detection of bad nodes requires a vote from the remaining nodes in the system. If there are too few nodes left in the system such that a vote of m nodes cannot be taken, the system fails.
This CPS can be represented by an acyclic continuous-time Markov chain model which will be rigorously defined in the next section that is representative of the general CPS described above and an extension of the model introduced in Mitchell and Chen (2013). The model includes an absorbing state inclusive of failure due to energy exhaustion and failure due to impairment. Other than those specific cases of failure, all other conditions imposed on the system that would induce failure can be applied independent of the analysis of the transient-state transition probabilities.
A real-world example of a CPS representative of this model is discussed by Hawkinson et al. (2012). Furthermore, Mitchell and Chen (2013) exemplify several real-world applications including disaster and emergency response, military patrol and combat, healthcare (Mitchell and Chen 2012a) and unmanned aircraft (Mitchell and Chen 2012c).
A restricted version of the model analyzed in this paper has been studied by several researcher previously mostly from a numerical perspective. In Masetti and Robol (2020), and Mitchell and Chen (2013), the model is studied numerically where reliability was analyzed under a range of attacker behaviors and computing performability measures were considered, respectively. In Masetti and Robol (2020), the instantaneous reward measure at time t was calculated numerically. In Mitchell and Chen (2013), the mean-time to failure was calculated utilizing the stochastic Petri net package presented in Ciardo et al. (1989). In Martinez et al. (2017), an algorithm for calculating the mean-time to failure for a restricted version of this model was presented under the Byzantine and intrusion-detection failure conditions.
In addition to previous study of this model, there has been work on acyclic continuous-time Markov chains that could be applied to this model. In Lindemann et al. (1995), the reliability of such a system is calculated numerically. In Nabli (1998), an algorithm for computing the performability is given. An algorithm for symbolically finding the transient-state transition probabilities of a general acyclic continuous-time Markov chain is presented in Marie et al. (1987), however, a main component of this algorithm requires consideration of the structure of the Markov chain in an iterative first step to the algorithm.
The contribution of this paper is twofold. First we present an explicit expression for the transient-state transition probabilities, each of which is a finite sum of exponential functions and is dependent on a set of recursively defined coefficients of two indices. The second contribution is the derivation of an explicit expression for the mean-time to failure utilizing the transient-state transition probabilities. This expression for mean-time to failure is general in that it can be utilized for conditions of failure other than that of Byzantine and intrusion-detection. As this model is a generalized version of the model presented in Mitchell and Chen (2013), the analytical results presented in this paper hold for the more restricted model as well. The key to deriving expressions for the transient-state transition probabilities and mean-time to failure is exploiting the structure of the model which is an acyclic continuous-time Markov chain. As a result, the expressions presented in this paper already have this structure built-in as opposed to the result in Marie et al. (1987).
In the next three sections, we give a rigorous definition of an extended version of the model introduced in Mitchell and Chen (2013), and state our main results about the transient-state transition probabilities and mean-time to failure. The appendix is allocated to proofs of supporting lemmas.
2 Model Description
2.1 Definition of State Space
We fix N to be the total number of nodes in the system that at any given time are rated as good, bad or evicted. Assuming that at time t, the process has not yet entered an absorbing state, the state at time t can be fully characterized by number of good nodes, bad nodes and evicted nodes in the system. This leads us to the definition of the following set of configurations corresponding to the transient-states
with the understanding that \(\mathbb {N}_0 = \mathbb {N}\cup \{0\}.\) Moving forward, we will think of the element \((m,k)\in \mathcal {T}\) as the configuration with m bad nodes, k evicted nodes and \(N-m-k\) good nodes. Note that for all \((m,k)\in \mathcal {T}\), we have
implying that the total number of nodes is conservative such that no node enters or exits the system. Furthermore, because m, k and \(N-m-k\) represent quantities of bad, evicted and good nodes respectively for a configuration \((m,k)\in \mathcal {T}\), we also have
We will denote by \(\mathcal {A}\), the absorbing state representing failure due to energy exhaustion or impairment-failure. Keeping in mind the possibility for other types of failure such as Byzantine or intrusion-detection failure, we will denote \(\mathcal {R}\subset \mathcal {T}\) as the set of configurations in \(\mathcal {T}\) that are considered working (as opposed to failed) under optional additional conditions being applied to the system.
2.2 Definition of \(\widetilde{\mathcal{T}}\), \(\varphi\) and \(\preceq\)
The results in Sections 3 and 4 and the proofs in Appendix 2 lend themselves to the enumeration of the elements of \(\mathcal {T}\). This ordering of the set \(\mathcal {T}\) is intuitive and corresponds to the flow through the state space starting from N good nodes. In particular, the proofs in Appendix 2 are made simpler by letting the state space of configurations be a set of integers. Thus, for ease of discussion, we will define the following set \(\widetilde{\mathcal {T}}\) which corresponds directly to \(\mathcal {T}\).
In order to match each element of \(\mathcal {T}\) with an integer in \(\widetilde{\mathcal {T}}\), we define a mapping \(\varphi\) from \(\mathcal {T}\) to \(\widetilde{\mathcal {T}}\) which gives a straightforward way of enumerating all elements of \(\mathcal {T}\) and will later be shown to be a bijection.
Definition 1
Let the function
be given by the mapping
Lemma 2.1
\(\varphi\) is a bijection.
The proof of Lemma 2.1 is in Appendix 1.
Considering the set of working configurations \(\mathcal {R}\subset \mathcal {T}\), we define the subset \(\widetilde{\mathcal {R}}\subset \widetilde{\mathcal {T}}\) to correlate with \(\mathcal {R}\) and be given by
The enumeration of the configurations in \(\mathcal {T}\) through the use of the mapping \(\varphi\) onto \(\widetilde{\mathcal {T}}\) can be well described with a relation \(\preceq\) on the set \(\mathcal {T}\) defined below.
Definition 2
Define the relation \((\preceq )\) on the set \(\mathcal {T}\) such that \((m,k)\preceq (\widetilde{m},\widetilde{k})\) if at least one of the following conditions holds:
-
(i)
\(m+k<\widetilde{m}+\widetilde{k}\)
-
(ii)
\(m+k=\widetilde{m}+\widetilde{k}\) and \(k\le \widetilde{k}\).
