A Novel Metric to Evaluate the Association Rules for Identification of Functional Dependencies in Complex Technical Infrastructures

Functional dependencies in complex technical infrastructures can cause unexpected cascades of failures, with major consequences on availability. For this reason, they must be identified and managed. In recent works, the authors have proposed to use association rule mining for identifying functional dependencies in complex technical infrastructures from alarm data. For this, it is important to have adequate metrics for assessing the effectiveness of the association rules identifying the functional dependencies. This work demonstrates the limitations of traditional metrics, such as lift, interestingness, cosine and laplace, and proposes a novel metric to measure the level of dependency among groups of alarms. The proposed metric is compared to the traditional metrics with reference to a synthetic case study and, then, applied to a large-scale database of alarms collected from the complex technical infrastructure of CERN (European Organization for Nuclear Research). The results confirm the effectiveness of the proposed metric of evaluation of association rules in identifying functional dependencies.

Number of time intervals in which at least all the alarms of X occur S(X) Support of X P(X) Probability of occurrence of X X fp Generic frequent pattern of alarms s% Minimum support threshold c% Minimum confidence threshold r l = x a l ⇒ x a l nGeneric association rule x a Antecedent of the l-th association rule

Introduction
Functional Dependencies (FDEPs) play a crucial role in the operation of Complex Technical Infrastructures (CTIs) but can also constitute channels of vulnerability through which failures can cascade (Johansson and Hassel 2010;Eusgeld et al. 2011;Kröger and Zio, 2011;Zio, 2016a, b;Hickford et al. 2018;Azzolin et al. 2018;Huai et al. 2018;Cantelmi et al. 2021). In fact, local malfunctions or perturbations can propagate, due to FDEPs, through groups of dependent components, originating unexpected cascades of failures across systems, which can lead to large-scale consequences of CTI unavailability and event unexpected damages of equipment (Johansson and Hassel 2010;Eusgeld et al. 2011;Kröger and Zio, 2011;Moura et al. 2015;Zio 2016a, b;Antonello et al. 2019). Examples of CTIs which can be affected by FDEPs are electric power grids, natural gas pipelines, water distribution networks, transportation networks, large research facilities and internet communication networks (Zhang et al. 2016;Ballantyne et al. 2018;Li and Liu 2018). One evidence of cascading failures caused by FDEPs in CTIs is the power blackout that triggered a shortage of water supply and propagated by inducing malfunctions and failures in other critical infrastructures in the eastern USA on 14th August 2003. Similarly, in India, a major blackout triggered by a power relay failure led to water supply and oil supply interruption communications interruption, and serious traffic congestion, which paralyzed the region for a long period of time (Jin et al. 2017). Other examples include the 1998 Canada ice storm (Chang et al. 2007), the 2001 US World Trade Center attack (Mendonça & Wallace, 2006), the 2003 North American blackout (U.S.-Canada Power System Outage Task Force, 2004), the 2010 Chile earthquake and tsunami (Wen et al. 2010) and the power blackout resulted from Hurricane Sandy in 2012, which led to a loss of water supply in New York City. Traditional methods for FDEPs identification typically require a deep knowledge of the systems, including its logic and structure function. In practice, this is not easy to retrieve for complex and evolving CTIs (Billinton and Allan, 1992;Xing et al. 2014). Recent works have explored the possibility of using data-driven methods applied to alarm messages collected by supervision systems (Serio et al. 2018;Antonello et al. 2019). An Association Rule Mining (ARM) method which scan alarm databases to identify FDEPs and groups of functionally dependent components has been proposed in (Antonello et al. 2021a). The method relies on an Apriori-based algorithm (Srikant and Agrawal 1996) that extracts patterns of alarms frequently occurring together and derives the association among them in the form of "if (condition) then (consequence)" rules. An association rule is considered only if the frequency of occurrence of the involved alarms is larger than a predefined threshold, called minimum support, and if the conditional probability of occurrence of the consequence given the condition