How to handle extremely rare events in a meaningful way

Scott Ferson

Institute for Risk and Uncertainty, University of Liverpool

Nuclear Energy - GREEN CDT, 26 July 2023

​

Photo credit: Tatyana Ginzburg, used under license

This presentation has animations. Select Slide Show / From Beginning to see them.

Turn on recording and use microphone

Today

• Logistics
• Mostly lecture (sorry)
• But interrupt!
• Remind me at the break
• Discussion

​

• Download these slides from

https://sites.google.com/view/greenrisk

�NAFEMS is the International Association for the Engineering Modelling, Analysis and Simulation Community

​

​

​

https://en.wikipedia.org/wiki/Simulation_governance

​

Simulation governance is a managerial function concerned with assurance of reliability of information generated by numerical simulation. The term was introduced in 2011 ^[1] and specific technical requirements were addressed from the perspective of mechanical design in 2012.^[2] Its strategic importance was addressed in 2015.^[3][4] At the 2017 NAFEMS World Congress in Stockholm simulation governance was identified as the first of eight “big issues” in numerical simulation.

Edimu et al. (2010)

Risk analysis in engineering 26

So how are we doing? 7

Dependence 9

Kinds of uncertainty 8

Getting the inputs 18

Risk communication 3

Bayesian networks 4

Backcalculation 12

Conclusions 12

NAFEMS challenge

Fire alarm at 11 am

Look for the falconer on the roof next door

Open question

Suppose

A is in [2, 4]

B is in [3, 5]

What can be said about the sum A+B?

Credits (left to right):

https://www.telegraph.co.uk/news/worldnews/asia/japan/8863968/Fukushima-nuclear-disaster-timeline.html.

Unknown photographer - US Coast Guard - 100421-G-XXXXL- Deepwater Horizon fire (Direct link), public domain.

Pawel Kierzkowski, https://en.wikipedia.org/wiki/Air_France_Flight_447, CC BY-SA 3.0.

Dominic Alves from Brighton, England - Northern Rock Queue, CC BY 2.0.

The Ponte Morundi collapsed 45 meters killing 43 people, Image credit: The Daily Sabah

Kevin Rofidal, United States Coast Guard, https://en.wikipedia.org/wiki/I-35W_Mississippi_River_bridge, public domain.

https://www.youtube.com/watch?v=aXiZ3RHR3bg

​

RAAC (reinforced autoclaved aerated concrete), collapse of a school roof in Kent (2018) image credit: no credit

​

Morry Gash, NPR, https://www.npr.org/2017/08/01/540669701/10-years-after-bridge-collapse-america-is-still-crumbling?t=1614450713959

​

The British bank Northern Rock failed as a result of a bank run precipitated by the global financial crisis. It was the first bank in 150 years to fail due to a bank run.

Don’t confuse the Fukushima Daiichi nuclear plant with a more dramatic picture of natural gas storage tanks burn at a facility in Chiba Prefecture, near Tokyo, which was another consequence of the same earthquake and tsunami that affected the Fukushima Daiichi nuclear power plant.

2010 Failure of the blowout preventer led to eleven deaths, the largest-ever marine oil-spill, environmental catastrophe and costs to BP of more than $60B.

2009 crash with 228 fatalities of Air France flight 447 en route from Rio de Janeiro to Paris due to sensor failure and flawed human-software interaction

2011 explosive release of radioactive material in nuclear power plant meltdowns when cooling pumps lost battery power and backup generators were disabled by the tsunami resulting from the Tōhoku earthquake

https://programm.ard.de/TV/wdrfernsehen/kyrill---ein-orkan-fegt-durchs-land/eid_28111450974388

Ponte Morundi Collapse (2018)

Takoma Narrows (1940)

Challenger (1986)

Bhopal disaster (1984, 4000)

E. coli O157 (South Wales outbreak 2005; US 1993)

Fukushima Daiichi nuclear disaster 2011

Chernobyl 1986

Titanic (1912)

Minneapolis bridge (2004)

Mad cow

​

​

A radiation therapy machine caused 6 accidents in the late 1980s in which patients were given massive overdoses of radiation, because of a race condition program error. Now a standard case study in software engineering about the overconfidence of the engineers and lack of proper due diligence to resolve reported software bugs.