The relation \(\preceq\) gives a natural ordering to \(\mathcal {T}\) that corresponds directly with the ordering of the integers in \(\widetilde{\mathcal {T}}\) and can be understood easily by referencing Fig. 2. It will be shown that for \((m,k),(\widetilde{m},\widetilde{k})\,\in\, \mathcal {T}\), \((m,k)\preceq (\widetilde{m},\widetilde{k})\) if and only if \(\varphi (m,k)\le \varphi (\widetilde{m},\widetilde{k})\).
Lemma 2.2
Let \((m,k),(\widetilde{m},\widetilde{k})\,\in\, \mathcal {T}\). We have that \((m,k)\preceq (\widetilde{m},\widetilde{k})\) if and only if \(\varphi (m,k)\le \varphi (\widetilde{m},\widetilde{k})\).
The proof of Lemma 2.2 is in Appendix 1.
2.3 Definition of \(X\,(t)\)
We are now equipped to rigorously define our Markov chain as well as the dynamics that govern it. The state of our continuous-time Markov chain is
For a given time \(t\ge 0\), we understand
to indicate that the state of our process is \(\varphi (m,\,k)\) and equates to the system being in the configuration where there are \(N-m-k\) good nodes, m bad nodes and k evicted nodes at time t. Furthermore, we understand
to indicate that the state of our process is \(\mathcal {A}\) meaning the process has entered the absorbing state representative of energy exhaustion and impairment failure.
As the model is representative of a real-world system, we will assume that at time \(t=0\), all of the nodes are good nodes giving us that \(X(0)=\varphi (0,0)=1\). We will define the rate of transition from state \(i=\varphi (m,\,k)\in \widetilde{\mathcal {T}}\) to state \(j\in \widetilde{\mathcal {T}}\cup \{\mathcal {A}\}\) where \(i\ne j\) by
We set
and refer to \(\Lambda _i\) as the opposite of the total exit rate from state i.
Definition 3
A continuous-time Markov chain is called \(\Delta _N\)-Markov provided its state-transition diagram may be given by the directed graph shown in Fig. 2, for some \(N\in \mathbb {N}_0\) and nonnegative transition rates \(\lambda ^{i}_{j}\)’s, where \(\lambda ^{i}_{j}\) denotes the transition rate from state i to state j.
In the context of Definition 3 above, when checking whether a continuous-time Markov chain is \(\Delta _N\)-Markov, we shall make the convention that if state i (as in Fig. 2) does not exist, we take \(\lambda ^{(\varvec{\cdot })}_{i}\) and \(\lambda ^{i}_{(\varvec{\cdot })}\) to be all zero while assuming that state i is a constituent of the state-transition diagram for the continuous-time Markov chain in question.
The state-transition diagram for a \(\Delta _N\)-Markov chain and the mapping \(\varphi\) from \(\mathcal {T}\) to \(\widetilde{\mathcal {T}}\) with \(K={{\,\textrm{card}\,}}(\mathcal {T}\ )\). The state at time \(t=0\) is at the top of the triangle in state \(\varphi (0,0)=1\). The black arrows reflect the possible transitions through the state space. The red arrow on each state reflects that from any state \(i\in \widetilde{\mathcal {T}}\), the process can enter the absorbing state \(\mathcal {A}\). Furthermore, the natural ordering given by \(\preceq\) is shown where \(\varphi (0,0) = 1\), \(\varphi (1,0) = 2\), \(\varphi (0,1) = 3\), etc
3 Transient-State Transition Probabilities
By virtue of the applications we have in mind, we record in the present paper a body of results regarding \(\Delta _N\)-Markov chains which satisfy the following property:
Property 1
For all \(i,j\in \widetilde{\mathcal {T}}\) such that \(i\not =j\), if \(\max \{\Lambda _i,\Lambda _j\}<0\) then \(\Lambda _i\not =\Lambda _j\).
As it turns out, the expression found for the mean-time to failure in Martinez et al. (2017) places restrictions on the model dynamics in addition to the criteria for failure. Letting \(\varphi (m,k)\) be the state of the process at time t, the model studied in Martinez et al. (2017), and Mitchell and Chen (2013) imposes the Byzantine failure and intrusion-detection failure conditions on the model. Furthermore, the rates of transition for that model follow a specific structure:
where \(\lambda _c\), \(\lambda _{if}\), \(\mathcal {P}_{fp}\), \(\mathcal {P}_{fn}\), \(p_a\), \(T_{IDS}\), \(N_{IDS}\) are fixed constants. For details on the interpretation of these constants, we refer the reader to Mitchell and Chen (2013).
The adoption of (7), guarantees that Property 1 is satisfied, thus the model looked at in Martinez et al. (2017), and Mitchell and Chen (2013) is a particular case of the more general model studied in this paper. As a consequence, all results found in this paper are valid for the restricted versions of the model looked at previously. The following recursively defined constants are integral to the main results of this paper and give a concise way of writing the transient-state transition probabilities.
Definition 4
Suppose that \(i=\varphi (m,k), j=\varphi (\widetilde{m},\widetilde{k})\in \widetilde{\mathcal {T}}\) are two distinct states such that \(i<j\) and define \(\mathscr {C}^{\;i}_j\) as
and, for \((i,j)\notin \{1\}\times \{2,3\}\), define
In aiming to explicitly define the transient-state transition probabilities, we define the following probability distribution on the set \(\widetilde{\mathcal {T}}\) which will later be shown to be the distribution that describes the behavior of the process at time t.
Definition 5
Let \(\pi _i:[0,+\infty )\rightarrow \mathbb {R}\) be given by
and
We are now in a position to formulate the main result in this section. Such a result is of fundamental importance for the subsequent considerations in this paper. The theorem that follows gives an explicit expression for the transient-state transition probabilities starting from state \(\varphi (0,0)=1\). At the time of writing, the authors of this paper are not aware of the existence of any such expressions for the model looked at here or the more restricted model in Martinez et al. (2017), and Mitchell and Chen (2013).
Theorem 3.1
Assume that \(\{X(t)\,:\,t\in [0,+\infty )\}\) is a \(\Delta _N\)-Markov chain with transition rates \(\{\lambda ^i_j\}\) that satisfies Property 1, then the transient-state transition probabilities starting from state \(1=\varphi (0,0)\) at time \(t\in [0,+\infty )\) are given by
for all non-negative integers m and k such that \(m+k\le N\).