is larger than a predefined threshold, called minimum confidence (Srikant and Agrawal, 1996;Hui et al. 2005). On the other hand, the identification of rare functional dependencies related to cascading malfunctions and perturbations for vulnerability analysis (Antonello et al. 2021b), requires using small values of minimum support with the consequences of a) finding many spurious rules, i.e. rules including alarms that do not belong to a real FDEP but are included by chance (Zhang et al. 2016;Hämäläinen and Webb 2019;Antonello et al. 2022) and b) finding a very large number of rules (Van Leeuwen and Galbrun, 2015;Marinica and Guillet, 2010). Therefore, the generated rules must be post-processed to identify the FDEPs of interest by experts of the system. This labour intensive task can, in principle, be alleviated by using metrics, such as confidence, lift, interestingness, cosine and laplace, that have been proposed to assess the strength of association rules (Benites and Sapozhnikova 2014;Luna et al. 2018). However, these metrics, which consider statistical properties of the data, such as the probability of occurrence of a rule in the database, the co-occurrence probability of the condition given the consequence part (and vice versa) and the probability of occurrence of the condition and/or the consequence (Luna et al. 2018), are not tailored on the user necessities (Mathu et al. 2011). In practice, they application to the identification of FDEPs do not guarantee that the interesting rules, such as those rare and without spurious alarms, will be extracted (Marinica and Guillet, 2010). Moreover, as suggested in (Mathu et al. 2011), rule post-processing should be based on user necessities.
In this context, the objective of this work is twofold: (1) analyse the effectiveness and make emerge the limitations of the traditional metrics used to evaluate the association rules identifying FDEPs; (2) propose a novel metric to effectively i) identify FDEPs from alarm data, but also ii) discriminate between spurious and actual FDEPs. The proposed metric is constructed considering the definition of conditional probability and the need of avoiding the inclusion of spurious alarms in functionally dependent groups.
The main contributions of the work are: the analysis and the identification of criticalities in the post-processing approach based on metrics of association rule quality with respect to FDEPs identification; the proposal of a metric for discovering groups of nonspurious, functionally dependent alarms.
The effectiveness of the proposed metric is analysed by comparison with the most commonly used metrics for association rules considering i) a synthetic case study and ii) a large-scale database of alarms generated by different supervision systems of a representative subset of the CTI of CERN.
The remainder of the paper is organized as follows: Sect. 2 describes the context of the work and introduces the association rules mining. In Sect. 3, the proposed metric is presented. Section 4 discusses the case studies and the obtained results. Finally, Sect. 5 draws some conclusions and recommends potential future lines of work.

Complex technical infrastructure
In this work, a CTI composed by N c components is considered together with a database of a large number of alarm messages,N al >> 1 , generated during its operation over a long period of time [ t 0 , t f ]. The generic i-th alarm message is associated to the pair (t i , m i ) of the time t i at which the alarm of type m i occurs. Assuming that there are M al j types of alarms associated to the generic j-th component, c j , a label a k j is introduced for the k-th type of alarm message associated to component c j . The set A containing all types of alarm messages in the database is: and the total number of types of alarm messages is: Following (Antonello et al. 2019), the overall time interval [ t 0 , t f ] during which the alarm messages have been collected is subdivided into Z consecutive small time intervals of the same length Δt = t f −t 0 Z and a Boolean variable, s k j (z) , z = 1, … , Z , is associated to the occurrence of alarm a k j in the z-th time interval: The state of the CTI during the generic z-th time interval is represented by the Boolean vector: According to this notation, the database of alarms (t i , m i ), i = 1, … , N al , is represented by the Boolean matrix: whose generic z-th row refers to the state of the CTI during the z-th time interval. Therefore, T provides a dynamic representation of the CTI state evolution in the time interval [ t 0 , t f ].