1988 explosive decompression at altitude of old aircraft with metal fatigue and possibly improper maintenance

Credits (left to right):

Seoul Metropolitan Fire & Disaster Headquarters, https://en.wikipedia.org/wiki/Sampoong_Department_Store_collapse, CC BY-SA 4.0, http://eungdapso.seoul.go.kr/Community/viewLongText.jsp?key=CD852A52B4760F9E09DBF27ABCB137A3AB33F5A7F1FF35C5B135421B870AD652.

Dennis Oda, AP, https://flightsafety.org/wp-content/uploads/2016/10/asw_mar11_p37-41.pdf, https://www.reddit.com/r/CatastrophicFailure/comments/euwgvz/on_28_april_1988_aloha_airlines_flight_243/, https://twitter.com/djsnm/status/996433183435509760.

Sally Banchbach, used under license.

Carl Montgomery, Flickr, https://en.wikipedia.org/wiki/Chernobyl_disaster#/media/File:Chernobylreactor_1.jpg, CC BY 2.0

FSIS, https://www.fsis.usda.gov/wps/wcm/connect/87caa3f9-0c76-45c7-be4e-84d73151ed9e/RD-2009-0011-072114.pdf?MOD=AJPERES, public domain

Catalina Márquez, https://en.wikipedia.org/wiki/Therac-25, CC BY-SA 4.0

Luca Frediani, https://en.wikipedia.org/wiki/Bhopal_disaster#/media/File:Bhopal-Union_Carbide_2.jpg, CC BY-SA 2.0

Dr. Lee Lowery, Jr., P.E., https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse#/media/File:Hyatt_Regency_collapse_end_view.PNG, public domain

https://en.wikipedia.org/wiki/Tacoma_Narrows_Bridge_(1940), public domain

Levy & fils, https://en.wikipedia.org/wiki/Gare_Montparnasse#/media/File:Train_wreck_at_Montparnasse_1895.jpg, public domain

Jon Bodsworth, Egypt Archive, https://en.wikipedia.org/wiki/Meidum#/media/File:02_meidum_pyramid.jpg, copyright free

​

Asteriod

Icelandic eruptions affecting European airtravel (2011)

Chilean eruption

California wildfires (2012)

Dought, pestilence

Landslide

Haiti earthquake (2010, 160,000)

Indian Ocean tsunami (2004, 280,000)

Yellow River floods (1931, ~4 million)

Risk assessment applications

• Pollution

heavy metals, pesticides, PMx, ozone, PCBs, EMF, RF, etc., thermal pollution

• Engineered systems

traffic safety, bridge design, airplanes, spacecraft, nuclear plants, reliability of electricity distribution

• Financial investments

portfolio planning, consultation, instrument evaluation

• Occupational hazards

manufacturing and factory workers, farm workers, hospital staff

• Food safety and consumer product safety

benzene in Perrier, E. coli in beef, salmonella in tomato, children’s toys

• Ecosystems and biological resources

endangered species, fisheries and reserve management, entrainment and impingement

$

More and more important

• To improve efficiencies, most regulatory agencies are shifting from standards-based to performance-based regulations

​

• Fire codes no longer say the stair wells have to be so wide; they just say the occupants must be able to evacuate the building in a given period of time

​

• Slaughter houses needn’t spend money on old ag-school rules if they can otherwise control enteric contaminants

​

• Risk analysis used to make the demonstrations

Risk analysis

• Everywhere in science and engineering today

​

• It was invented by the nuclear power industry

​

• Major contributions from the United Kingdom

​

• It is essential for next generation nuclear power

Throughout the nuclear industry

• Containment reliability
• Design and process safety
• Human factors
• Effects of thermal pollution from CWISs
• Entrainment & impingement of aquatic biota
• Reliability of electricity distribution networks
• Occupational safety
• Biotic control
• Financial management

Risk

• Chance that something bad happens, together with how bad it is

​

• Chance is usually measured by probability

​

• The pair of values may be given as a product, or as a graph when there are many pairs

Risk as product

• Probability × severity = “Expected” injury

​

• Would you prefer to kill 1000 people with probability 1%, or to surely kill 10 people?