We are now equipped to prove Theorem 3.1 by induction in the following steps:
-
1.
In Lemma 3.2, we will show that Eq. (13) holds for all states \(\varphi (m,0)\in \widetilde{\mathcal {T}}\).
-
2.
In Lemma 3.3, using the result of Lemma 3.2 as our base case, we will show that if Eq. (13) holds for some fixed \(k\in \{0,2,\ldots ,N-1\}\), then Eq. (13) holds for \(k+1\).
-
3.
The combination of Lemmas 3.2 and 3.3 allows us to set up an induction which covers all combinations of \((m,k)\in \mathcal {T}\).
The proofs of the following lemmas are in Appendix 2.
Lemma 3.2
Given the above Markov chain \(\left\{ X(t):t\in [0,+\infty )\right\}\),
Lemma 3.3
Given \(k\in \{1,2,\ldots ,N\}\), and the above Markov chain \(\left\{ X(t):t\in [0,+\infty )\right\}\), if
then
Proof of Theorem 3.1
Assume that \(\{X(t)\,:\,t\in [0,+\infty )\}\) is a \(\Delta _N\)-Markov chain with transition rates \(\{\lambda ^i_j\}\) that satisfies Property 1.
We aim to show that the transient-state transition probabilities starting from state \(1=\varphi (0,0)\) at time \(t\in [0,+\infty )\), are given by
for all non-negative m and k such that \(0\le m+k\le N\).
We proceed with a proof by induction on k.
Base Case: (\(k=0\)) By Lemma 3.2 we have that
Inductive Step: Assume that for \(k=r-1\) where \(0\le r-1\le N-1\) the following holds
Then by Lemma 3.3 we have that
This completes our proof. \(\square\)
Numerical simulations of the \(\Delta _N\)-Markov process suggest that the curves \(\pi _t(i)\) for \(i\in \widetilde{\mathcal {T}}\) shown in Fig. 3 agree with the numerical results found for these quantities via simulation.
Theoretical transition probabilities at time t starting from state 1 with \(N=2\) alongside results for these quantities via \(10^5\) simulations using the same transition rates. All \(\lambda ^i_j\)’s were randomly generated. The solid curves represent the theoretical transition probabilities \(\pi _t(i)\), \(1-\sum _{i\mathop {=}1}^6\pi _t(i)\) and the markers represent simulated results for states \(i\in \{1,\,2,\,3,\,4,\,5,\,6,\,\mathcal {A}\)}
4 Mean-Time to Failure
This section is concerned with establishing the mean-time to failure for a system which has a \(\Delta _N\)-Markov chain as its underlying structure. Although the mean-time to failure was calculated analytically by Martinez et al. (2017), their result is based on the assumption that (7) holds and that intrusion-detection failure and Byzantine failure conditions are imposed. Our approach does not require that (7) is satisfied and leaves open the possibility that some of the states in \(\widetilde{\mathcal {T}}\) are failed states that are absorbing. In such a case, the explicit expression presented in Theorem 3.1 is still valid. With this formulation, one can easily calculate the mean-time to failure under many combinations of conditions for failure of the system. For a more thorough review of reliability theory, we refer the reader to Trivedi (2002).
Consider a reliability model \(\{Y(t)\vert t\ge 0\}\) with set of failed states \(\mathcal {F}\), set of working states \(\mathcal {R}\) where \(r^{+}\in \mathcal {R}\) is the optimum working state where every component of the system is working and state space \(\mathcal {S} = \mathcal {R}\cup \mathcal {F}\). The mean-time to failure is the expected amount of time it takes starting from state \(r^{+}\) until the process reaches the set \(\mathcal {F}\). Letting T represent the time it takes for our process to reach a failed state as
we can define the mean-time to failure formally as
A more useful expression for MTTF is
where
R is called the reliability function and R(t) is the probability that the system has not failed by time t. For a process which is acyclic, such as is the case with a \(\Delta _N\)-Markov chain, this function is simply the probability that the process is in a working state at time t. This is because we assume that all failed states are absorbing and because once the process leaves a state i, it can never again return to state i. This allows us to express the reliability function for our \(\Delta _N\)-Markov chain \(\{X(t)\,:\,t\ge 0\}\) with working states \(\tilde{\mathcal {R}}\) and failed states \((\widetilde{\mathcal {T}}\setminus \tilde{\mathcal {R}})\cup \{\mathcal {A}\}\) as
Theorem 4.1
Assume that \(\{X(t)\,:\,t\in [0,+\infty )\}\) is a \(\Delta _N\)-Markov chain with working states \(\widetilde{\mathcal {R}}\subseteq \widetilde{\mathcal {T}}\) and failed states \((\widetilde{\mathcal {T}}\setminus \widetilde{\mathcal {R}})\cup \{\mathcal {A}\}\) with transition rates \(\{\lambda ^i_j\}\) that satisfies Property 1, then the mean-time to failure is given by
Proof of Theorem 4.1
Notice that if \(i\notin \tilde{\mathcal {R}}\), then \(\mathscr {C}^{\;i}_{(\cdot )}=0\) and so combining the results from Theorem 3.1 with Eqs. (17) and (16), we observe that
Because both sums in Eq. (18) are finite, we can rewrite this equation as
Keeping in mind that if \(k\in \tilde{\mathcal {R}}\), then \(\Lambda _k<0\), we can evaluate the improper integral associated with indices \(i,\,j\,\in \widetilde{\mathcal {R}}\) as
Finally, we achieve our desired result by invoking Eqs. (19) and (20) resulting in
\(\square\)
5 Conclusion
In this paper, we studied a model for a CPS with an IDS consisting of cooperative nodes under the possibility of failure due to energy exhaustion and impairment failure. The model allows for optional additional conditions for failure such as Byzantine failure and Intrusion-detection failure to be imposed. We found explicit expressions for the transient-state transition probabilities and mean-time to failure for a generalized model representing a CPS. All cases where this model was studied previously assumed Byzantine and Intrusion-detection failure conditions and only apply to that scenario. These results extend previous analytical results for the model introduced in Mitchell and Chen (2013) and make any numerical results redundant.