Association rules mining
Association rules mining algorithms have been used for identifying FDEPs in relational databases (Sánchez et al. 2008;Yao and Hamilton 2008) and have been tailored in (Antonello et al. 2019) to identify FDEPs from alarm data collected in CTIs. Considering a pattern (subset) of alarms X ⊆ A , an association rule is a probabilistic logical expression of the form x a ⇒ y a , x a ⊂ X, y a = X − x a , representing the conditional co-occurrence of the two subsets, x a and y a , of the pattern X ⊆ A , where x a and y a are referred to as "antecedent" and "consequent" of the rule, respectively (Srikant and Agrawal, 1996;Hui et al. 2005). Let n(X) be the counter of the number of vectors � ⃗ T(z) of the database T = characterized by the occurrences of at least all the alarms of X (i.e., ∀a k j ⊂ X, s k j (z) = 1 ) and S(X) be the support of X, which represents an estimation of its probability of occurrence, P(X): The expression x a ⇒ y a is an association rule if: a) the support of X is larger than a minimum support threshold ms: the confidence of the rule x a ⇒ y a is larger than a minimum confidence threshold mc: where the confidence is an estimate of the conditional probability of occurrence P(y a |x a ) of the subset y a given the occurrence of x a .
In this work, the Apriori algorithm is used for association rules mining (Srikant and Agrawal 1996;Zaki 2000;Witten and Frank 2016;Antonello et al. 2021a). It is based on the two steps of: Identification of frequent subsets of alarms, X fp ⊆ A characterized by a support larger than ms , i.e., S X fp > ms; Extraction of association rules x a ⇒ y a , x a ⊂ X fp , y a = X fp − x a from the frequent subsets of alarms identified in 1). An association rule should satisfy the confidence condition C(x a ⇒ y a ) > mc.

Association rules metrics
The effectiveness of an association rule, x a ⇒ y a , x a ⊂ X, y a = −x a , is typically evaluated considering ad-hoc defined metrics, such as the lift (Luna et al. 2018), interestingness (Ghosh and Nath, 2004), cosine (Luna et al. 2018) and laplace (Geng and Hamilton, 2006).
The lift metric is defined as: The numerator is the probability of the joint occurrence of the antecedent and the consequent ( P(X)) and the denominator represents the same quantity, but under the hypothesis of independence between antecedent and consequent (i.e., P(x a ) ⋅ P(y a )) . Then, the lift measures the mutual dependency among the alarms in the rule antecedent and consequent parts (Luna et al. 2018). The larger the lift, the stronger the mutual dependency among x a and y a . In particular, values of lift equal to (lower than) 1, indicate that the rule antecedent and consequent parts are uncorrelated (negatively correlated). The value of lift can be estimated from a dataset of alarms as: Cosine is a metric derived from the lift (Luna et al. 2018): whose main difference with lift and cosine is that its estimate: is not proportional to the total number of time intervals Z in the database (Luna et al. 2018).
Another metric proposed to evaluate the strength of a rule is the Interestingness (Ghosh and Nath, 2004): which is proportional to the following three quantities: 1) how much the consequent is dependent on the antecedent (i.e., Conf (x a ⇒ y a )) , 2) how much the antecedent is dependent on the consequent (i.e., Conf (y a ⇒ x a )) , and 3) how rare is the rule (i.e., (1 − P(X))) . According to this metric, the most interesting rules are characterized by a strong mutual dependency between antecedent and consequent and are rare.
Finally, we consider the Laplace metric, which is a metric specifically derived from confidence to account for statistical fluctuations when the support is estimated from databases: This metric is monotone in both support and confidence, and has been proven to be useful to identify only rules with large support and confidence at the same time (Geng and Hamilton, 2006). Table 1 reports the main metrics proposed for evaluating association rules, considering both their probabilistic formulation and their estimation from a database.