​

• To escape such decisions, risk analysts often prefer to show all outcomes graphically and let someone else decide

​

Risk curve

Badness

-1

10

0

1

Probability

0

Mortality

Financial loss

Sometimes called a Farmer curve (after the British nuclear regulator)

Probability unitless

Percentage per demand or outcome

Density per unit outcome

Frequency per unit time or outcome

Qualitative per unit

(e.g., ‘rare’, ‘plausible’, etc.)

Reg said

• No line between safe and unsafe

​

• Nothing has no risk

​

• But we can quantify the risks

https://web.archive.org/web/20121218194620/https://netfiles.uiuc.edu/mragheb/www/NPRE%20457%20CSE%20462%20Safety%20Analysis%20of%20Nuclear%20Reactor%20Systems/The%20Risk%20Assessment%20Methodology.pdf

© M. Ragheb1/8/2011

In 1986, IAEA estimated 4,000 projected deaths due to Chernobyl

Risk assessment

• Quantification of risk

​

• Basically, systematic “what-if” thinking

​

• Same as safety assessment

​

• Many confused synonyms
• Assessment, characterization, evaluation, analysis, quantification

Risk management

• What we’re going to do about the risks

​

• Usually includes the development and application of strategies or policies to remove, reduce or work around risks

​

• May also include monitoring risks and communicating risks

Old school risk analysis

• Because they were pioneering the discipline, they made a few mistakes

​

• Assuming independence too much

​

• Using uniforms or flat priors for “I don’t know”

​

• Using stochastic mixture as averaging or using averages

​

• The nuclear industry has not sustained its lead

Carelessness about ensembles is perhaps their fourth mistake

Traditional practice

• Most assessments are deterministic

​

• Some are deliberately conservative, but

​

• degree of conservatism is opaque, unquantified, inconsistent

​

• difficult to characterize risks, except in extreme situations

What’s needed

An assessment should tell us

​

• How likely the various consequences are

​

• How reliable the conclusions are

Probability distribution display

• Density distribution or mass distributions

​

​

​

• Cumulative distribution function (CDF)

​

​

​

• Complementary CDF (exceedance risk)

Pr(X ≤ x)

x

x

Pr(x ≤ X)

x

p(x)

0

1

0

1

CDF is not core damage frequency!

Probabilistic models

• The same as deterministic models except that point values are replaced by probability distributions

​

• Well, almost
• Ensembles
• Distribution shapes and tails
• Dependencies
• Backcalculations

wrinkles

Ensemble

• Statisticians call it the “population” or “reference class”

​

• E.g., dysfunction rates in prostate patients
• 50% of attempts at sex fail, or
• 50% of men are totally impotent

​

Specification of ensembles

• Above all, be clear
• 1% of lethal dose per day / lethal dose on 1% of days
• Assessment units: birds, meals, days, fields, …
• Assessment ensemble: all birds, or just those on site?

​

• Mismatched input distributions yield gibberish

​

• If the analyst can’t say what ensemble a distribution represents, the analysis may be meaningless

Combining distributions (convolution)

X

X+Y

=

+

Y

Convolution is getting the output distribution from the input distributions. Monte Carlo is one way to do this.

Integrated calculations

Z

Y

X

W

f(W,X,Y,Z)

This is unlike intrusive analyses that solve operations sequentially

Sample realizations from each input distribution, and combine them to compute a scalar output value. Repeat many times to accumulate a distribution of output values.

Typical risk analysis problems

• Fault tree analysis, event trees, etc.
• Bayes nets
• Arithmetic expressions
• Strength − stress comparisons

​

Case study: dike reliability

The inputs

Relative density of the revetment blocks

• = uniform(1.60, 1.65)

Block thickness

D = uniform(0.68, 0.72) meters

​

Slope of the revetment

• = atan(uniform(0.32, 0.34)) radians

​

Analysts’ “model uncertainty” factor

M = uniform(3.0, 5.2)

​

Significant wave height (average of the highest third of waves)

H = weibull(1.35 meters, 11)

​

Offshore peak wave steepness

s = normal(0.04, 0.0055)

How do we specify these distributions?