Availability of Data and Material
Not applicable.
Code Availability
Not applicable.
References
Al-Hamadi H, Chen IR (2013) Redundancy management of multipath routing for intrusion tolerance in heterogeneous wireless sensor networks. IEEE Trans Netw Serv 10(2):189–203. https://doi.org/10.1109/TNSM.2013.043013.120282
Chen IR, Wang DC (1996a) Analysis of replicated data with repair dependency. Comput J 39(9):767–779. https://doi.org/10.1093/comjnl/39.9.767
Chen IR, Wang DC (1996b) Analyzing dynamic voting using petri nets. In: Proceedings 15th Symposium on Reliable Distributed Systems, 23–25 October 1996. https://doi.org/10.1109/RELDIS.1996.559695
Cho JH, Chen IR, Feng PG (2010) Effect of intrusion detection on reliability of mission-oriented mobile group systems in mobile ad hoc networks. IEEE Trans Reliab 59(1):231–241. https://doi.org/10.1109/TR.2010.2040534
Ciardo G, Muppala J, Trivedi K (1989) SPNP: stochastic petri net package. In: Proceedings of the Third International Workshop on Petri Nets and Performance Models, 11–13 December 1989. https://doi.org/10.1109/PNPM.1989.68548
Fang ZH, Mo HD, Wang Y (2017) Reliability analysis of cyber-physical systems considering cyber-attacks. In: 2017 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), 10–13 December 2017. https://doi.org/10.1109/IEEM.2017.8289913
Hawkinson W, Samanant P, McCroskey R et al (2012) GLANSER: Geospatial location, accountability, and Navigation System for Emergency Responders - system concept and performance assessment. In: Proceedings of the 2012 IEEE/ION Position, Location and Navigation Symposium, 23–27 April 2012. https://doi.org/10.1109/PLANS.2012.6236870
Kholidy HA (2021) Autonomous mitigation of cyber risks in the cyber-physical systems. Future Gener Comput Syst 115:171–187. https://doi.org/10.1016/j.future.2020.09.002
Kumar A, Saini M, Saini DK et al (2021) Cyber physical systems-reliability modelling: critical perspective and its impact. Int J Assur Eng Manag 12:1334–1347. https://doi.org/10.1007/s13198-021-01305-6
Lamport L, Shostak R, Pease M (1982) The byzantine generals problem. ACM T Progr Lang Sys 4(3):382–401
Lindemann C, Malhotra M, Trivedi KS (1995) Numerical methods for reliability evaluation of Markov closed fault-tolerant systems. IEEE Trans Reliab 44(4):694–704. https://doi.org/10.1109/24.476004
Marie RA, Reibman AL, Trivedi KS (1987) Transient solution of acyclic Markov chains. Perform Evaluation 7(3):175–194. https://doi.org/10.1016/0166-5316(87)90039-3
Martinez JM, Trivedi KS, Cheng BN (2017) Efficient computation of the mean time to failure in cyber-physical systems. Proceedings of the 10th EAI International Conference on Performance Evaluation Methodologies and Tools, 25–28 October 2016. https://doi.org/10.4108/eai.25-10-2016.2266825
Masetti G, Robol L (2020) Computing performability measures in Markov chains by means of matrix functions. J Comput Appl Math 368. https://doi.org/10.1016/j.cam.2019.112534
Mitchell R, Chen IR (2011) A hierarchical performance model for intrusion detection in cyber-physical systems. In: 2011 IEEE Wireless Communications and Networking Conference, 28–31 March 2011. https://doi.org/10.1109/WCNC.2011.5779477
Mitchell R, Chen IR (2012a) Behavior rule based intrusion detection for supporting secure medical cyber physical systems. In: 2012 21st International Conference on Computer Communications and Networks (ICCCN), 30 July 2012–02 August 2012. https://doi.org/10.1109/ICCCN.2012.6289192
Mitchell R, Chen IR (2012b) On survivability of mobile cyber physical systems with intrusion detection. Wirel Pers Commun 68:1377–1391. https://doi.org/10.1007/s11277-012-0528-3
Mitchell R, Chen IR (2012c) Specification based intrusion detection for unmanned aircraft systems. In: Proceedings of the first ACM MobiHoc workshop on Airborne Networks and Communications, June 2012. https://doi.org/10.1145/2248326.2248334
Mitchell R, Chen IR (2013) Effect of intrusion detection and response on reliability of cyber-physical systems. IEEE Trans Reliab 62(1):1990–210. https://doi.org/10.1109/TR.2013.2240891
Mitchell R, Chen IR (2014) A survey of intrusion detection techniques for cyber-physical systems. CM Comput Surv 46(4):1–29. https://doi.org/10.1145/2542049
Mitchell R, Chen IR (2016) Modeling and analysis of attacks and counter defense mechanisms for cyber physical systems. IEEE Trans Reliab 65(1):350–358. https://doi.org/10.1109/TR.2015.2406860
Nabli H (1998) Performability measure for acyclic Markovian models. Comput Math with Appl 35(8):41–51. https://doi.org/10.1016/S0898-1221(98)00043-1
Orojiloo H, Azgomi MA (2019) Modelling and evaluation of the security of cyber-physical systems using stochastic Petri nets. IET Cyber-Phys Syst 4(1):50–57. https://doi.org/10.1049/iet-cps.2018.0008
Rawat DB, Rodrigues JJPC, Stojmenovic I (2015) Cyber-physical systems from theory to practice. Taylor & Francis Group, Boca Raton. https://doi.org/10.1201/b19290
Robin AP, Sahner A, Trivedi KS (1996) Performance and reliability analysis of computer systems: an example-based approach using the SHARPE Software Package. Springer, New York. https://doi.org/10.1007/978-1-4615-2367-3
Tripathi D, Singh LK, Tripathi AK et al (2021) Model based security verification of Cyber-Physical System based on Petrinet: a case study of Nuclear power plant. Ann Nucl Energy 159. https://doi.org/10.1016/j.anucene.2021.108306
Trivedi KS (2002) Probability and Statistics with Reliability. Queuing and Computer Science Applications. John Wiley & Sons, New York
Wang W, Cammi A, Di Maio F et al (2018) A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants. Reliab Eng Syst Saf 175:24–37. https://doi.org/10.1016/j.ress.2018.03.005
Funding
Stephanie Reed received partial financial support from the Summer 2021 Grant for Faculty Support on Scholarly or Creative Productivity through the Office of Research and Sponsored Projects at California State University, Fullerton.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they have no conflict of interest. The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
1.1 Proof that \(\varphi\) is a bijection
Recall that by definition, \({{\,\textrm{card}\,}}{(\mathcal {T}\ )}={{\,\textrm{card}\ }}{\left(\widetilde{\mathcal {T}}\right)}\). Thus, in order to show that \(\varphi\) is a bijection from \(\mathcal {T}\) onto \(\widetilde{\mathcal {T}}\), it is sufficient to establish that \(\varphi (\mathcal {T}\ )\subseteq \widetilde{\mathcal {T}}\) and \(\varphi\) is injective as shown in Lemmas 6.2 and 6.3. First, the cardinality of \(\mathcal {T}\) must be established as in Lemma 6.1.