Conf (x a ⇒y a ) + 2 Table 1 Metrics for association rules evaluation Probabilistic formulation Estimation from a database 1 3

Probabilistic description of FDEPs
According to (Etesami and Kiyavash 2017), two components of a system are functionally dependent if the operation of one is influenced by the operation of the other. Notice that functionally dependent components are usually causally related and FDEPs are unidirectional, e.g., a compressor requires the functioning of the electrical systems to work properly, whereas the electrical system do not require the functioning of the compressor to operate. However, although the occurrences of malfunctions and failures triggered by FDPEs are temporally ordered, e.g. the malfunction of the electric system precedes the malfunction of the compressor, several methods for the identification of FDEPs, such as those based on the extraction of association rules from alarms (Serio et al. 2018; or traditional parametric models for root cause of failures analysis, such as beta factor model, binomial failure rate model etc. (Mosleh, 1991;Zio, 2009;O'Connor and Mosleh, 2016), do not consider the temporal order of the chains of events involved in the FDEPs. Similarly in this work we focus only on the identification of the group of functionally dependent components involved in the FDEPs, which can be successively analysed by operators and experts to reconstruct the causal chain of events, or processed by ad-hoc algorithms tailored to identify causal relationships from groups of alarms ).
Considering alarm messages triggered when components have abnormal behaviours or non-nominal performances for the relevant operating mode, two generic components of a CTI, c 1 and c 2 , are assumed to be functionally dependent if an abnormal behaviour of component c 1 , revealed by an alarm,a k 1 , increases the probability of occurrence of a malfunction of components c 2 , revealed by another alarm,a k 2 , or viceversa. From the probabilistic point of view, the two malfunctions revealed by the alarms a k 1 and a k 2 , whose probabilities of occurrence are P(a k 1 ) and P(a k 2 ) , are functionally dependent if the probability of their co-occurrence, P(a k 1 ∩ a k 2 ) , is: In general, considering a pattern of R alarms triggered by a functional dependency, its probability of occurrence is: Therefore, in case of functional dependency among the alarms of X FDEP , the ratio: is expected to be larger than 1. In particular, the stronger the dependency among the alarms of the pattern X FDEP , the larger the ratio I X FDEP . The index I X FDEP is defined as the lift of the itemset X FDEP and used as metric to assess dependencies among the items of an association rule. If the probability of occurrence of a generic pattern X = a k 1 j 1 , … , a k R j R is estimated from the alarm database using its support, Eq. 15 becomes:

A novel metric
A drawback of the index Î X is that it does not allow distinguishing the presence of a spurious (independent) alarm within a group of functionally dependent alarms. Let us consider a pattern X S made by R functionally dependent alarms and a spurious alarm a ks js , i.e. X S = X FDEP ∪ a ks js . By applying Eq. 15, the index I X S is: Considering the statistical fluctuation in the occurrence of the alarms, it may occur that � I X FDEP < � I X S and, therefore, the index Î X can provide misleading information on the FDEPs. Notice that in case of FDEP among a pattern of alarms X FDEP = a k 1 j 1 , … , a k R j R , the probability of occurrence of each malfunction P(a k r j r ) , r = 1, … , R, can be decomposed into: where P X FDEP (a k j ) and P Ind (a k j ) are the probabilities that a k j occurs due to the FDEP and due to an event independent of the FDEP, respectively (Mosleh, 1991;Zio, 2009;O'Connor and Mosleh, 2016). In this work, where we are interested in rare FDEPs, we assume that the probability of occurrence P(X FDEP ) is greater than a fraction ∈ [0, 1] of the total probability of occurrence , P(a k j ) of each alarma k j : (17) This assumption is motivated by: a) the probability that a generic alarm a k j occurs due to the rare FDEP is typically very close to the probability of occurrence of the whole pattern involved in the FDEP X FDEP , P X FDEP (a k j ) ≈ P(X FDEP ) , and b) to make possible the identification of the FDEP, its probability of occurrence P(X FDEP ) should be larger than the probability of the co-occurrence (by chance) of the generic alarm a k j and a