Analysis

Z

Probability of Z being negative

(i.e., dike failure) is very small

0

1

0

1

(meters)

Cumulative probability

Z

0

1

0

P = 0.000015

Script for the R programming language

# case study for reliability of the dike

m = 1000000 # number of replications

delta = runif(m, 1.60, 1.65) # density of the revetment blocks

D = runif(m, 0.68, 0.72) # block thickness

alpha = atan(runif(m, 0.32, 0.34)) # slope of the revetment

M = runif(m, 3.0, 5.2) # “model uncertainty” factor

H = rweibull(m, 11,1.35) # significant wave height

s = rnorm(m, 0.04, 0.0055) # offshore peak wave steepness

Z = delta * D - (H* tan(alpha)) / (cos(alpha)*M*sqrt(s))

plot(ecdf(Z)); sum(Z<0)/m

Google “download R”

So how are we doing?

Dramatic technocratic failures

• Kansai International Airport wishful thinking
• Diablo Canyon Nuclear Power Plant empirically incorrect
• Vioxx withdrawal missed decision context
• Fukushima non-redundancy
• Mars Climate Orbiter units
• Google Flu drank the Koolaid
• Ariane 5 integer overflow
• Minneapolis bridge collapse “one in a billion”

These are not noble failures

• They are not simply unfortunate but expected extreme tail events

​

• Occur more often than our risk estimates predict

​

• Managers never see the problems coming

​

• Analysts are doing the risk estimations wrong

​

Famous ‘misunderestimations’

• Shuttle risk estimated at 1/10,000 per flight, it was actually 1 per 70 flights

​

• Grossly understating financial risks precipitated the 2007−2008 recession

​

• 100-year flood risks underestimated and uncertainties not communicated

​

• Failure cascades in electricity distribution systems are more common than they are forecasted to be

1998 National Weather Service, US Army Corps

(RAWG 2005; USCPSOTF 2006)

We are understating risks and uncertainties

• NASA estimated the risk of losing the Space Shuttle at 1/10,000 per flight, but its observed failure rate was 1/70 flights (Hamlin et al. 2011; Oberkampf and Roy 2010)

​

• National Weather Service and the Army Corps of Engineers underestimated risks of “100-year floods” and flubbed flood risk communication(Morss&Wahl 2007; NRC 2006; NWS 1998)

​

• Observed failures and near-misses found at the Diablo Canyon Nuclear Power Plant reveal gross understatement of its assessed risks (Lochbaum 2011)

​

• Failure cascades in power grids are more common than forecasted (RAWG 2005; USCPSOTF 2006)

​

• Understating risks in the financial industry caused the Great Recession (Savage 2012; Silver 2012)

​

• An engineer called the 2007 Minneapolis bridge collapse a “billion to one” event

What are we doing wrong?

• Underestimation of the uncertainties of original measurements
• Unjustified use of independence assumptions
• Overly precise dependence assumptions
• Unjustified assumption of equiprobability
• Inappropriate use uniform distributions
• Modelling epistemic uncertainty the same way as aleatory
• Not accounting for model-form uncertainty
• Modelling volitional choices with distributions as though they’re random
• Using averaging as an aggregation
• Making assumptions for the sake of mathematical convenience

Wishful thinking

These mistakes can compound

• The errors all work in the same direction: underestimation of risks

​

• Omitting uncertainties likewise lead to understating risks

​

​

Northeast Blackout of 2003

• Most widespread in history after Southern Brazil Blackout of 1999

​

• 55 million people affected

​

• Traced to a software bug in a control room alarm system in Ohio

​

• Electric Reliability Organization was created in the aftermath

I reviewed a paper for Risk Analysis on reliability theory by candle light.

Almost 200,000 km of lines, operated by 500 separate companies

Dependence

Dependence

• Most variables are assumed to be independent

​

• But some variables clearly aren’t
• Density and porosity
• Rainfall and temperature
• Body size and skin surface area
• Adjacent or chained delivery systems

Dependence can be complex

X

Y

Dependence is subtler than correlation

Knowing the correlation doesn’t tell you the dependence. Each plot has (Pearson) correlation 0.816