Lemma 6.1
\({{\,\textrm{card}\,}}{(\mathcal {T}\ )}=\displaystyle \frac{N(N+1)}{2}+(N+1).\)
Proof
In order to determine \({{\,\textrm{card}\,}}{(\mathcal {T}\ )}\), we will count the number of elements in \(\mathcal {T}\) by noticing that \({{\,\textrm{card}\,}}{(\mathcal {T}\ )}\) must be the number of 2-tuples of non-negative integers whose sum is less than or equal to N.
Letting b(n, k) be the number of k-tuples of non-negative integers whose sum is n, it is a well know combinatorial result that
Now we can count the number of elements in \(\mathcal {T}\) as
\(\square\)
Lemma 6.2
\(\varphi (\mathcal {T}\ )\subseteq \widetilde{\mathcal {T}}\).
Proof
Let \((m,k)\in \mathcal {T}\), then
and observe that the inequalities in Eq. (23) yields
and Lemma 6.1 implies
Combining Eqs. (24) and (25), we conclude \(\varphi (m,k)\in \widetilde{\mathcal {T}}\). Because (m, k) is an arbitrary element of \(\mathcal {T}\), we have \(\varphi (\mathcal {T}\ )\subseteq \widetilde{\mathcal {T}}\).
Lemma 6.3
The mapping \(\varphi\) is injective. and if
Proof
Let configurations \((m,k),(\widetilde{m},\widetilde{k})\in \mathcal {T}\) be such that
Equation (26) implies that if \(m+k<\widetilde{m}+\widetilde{k}\), then we must have that either \(k\le \tilde{k}\) or \(k>\tilde{k}\). If \(m+k=\widetilde{m}+\widetilde{k}\), then we can assume without loss of generality that \(k<\tilde{k}\).
We can assume without loss of generality that
Combining Eq. (26) with Definition 2, we have the following cases:
Case 1: (\(m+k<\widetilde{m}+\widetilde{k}\) and \(k\le \widetilde{k}\)) Then
Case 2: (\(m+k<\widetilde{m}+\widetilde{k}\) and \(k>\widetilde{k}\)) Then
Case 3: (\(m+k=\widetilde{m}+\widetilde{k}\) and \(k<\widetilde{k}\)) Then
In all cases we have shown that if \((m,k)\ne (\widetilde{m},\widetilde{k})\), then \(\varphi (m,k)\ne \varphi (\widetilde{m},\widetilde{k})\).
We have now shown that \(\varphi\) is injective and that if \((m,k)\ne (\widetilde{m},\widetilde{k})\) and \((m,k)\preceq (\widetilde{m},\widetilde{k})\), then \(\varphi (m,k)<\varphi (\widetilde{m},\widetilde{k})\).
We need only show that if \((m,k)=(\widetilde{m},\widetilde{k})\) and \((m,k)\preceq (\widetilde{m},\widetilde{k})\), then \(\varphi (m,k)=\varphi (\widetilde{m},\widetilde{k})\). Letting \((m,k)=(\widetilde{m},\widetilde{k})\), we observe that
\(\square\)
Proof of Lemma 2.1
The combination of Lemmas 6.2, 6.3 gives the desired result. \(\square\)
Proof of Lemma 2.2
Let \((m,k),(\widetilde{m},\widetilde{k})\in \mathcal {T}\) and assume that \((m,k)\preceq (\widetilde{m},\widetilde{k})\). We have already shown in Lemma 6.3 that we must have \(\varphi (m,k)\le \varphi (\widetilde{m},\widetilde{k})\).
Now assume that \(\varphi (m,k)\le \varphi (\widetilde{m},\widetilde{k})\). Because \(\varphi\) is a bijection, in the case where \(\varphi (m,k)=\varphi (\widetilde{m},\widetilde{k})\), we must have that \((m,k)=(\widetilde{m},\widetilde{k})\) and so \((m,k)\preceq (\widetilde{m},\widetilde{k})\).
Now assuming that \(\varphi (m,k)<\varphi (\widetilde{m},\widetilde{k})\). Note that it must be the case that either \((m,k)\preceq (\widetilde{m},\widetilde{k})\) or \((\widetilde{m},\widetilde{k})\preceq (m,k)\) because one of the four cases below must hold:
-
Case 1: \(m+k<\widetilde{m}+\widetilde{k}\)
-
Case 2: \(\widetilde{m}+\widetilde{k}<m+k\)
-
Case 3: \(m+k=\widetilde{m}+\widetilde{k}\) and \(k\le \widetilde{k}\)
-
Case 4: \(m+k=\widetilde{m}+\widetilde{k}\) and \(\widetilde{k}\le k\)
If it were the case that \((\widetilde{m},\widetilde{k})\preceq (m,k)\), then Lemma 6.3 would imply that \(\varphi (\widetilde{m},\widetilde{k})\le \varphi (m,k)\) which is a contradiction. This completes our proof. \(\square\)
Appendix 2
1.1 Proofs of Lemmas 3.2 and 3.3
For ease of writing the proofs that follow in this section, we introduce some notation below:
Definition 6
Define the transition probabilities as follows:
where a, \(b\in \widetilde{\mathcal {T}}\) and \(t\ge 0\). Denote \(p_t(1,b)\) with \(p_t(b)\).