spurious alarm a ks js , P X FDEP > P(a k j ) ⋅ P(a ks js ). Consequently, if we consider a spurious alarm, a ks js and a rare FDEP X FDEP = a k 1 j 1 , … , a k R j R with P X FDEP < , the above mentioned assumption are not valid and, therefore, the co-occurrence probability,P X S , X S = X FDEP ∪ a ks js , does not satisfy Eq. 21: In this light, we define a novel metric for the evaluation of association rules identifying FDEPs: where max a k j ∈X P a k j is the largest support among the alarms of X . Notice that given a pattern of alarm X , if the alarm with the largest support in X , max a k j ∈X P a k j , satisfies Eq. 21, also the other alarms satisfy it. In particular, given a generic rule r FDEP ∶ {x a FDEP → y a FDEP } which describes a real functional dependency involving the pattern of alarms X FDEP = x a FDEP ∪ y a FDEP , the metric I FDEP (X FDEP ) is larger than 1. On the other hand, if we consider a spurious rule, r S ∶ {x a S T → y a S } , X S = x a S ∪ y a S , including the alarm set X FDEP and another alarm a ks js that does not belong to the actual functional dependency, i.e. X S = X FDEP ∪ a ks js , * max a k j ∈X S P a k j is larger than the probability of occurrence of the pattern X S and, therefore, the value of the metric I FDEP (X S ) is equal to 0. Then, similarly to the metrics presented in Sects. 3.1 and 2.2 for which the probability of occurrence of a generic pattern X is estimated from the alarm database using its support, Eq. 23 becomes: The proper setting of the parameter should consider that, in practice, frequent functional dependencies are typically already known, whereas the rare ones are more likely (22) P X S = P X FDEP ⋅ P a ks js < ⋅ P a ks js (23) probability P X S = P X FDEP ⋅ P a ks js , satisfies Eq. 20 when is lower than 0.001, i.e. P X FDEP ⋅ P a ks js = 0.005 > ⋅ P a ks js .

Analysis of the effectiveness of the proposed metric in quantifying the interestingness of a rule
The effectiveness of a metric in quantifying the interest of a rule is typically verified considering various properties (Piatetsky-Shapiro 1991; Luna et al. 2018). In particular, (Piatetsky-Shapiro 1991) suggested that any quality metric M defined to quantify the interest of an association rule should be able to separate strong rules from weak ones by assigning larger values to the former. Also, M should verify the following three specific properties: M(x a ⇒ y a ) of an association rule x a ⇒ y a extracted from the database by chance should be 0; M(x a ⇒ y a ) should monotonically increase with P(X) when P(x a ) and P(y a ) remain constant. This guarantees that the larger the correlation among the rule antecedent x a and consequent y a , the more interesting the rule x a ⇒ y a ; M(x a ⇒ y a ) should monotonically decrease when P(x a ) (P(y a )) increases if P(X) andP(y a ) (P(x a )) remain unchanged. This guarantees that the rarer is the antecedent, x a , (or consequent,\,y a ), the more interesting is the rule.
Considering the metric I FDEP , with respect to an association rule x a ⇒ y a , y a ∪ x a = X , involving the alarms a k j ∈ X , property 1 is satisfied since I FDEP (x a ⇒ y a ) ≠ 0 only if all the alarms a k j ∈ X are functionally dependent. With respect to property 2, when the denominator of the expression of I FDEP (x a ⇒ y a ) , ∏ a k j ∈X P(a k j ) , remain constant, P(x a ) and P(y a ) remain constant, and, therefore, the larger P(X) , the larger I FDEP (x a ⇒ y a ) . Similarly, for what concerns property 3, when P(X) is fixed, I FDEP (x a ⇒ y a ) is proportional to 1∕P(a k j ) , and therefore, when P(x a ) (or P(y a ) ) decreases, ∏ a k j ∈x a P(a k j ) decreases, and I FDEP (x a ⇒ y a ) increases.

Case studies
The effectiveness of the traditional association rules metrics of lift, interestingness, cosine, laplace and of the proposed metric I FDEP is evaluated considering i) a simulated system, and ii) a large-scale alarm database collected on a representative portion of CERN's CTI during 2016 (Serio et al. 2018;Antonello et al. 2019). The first application shows the limitations of the traditional metrics for evaluating association rules mining for FDEPs identification, the effectiveness of the proposed metric I FDEP in discriminating spurious rules and the robustness of the results with respect to statistical fluctuations in the alarm database. The second application considers a real CTI, for which we expect to discover unknown and rare functional dependencies are not known a priori.

Simulated system
We consider a system made by 4 components c j , j = 1, 2, 3, 4 , which can be in the healthy, k = 1 , or failed,k = 2 , states and perform independent transitions at random times with constant failure rates. An alarm a 1 j is triggered of each time component c j performs a state transition from state 1 to state 2. The repair, i.e. the transition from the failed, k = 2 , to the healthy, k = 1 , state is assumed to be instantaneous. Table 2 reports the failure rates, from state 1 to state 2, of each component c j .
We further model a functional dependency among components c 1 , c 2 , c 3 . It is originated by the transition from state 1 to state 2 of a component c 3 which causes the instantaneous transition of components c 2 from state 1 to state 2. Then, the functional dependency can propagate to component c 1 by causing its transition from state 1 to state 2. The probability of the malfunction propagation, i.e., the probability that a transition of components c 2 from state 1 to state 2 causes the same state transition of component c 1 , is set to 0.75. Table 3 reports the probability of occurrence of all the possible patterns of alarms, ⊆ {a 1 1 , a 1 2 , a 1 3 , a 1 4 } , in 1 a.t.u. Table 4 reports the values of the I X (X) and I FDEP (X) metrics for all the patterns of alarms, computed by applying Eqs. 17 and 23, respectively, when the parameter of Eqs. 23 and 24 is set equal to 0.03. Notice that, as expected, the value of the metric I FDEP (X) is equal to 0 for all the spurious patterns of alarms (i.e., the patterns containing the spurious alarm a 1 4 ), and that the largest I FDEP (X) is assigned to the pattern [a 1 2 , a 1 3 , a 1 1 ] , which contains all the alarms involved in the FDEP. Since the Apriori-based algorithm tends to identify rules involving all the patterns (subsets) of alarms X ′ contained in the pattern (set) X FDEP formed by all the alarms involved in the FDEP, the largest value of the proposed metric is correctly assigned to the whole set of dependent alarms ( X FDEP ).   Table 4 Values of the I X (X) and I FDEP (X) metrics for all the subset of alarms of Table 5 X I X (X) I FDEP (X) The values of the metrics lift, interestingness and cosine have been computed by using the equations reported in the first column of Table 1 for all the 56 association rules that can be generated from the 15 patterns of Table 3. Table 5 reports the 8 association rules with the largest lift. Notice that rules N° 3 4 are also characterized by the largest interestingness and cosine. Among them, 6 rules are spurious (rules N° 1, 2, 5, 6, 7, 8) and only 4 rules are describing the actual functional dependency (rules N° 3, 4, 9, 10). Notice that, the spurious rules 1 and 2 are characterized by the largest value of lift (250) and their values of interestingness, cosine and laplace are larger than the values of rules 9, 10, which describe the actual functional dependency. Consequently, lift, interestingness and cosine cannot clearly discriminate spurious rules.
Then, to verify the effectiveness of the proposed metric Î FDEP (X) computed from an alarm database, the behaviour of the 4 components-system has been simulated for a period of time [ t 0 , t f ] = [0, 1500 a.t.u.] and a database of 784 alarm messages has been obtained. The Boolean matrix, T, is computed following the procedure of Sect. 2.2 considering Z = 1500 time intervals of 1 a.t.u. and the metrics have been computed for all the 56 association rules that can be generated from the database. Table 6 reports the same list of association rules reported in Table 6, evaluated considering the same metrics and the laplace metric. The obtained results confirm that only the proposed metric Î FDEP (X) is able to discriminate the spurious rules from a database of alarms.