Recalling that \(\mathcal {A}\) is the absorbing state, any transition out of state \(\mathcal {A}\) is impossible and so
Equation (31) in combination with the Kolmogorov forward equation gives that for \(q\in \widetilde{\mathcal {T}}\cup \{\mathcal {A}\}\),
Remark 1
It will be useful in the proofs below to bear in mind that for all states \(i\notin \widetilde{\mathcal {R}}\), i is a failed state and is therefore absorbing. A direct result of this being that
however, in this paper we will not consider the trivial case where \(\Lambda _1=0\).
Remark 2
Recall that when a and b are distinct, by using partial fraction decomposition, expressions of the form
can be rewritten as
Proof of Lemma 3.2
We proceed with a proof by induction where our base case is to show that
and
Base Case: The rate at which the process leaves state \(\varphi (0,0)=1\) is \(-\Lambda _1>0\) and the time it takes for the process to leave state 1 is an exponential random variable T with parameter \(-\Lambda _1\). We have that
Note that \(\varphi (1,0)=2\). We know that \(\lambda ^i_2=0\) for \(i\ne 1\). Equation (32) gives that
and taking the Laplace transform along with Remark 2 yields
Taking the inverse Laplace transform of both sides of Eq. (33) gives
Inductive Step: Assume that
where \(1\le r-1<N\). We have that if \(x=\varphi (r,0)\), then
Therefore Eq. (32) gives us that for \(x=\varphi (r,0)\) and \(y=\varphi (r-1,0)\),
Keeping in mind our inductive hypothesis and Remarks 1 and 2, we take the Laplace transform of Eq. (34) which yields
Taking the inverse Laplace transform of both sides of Eq. (35) yields
Let \(i=\varphi (\hat{m},\hat{k})\). We will now characterize the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (36) based on the value of index i.
-
When \(1\le i\le y-1\), the coefficient of \(\left( \exp (\Lambda _i t)-\exp (\Lambda _x t)\right)\) in Eq. (36) is
$$C_1=\displaystyle \frac{\lambda ^y_x\mathscr {C}^{\;i}_y}{\Lambda _i-\Lambda _x}.$$We have that either \(\hat{k}>0\) or \(\hat{k}=0\) and \(\hat{m}<r\).
-
(i)
(\(\hat{k}>0\)): It follows directly from Case 1 of Eq. (10) that
$$\mathscr {C}^{\;i}_y=\mathscr {C}^{\;i}_x=0.$$Therefore \(\mathscr {C}^{\;i}_x=C_1\).
-
(ii)
(\(\hat{k}=0\) and \(\hat{m}<r\)): Then by Case 3 of Eq. (10)
$$\mathscr {C}^{\;i}_x=\frac{\lambda ^y_x\mathscr {C}^{\;i}_y}{\Lambda _i-\Lambda _x}=C_1.$$
-
(i)
-
When \(i= y\) the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (36) is
$$C_2=\displaystyle \frac{-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_y}{\Lambda _y-\Lambda _x}.$$Because \(i=y\), then \(\hat{m}=r-1\) and \(\hat{k}=k\). Case 2 of Eq. (10) gives that
$$\mathscr {C}^{\;y}_x= \frac{-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_y}{\Lambda _y-\Lambda _x}=C_2.$$
Case 1 of Eq. (10) along with Remark 1 gives that \(\mathscr {C}^{\;i}_j=0\) if \(y+1\le i\le x-1\) or \(i\notin \mathcal {R}\). Therefore we can rewrite Eq. (36) as
This completes our proof. \(\square\)
Proof (Proof of Lemma 3.3)
Assume that
where \(1\le k\le N-1\). We proceed with a proof by induction where our base case is to show that
Base Case: We have that when \(x=\varphi (0,k)\), then
Therefore for \(x=\varphi (0,k)\), \(y=\varphi (0,k-1)\) and \(z=\varphi (1,k-1)\), Eq. (32) gives us that
Taking the Laplace transform of Eq. (38) and some algebra yields
When \(k=1\), then we have that \(x=3\), \(y=1\) and \(z=2\). Keeping in mind Remark 2 and Eq. (10), we have that
Taking the inverse Laplace transform of both sides of the Eq. (39) yields
Recall that \(y=\varphi (0,k-1)\) and \(z=\varphi (1,k-1)\), therefore Eq. (37) and Remark 1 gives that when \(k>1\),
By taking the inverse Laplace transform of both sides of Eq. (40), it can be deduced that
Recall that because \(x=\varphi (0,k)\), \(y=\varphi (0,k-1)\) and \(z=\varphi (1,k-1)\), it must be the case that \(x>z>y\). Define \(\hat{m}\) and \(\hat{k}\) such that \(i=\varphi (\hat{m},\hat{k})\).
We will now characterize the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) based on the value of index i.
-
When \(1\le i\le y-1\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (41) is
$$C_1=\displaystyle \frac{\lambda ^y_x\mathscr {C}^{\;i}_y+\lambda ^z_x\mathscr {C}^{\;i}_z}{\Lambda _i-\Lambda _x}.$$We wish to show that \(C_1=\mathscr {C}^{\;i}_x\) and we will consider the following cases:
-
(i)
(\(k<\hat{k}\)): It follows directly that \(k-1<\hat{k}\) and thus Case 1 of Eq. (10) gives
$$\mathscr {C}^{\;i}_y=\mathscr {C}^{\;i}_z=\mathscr {C}^{\;i}_x=0.$$Therefore \(\mathscr {C}^{\;i}_x=C_1\).
-
(ii)
(\(m=0\), \(\hat{m}+\hat{k}<k\) and \(\hat{k}<k-1\)): Then Case 8 of Eq. (10) implies that
$$\mathscr {C}^{\;i}_x= \frac{\lambda ^y_x\mathscr {C}^{\;i}_y+\lambda ^z_x\mathscr {C}^{\;i}_z}{\Lambda _i-\Lambda _x}=C_1.$$Note that it must be the case that either (i) or (ii) holds. We have that
$$i\le y-1=\varphi (m+1,k-2),$$which implies that \(\hat{m}+\hat{k}<m+k=k\). Having \(\hat{k}>k-1\), implies that \(\hat{k}>N-1\), which would give \(i>y\).