To further analyze the robustness of the metrics with respect to the statistical fluctuations in the alarms occurrences, N = 1000 different alarm databases have been simulated and, for each database, the metrics have been computed. Table 7 reports the fraction of the databases in which the largest value of the considered metric is assigned to a spurious rule. As expected, only the value of the proposed metric, Î FDEP , is always larger for rules describing an actual functional dependency, whereas the other metrics are remarkably less robust to the statistical fluctuations. This result is confirmed by Table 8 which reports the minimum, maximum and average values, over the 1000 alarm databases, of the metrics for rule 3, which refers to a real functional dependency, and for rule 7, which contains a spurious alarm. Notice that the Î FDEP value of the spurious rule 3 is equal to zero in all the simulations, making clear its identification, whereas the other metrics tend to remarkably vary and they do not clearly discriminate the spurious rule from rule 7.
To verify the robustness of the proposed metric with respect to the probability of occurrence of the spurious alarm a 1 4 , P(a 1 4 ) , has been varied in the range [0.005, 0.7],  whereas the probabilities of occurrences of the other alarms and of the functional dependency have not been modified. Table 9 reports the fraction of the simulations in which a spurious rule obtains the largest value of the metrics over the N = 1000 database simulations, as a function of P(a 1 4 ) . Notice that, when the value of P(a 1 4 ) is larger than 0.01 only the proposed metric correctly identifies the spurious rules, whereas when P(a 1 4 ) is reduced to 0.01 or 0.005 the fraction of errors tend to increase. This is due to the fact that when P(a 1 4 ) is lower than 0.05, the number of occurrences in the database of the spurious rules is equal to 1 or 2. Thus, when the support is very small the discriminator factor of Eq. 24 can be satisfied by chance. Notice, however, that the minimum support threshold of the Apriori algorithm prevents the generation of rules characterized by 1 or 2 occurrences. On the contrary, the l ift , interestingness , ĉ osine and l aplace are likely to assign the largest value of the metric to a spurious rule with most of the values of P(a 1 4 ) . Notice that the smaller the fraction of simulations in which a spurious rule occurs, the smaller the probability of erroneously identifying a spurious rule as the one with the largest value of the metrics.
The sensitivity of the proposed metric with respect to the setting of the parameter of Eq. 24 is also investigated. Figure 1 shows the fraction of simulations in which at least one spurious rule has the value of Î FDEP larger than 0 and the fraction of simulations in which at least one rule containing a FDEP has Î FDEP equal to 0, as a function of the parameter . As discussed in Sect. 3.3, the lower the value of the parameter , the larger the probability that a spurious group satisfies the discriminator factor of Eq. 24. In particular, when the parameter is smaller than 0.01, the fraction of simulations in which the value Î FDEP of spurious rules is larger than 0 tends to increase. On the opposite, the larger the value of the parameter , the larger the probability that a rule containing a FDEP is not identified due to the condition P(X) > ⋅ max a k j ∈X P a k j in Eq. 24. Notice that when is in the range [0.01, 0.08], the proposed metric allows correctly identifying all the FDEPs and discriminating all the spurious rules.
Finally, notice that the proposed metric, Î FDEP , depends only on the patterns X = a k 1 j 1 , … , a k R j R and do not require the definition of an association rule. This makes it possible to apply the metric also in the pattern mining domain, by evaluating the effectiveness of a pattern in describing a functional dependency, without the need of extracting associations rules, which is a time-consuming task ( (Todd et al. 2016;Nielsen and Serio, 2016 Setting the minimum support and the minimum confidence thresholds equal to 0.02 and 0.8, respectively, 202 association rules have been obtained. Given the large number of obtained rules, it is important to prioritize them to identify the most interesting FDEPs of the CTI. To this aim, the rules have been ranked using the proposed metric Î FDEP with equal to 0.03, Î X and the association rule metrics reported in Table 1. Table 10 reports five rules with large Î FDEP values and their position in the ranking based on the other metrics. Rules 1, 2 and 3 involve the same group of alarms and differ only for the combination in the antecedent and consequent part. This is consistent with the facts that the Apriori algorithm tends to identify rules involving all the subsets of the alarm generated from a FDEP, and that an association rule r = {x a ⇒ y a } is a logical probabilistic expression and the rule direction,⇒ , does not imply causality among the components in the antecedent and consequent part of the rule (Antonello et al. 2019). According to CERN experts, these rules, which are characterized by the largest value of Î FDEP , describe the propagation of a malfunction triggered by a problem in a cooling tower of the CV system (revealed by the alarms a 2 1123 , a 2 1124 ) to the low pressure compressors (revealed by the alarms a 3 100 , a 3 101 , a 3 102 ), and the high pressure compressors of the Cryogenic system (revealed by the alarms a 4 123 , a 4 124 ). The analysis of the major failure events occurred in the past has shown that this FDEP was part of chain of malfunctions responsible of a CTI shutdown occurred in 2016. Also, the same FDEP occurred in 33 other events during 2016, without causing the CTI shutdown. This is due to the fact that to fully propagate and lead the CTI shutdown, the cascade of events triggered by the FDEP require particular operating condition and/or the deterioration of other components involved in the operations. Therefore, its early identification would have made possible the implementation of preventive procedure to reduce its probability of occurrence and/or the impact of its consequences. In detail, the identified functionally dependent groups of alarms involved in a FDEP would have allowed performing detailed analyses on the monitored key physical quantities of the components associated to the alarms, to investigate the causes of the malfunction and prevent their future occurrences. This highlights the importance of the rules and, therefore, confirms the capability of the proposed metric Î FDEP of identifying real functional dependencies among the CTI components. Similarly, the following rules of the Î FDEP ranking describe relevant FDEPs occurred in the CTI of CERN. Table 11 reports a rule containing, according to CERN experts, the spurious alarm a 2 1924 generated by an independent component of the CV system, which is not related to the alarms a 2 1374 and a 2 1424 , generated by two functionally dependent pumps of a cooling circuit (see rules 5 of Table 10). Also, the actual functional dependence is captured in Rule 5 of Table 10, making the spurious rule unnecessary.
Notice that this rule is clearly identified as spurious only from the proposed metric Î FDEP , whereas the other metric values are large and would identify it as an actual rule.
Also, according to the CTI experts and engineers, the rules ranking obtained by the application of the proposed metric provides practical indications for: updating the maintenance planning focusing on the importance of the discovered FDEPs; for example, increasing the frequency of the inspections of the component that causes the chain of events involved in a FDEP, with the objective of reducing the probability of their initiation; discarding the spurious patterns of alarms, which can lead to possible errors of diagnosis of cascading failures; implementing automatic or semi-automatic tools to support control room operators in real time in the management of alarms and failures. The discovered FDEPs can be used to warn the operators when an alarm involved in one of the discovered FDEPs occurs, in order to anticipate preventive interventions. Table 12 provides the description of the alarms involved in the rules of Tables 10 and 11. The complete list of alarms involved in the database cannot be provided for confidentiality reasons.

Conclusions
A novel metric for the evaluation of association rules mined from alarm data to identify FDEPs has been proposed. The proposed metric allows ranking the association rules obtained from the ARM algorithm. This is a fundamental task in real applications where hundreds of rules are typically generated, the use of the traditional association rule metrics has been shown to be not effective and their one-byone analysis is a time-consuming task. The effectiveness of the proposed metric has been shown by its application to the association rules generated from a simulated alarm database and a large-scale alarm database collected at CERN's CTI during 2016. The obtained results and the comparison with the traditional association rule metrics have shown (i) the capability of the proposed metric of allowing the identification of actual FDEPs, (ii) the ability to discriminate spurious rules, and (iii) the robustness with respect to statistical fluctuations.
For future works, one direction lies in the application of the proposed metric to the direct identification of FDEPs without the need of generating association rules. Also, since the concept of dependency plays an important role in many fields, such as database design, machine learning, knowledge discovery and medical applications, the application of the proposed metric for other objectives than the identification of FDEPs in CTIs will be investigated.
Funding Open access funding provided by Politecnico di Milano within the CRUI-CARE Agreement.

Conflict of interest
The authors declare that they have no conflict of interest.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http:// creat iveco mmons. org/ licen ses/ by/4. 0/.