-
(i)
-
When \(i=y\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (41) is
$$C_2=\displaystyle \frac{\lambda ^z_x\mathscr {C}^{\;y}_z-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_y}{\Lambda _y-\Lambda _x}.$$We have that \(\hat{m}=m=0\) and \(\hat{k}=k-1\). Case 4 of Eq. (10) implies that,
$$\mathscr {C}^{\;i}_x= \frac{\lambda ^z_x\mathscr {C}^{\;y}_z-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_y}{\Lambda _y-\Lambda _x}=C_2.$$ -
When \(y+1\le i\le z-1\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (41) is
$$C_3=\displaystyle \frac{\lambda ^z_x\mathscr {C}^{\;i}_z}{\Lambda _i-\Lambda _x}.$$Because \(\varphi (k,0)=y+1\le i\le z-1=\varphi (2,k-2)\), then it must be the case that \(\hat{m}+\hat{k}=m+k\). Therefore, we have that that \(\hat{k}<k-2<k-1\). Case 7 of Eq. (10) implies that
$$\mathscr {C}^{\;i}_j=\frac{\lambda ^z_x\mathscr {C}^{\;i}_z}{\Lambda _i-\Lambda _x}=C_3.$$ -
When \(y=z\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (41) is
$$C_4=\displaystyle \frac{-\lambda ^{z}_x\sum _{k\mathop {=}1}^{z\mathop{-}1}\mathscr {C}^{\;k}_z}{\Lambda _z-\Lambda _x}.$$We have that \(i=z=\varphi (m+1,k-1)\). Case 6 of Eq. (10) gives that
$$\mathscr {C}^{\;i}_j=\displaystyle \frac{-\lambda ^{z}_x\sum _{k\mathop {=}1}^{z\mathop{-}1}\mathscr {C}^{\;k}_z}{\Lambda _z-\Lambda _x}=C_4.$$Case 1 of Eq. (10) along with Remark 1 gives that \(\mathscr {C}^{\;i}_j=0\) when \(z+1\le i\le x-1\) or \(i\notin \mathcal {R}\) which allows us to rewrite Eq. (41) as
$$\begin{aligned} \begin{aligned} p_t(x)&=\lambda ^y_x \mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{y\mathop{-}1}\mathscr {C}^{\;i}_{y}\left[ \frac{1}{\Lambda _i-\Lambda _x}\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \right.\\&\quad-\left.\frac{1}{\Lambda _y-\Lambda _x}\left[ \exp (\Lambda _y t)-\exp (\Lambda _x t)\right] \right] \\&\quad+\lambda ^z_x\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{z\mathop{-}1}\mathscr {C}^{\;i}_{z}\left[ \frac{1}{\Lambda _i-\Lambda _x}\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \right.\\&\quad-\left.\frac{1}{\Lambda _z-\Lambda _x}\left[ \exp (\Lambda _z t)-\exp (\Lambda _x t)\right] \right] \\&=\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{z}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \\&=\mathop{\sum} \limits_{i\mathop {=}1}^{z}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \\&=\mathop{\sum} \limits_{i\mathop {=}1}^{x\mathop{-}1}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\\&=\pi _x(t). \end{aligned} \end{aligned}$$Therefore we have that
$$P(X(t)=\varphi (0,k)\vert X(0)=1)=\pi _{\varphi (0,k)}(t),$$and our base case is completed.
Inductive Step: Now assume that
where \(0\le r-1<N-k\). When \(x=\varphi (r,k)\), we have that
This together with Eq. (32) implies that for \(x=\varphi (r,k)\), \(y=\varphi (r-1,k)\), \(z=\varphi (r,k-1)\) and \(w=\varphi (r+1,k-1)\),
Taking the Laplace transform of both sides of Eq. (43) along with Eq. (42) and Remark 2 gives that
Taking the inverse Laplace transform of both sides of Eq. (44) yields
Recall that because \(x=\varphi (r,k)\), \(y=\varphi (r-1,k)\), \(z=\varphi (r,k-1)\) and \(w=\varphi (r+1,k-1)\), it must be the case that \(z=y-1, w=x-1\) and \(z<y<w<x\). Define \(\hat{m}\) and \(\hat{k}\) such that \(i=\varphi (\hat{m},\hat{k})\).
We will now characterize the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) based on the value of index i.
-
When \(1\le i\le z-1\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) is
$$C_1=\displaystyle \frac{\lambda ^{y}_x\mathscr {C}^{\;i}_{y}+\lambda ^z_x\mathscr {C}^{\;i}_z+\lambda ^w_x\mathscr {C}^{\;i}_w}{\Lambda _i-\Lambda _x}.$$We wish to show that \(C_1=\mathscr {C}^{\;i}_x\) and we consider the following cases:
-
(i)
(\(k<\hat{k}\)): It follows directly that \(k-1<\hat{k}\). Case 1 of Eq. (10) gives us that in this case:
$$\mathscr {C}^{\;i}_{y}=\mathscr {C}^{\;i}_z=\mathscr {C}^{\;i}_w=\mathscr {C}^{\;i}_x=0.$$Therefore \(\mathscr {C}^{\;i}_x=C_1\).
-
(ii)
(\(\hat{m}\ne r-1\) and \(\hat{k}=k\)): Case 3 of Eq. (10) gives us that
$$\mathscr {C}^{\;i}_x=\displaystyle \frac{\lambda ^{y}_x\mathscr {C}^{\;i}_{y}}{\Lambda _i-\Lambda _x}.$$Having \(k-1<k=\hat{k}\) also implies that
$$\mathscr {C}^{\;i}_{z}=\mathscr {C}^{\;i}_w=0.$$Therefore
$$\mathscr {C}^{\;i}_x=C_1.$$ -
(iii)
(\(k>\hat{k}\) and \(r+k>\hat{m}+\hat{k}\) and if \(\hat{m}=r\), then \(\hat{k}<k-1\)): Case 9 of Eq. (10) gives that
$$\mathscr {C}^{\;i}_x=\displaystyle \frac{\lambda ^{y}_x\mathscr {C}^{\;i}_{y}+\lambda ^z_x\mathscr {C}^{\;i}_z+\lambda ^w_x\mathscr {C}^{\;i}_w}{\Lambda _i-\Lambda _x}=C_1.$$Note that either (i) or (ii) or (iii) holds. We have that
$$i\le z-1.$$If \(r+k\le \hat{m}+\hat{k}\), this would imply that \(i>z-1\). And if \(\hat{m}=r\) and \(\hat{k}=k-1\), that would imply \(i=z\).
-
(i)
-
When \(i=z\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) is
$$C_2=\displaystyle \frac{\lambda ^y_x\mathscr {C}^{\;i}_y+\lambda ^w_x\mathscr {C}^{\;i}_w-\lambda ^z_x\sum _{k\mathop {=}1}^{z-1}\mathscr {C}^{\;k}_z}{\Lambda _z-\Lambda _x}.$$We have that \(\hat{m}=m\ne 0\) and \(\hat{k}=k-1\). Case 5 of Eq. (10) implies that,
$$\mathscr {C}^{\;i}_x=\displaystyle \frac{\lambda ^y_x\mathscr {C}^{\;i}_y+\lambda ^w_x\mathscr {C}^{\;i}_w-\lambda ^z_x\sum _{k\mathop {=}1}^{z-1}\mathscr {C}^{\;k}_z}{\Lambda _z-\Lambda _x}=C_2.$$ -
When \(i=y\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) is
$$C_3=\frac{\lambda ^w_x\mathscr {C}^{\;y}_w-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_{y}}{\Lambda _y-\Lambda _x}=\frac{-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_{y}}{\Lambda _y-\Lambda _x}$$because \(k>k-1\) implies that \(\mathscr {C}^{\;y}_w=0\). Case 2 of Eq. (9) implies that
$$\mathscr {C}^{\;y}_x=\frac{-\lambda ^y_x\sum _{k\mathop {=}1}^{y\mathop{-}1}\mathscr {C}^{\;k}_{y}}{\Lambda _y-\Lambda _x}=C_3$$ -
When \(y+1\le i\le w-1\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) is
$$C_4=\displaystyle \frac{\lambda ^w_x\mathscr {C}^{\;i}_w}{\Lambda _i-\Lambda _x}.$$We have that either \(\hat{k}>k\) and \(\hat{m}+\hat{k}=r-1+k\) or \(\hat{k}<k-1\) and \(\hat{m}+\hat{k}=r+k\).
-
(i)
(\(\hat{k}>k\) and \(\hat{m}+\hat{k}=r-1+k\)): It follows directly that \(k-1<k<\hat{k}\). Case 1 of Eq. (10) gives use that in this case:
$$\mathscr {C}^{\;i}_{w}=\mathscr {C}^{\;i}_x=0.$$Therefore \(\mathscr {C}^{\;i}_x=C_4\).
-
(ii)
(\(\hat{k}<k-1\) and \(\hat{m}+\hat{k}=r+k\)): Note that it cannot be the case that \(k=1\), this scenario is impossible as that would imply \(\hat{k}<k-1=0\). When we assume \(k\ge 2\), then Case 7 of Eq. (10) gives that
$$\mathscr {C}^{\;i}_x=\displaystyle \frac{\lambda ^w_x\mathscr {C}^{\;i}_w}{\Lambda _i-\Lambda _x}=C_4.$$
-
(i)
-
When \(y=w\), the coefficient of \(\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right]\) in Eq. (45) is
$$C_5=\displaystyle \frac{-\lambda ^{w}_x\sum _{k\mathop {=}1}^{w\mathop {-}1}\mathscr {C}^{\;k}_w}{\Lambda _w-\Lambda _x}.$$We have that \(i=w=\varphi (r+1,k-1)\). Case 6 of Eq. (10) implies that
$$\mathscr {C}^{\;i}_j=\displaystyle \frac{-\lambda ^{w}_x\sum _{k\mathop {=}1}^{w\mathop {-}1}\mathscr {C}^w_z}{\Lambda _w-\Lambda _x}=C_5.$$Case 1 of Eq. (10) gives that \(\mathscr {C}^{\;i}_j=0\) for \(w+1\le i\le x-1\) which together with Remark 1 allows us to rewrite Eq. (45) as
$$\begin{aligned} \begin{aligned} p_t(x)&=\lambda ^y_x\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{y\mathop{-}1}\mathscr {C}^{\;i}_{y}\left[ \frac{1}{\Lambda _i-\Lambda _x}\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \right.\\&\quad-\left.\frac{1}{\Lambda _y-\Lambda _x}\left[ \exp (\Lambda _y t)-\exp (\Lambda _x t)\right] \right] \\&\quad+ \lambda ^z_x\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{z-1}\mathscr {C}^{\;i}_{z}\left[ \frac{1}{\Lambda _i-\Lambda _x}\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \right.\\&\quad-\left.\frac{1}{\Lambda _z-\Lambda _x}\left[ \exp (\Lambda _z t)-\exp (\Lambda _x t)\right] \right] \\&\quad+ \lambda ^w_x\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{w\mathop {-}1}\mathscr {C}^{\;i}_{w}\left[ \frac{1}{\Lambda _i-\Lambda _x}\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \right.\\&\quad-\left.\frac{1}{\Lambda _w-\Lambda _x}\left[ \exp (\Lambda _w t)-\exp (\Lambda _x t)\right] \right] \\&=\mathop{\sum} \limits_{\begin{array}{c} i\mathop {=}1 \\ i\,\in\, \widetilde{\mathcal {R}} \end{array}}^{w}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \\&=\mathop{\sum} \limits_{i\mathop {=}1}^{w}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \\&=\mathop{\sum} \limits_{i\mathop {=}1}^{x-1}\mathscr {C}^{\;i}_x\left[ \exp (\Lambda _i t)-\exp (\Lambda _x t)\right] \\&=\pi _x(t). \end{aligned} \end{aligned}$$Therefore we have that
$$p_t(x)=P(X(t)=\varphi (r,k)\vert X(0)=1)=\pi _{\varphi (r,\kern.12em k)}(t),$$and our proof is complete. \(\square\)
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Reed, S., Ziadé, E. On Transient Analysis of \(\Delta _N\)-Markov Chains. Methodol Comput Appl Probab 25, 27 (2023). https://doi.org/10.1007/s11009-023-10002-9
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11009-023-10002-9
Keywords
- Reliability
- Markov processes
- Cyber-physical systems
- \(\Delta _N\)-Markov Chain
- Transient-state transition probabilities
- Mean-time to failure