​

op <- par(las=1, mfrow=c(2,3), mar=1.5+c(4,4,1,1), oma=c(0,0,0,0),

lab=c(6,6,7),

#cex.lab=2.0, cex.axis=1.3,

mgp=c(3,1,0))

ff <- y ~ x

for(i in 1:4) {

ff[[2]] <- as.name(paste("y", i, sep=""))

ff[[3]] <- as.name(paste("x", i, sep=""))

lmi <- lm(ff, data= anscombe)

xl <- substitute(expression(x[i]), list(i=i))

yl <- substitute(expression(y[i]), list(i=i))

plot(ff, data=anscombe, col="red", pch=21, cex=2.4, bg = "orange",

xlim=c(3,19), ylim=c(3,13)

# , xlab=eval(xl), ylab=yl # for version 3

, xlab='', ylab='' # for version 3

)

abline(lmi, col="blue")

​

​

​

}

​

x = c(4,8,13.269,17.5); y = c(4,10,8,12.5); plot(x,y

,col="red", pch=21, cex=2.4, bg = "orange",

xlim=c(3,19), ylim=c(3,13)

, xlab='', ylab='' # for version 3

); cor(x,y)

abline(lmi, col="blue")

​

x = c(6,4,8,10,13,17.5,16,14,15,17.3); y = c(5.468,4,6,8,13,9.241,11,11.5,12,10); plot(x,y

,col="red", pch=21, cex=2.4, bg = "orange",

xlim=c(3,19), ylim=c(3,13)

, xlab='', ylab='' # for version 3

); cor(x,y)

abline(lmi, col="blue")

​

​

par(op)

​

​

​

​

http://en.wikipedia.org/wiki/Correlation_and_dependence

http://en.wikipedia.org/wiki/File:Anscombe%27s_quartet_3.svg (four of these six graphs)

​

This is a featured picture, which means that members of the community have identified it as one of the best images on the English Wikipedia, adding significantly to its accompanying article. If you have a different image of similar quality, be sure to upload it using the proper free license tag, add it to a relevant article, and nominate it.

Case study: Vesely’s tank

What’s the chance the tank ruptures under pumping?

Vesely et al. 1981

Fault tree and its Boolean expression

E1 = T ∨ (K2 ∨ (S & (S1 ∨ (K1 ∨ R))))

Bill Vesely’s subjective probabilities

E1 = T ∨ (K2 ∨ (S & (S1 ∨ (K1 ∨ R))))

Component

Pressure tank T 

Relay K2 

Pressure switch S 

Relay K1 

Timer relay R 

On-switch S1 

Probability

5 × 10⁻⁶

3 × 10⁻⁵

1 × 10⁻⁴

3 × 10⁻⁵

1 × 10⁻⁴

3 × 10⁻⁵

Different dependency models

Vesely et al. (all variables independent)

E1 = T |∨| (K2 |∨| (S |&| (S1 |∨| (K1 |∨| R))))

​

Mixed dependencies

E1 = T |∨| (K2 ∨ (S &_r (S1 |∨| (K1 /∨/ R))))

​

Correlated to no assumption about dependence

E1 = T |∨| (K2 ∨ (S & (S1 |∨| (K1 /∨/ R))))

​

No assumptions about any dependencies

E1 = T ∨ (K2 ∨ (S & (S1 ∨ (K1 ∨ R))))

​

Results

10⁻⁵

10⁻⁴

10⁻³

Probability of tank rupturing under pumping

Mixed dependencies

Relaxing S–(S1,K1,R) dependence

No dependence assumptions

All variables independent

3.5×10⁻⁵

[3.499×10⁻⁵, 3.504×10⁻⁵]

[3.50×10⁻⁵, 1.35×10⁻⁴]

[3×10⁻⁵, 1.4×10⁻⁴]

• Independence assumption seems to be non-conservative
• Some relaxations make a big difference, some don’t (have to do the analysis)
• Even making no assumptions at all doesn’t make the result vacuous

Can’t always assume independence

• If you know the mechanism of dependence, you can model it

​

​

• Or, should reproduce the statistical patterns

​

​

• If dependence unknown, can’t use either way

​

​

• Even small correlations can have a big effect on convolutions

Kinds of uncertainty

Sources of uncertainties

• Thermal noise (Johnson−Nyquist) electronics
• Poisson counting noise (integrality) disintegrations
• Sampling uncertainty (some of a population)
• Unmodelled factors (unknown unknown) seismicity
• Quantum mechanics (God does play dice) Schrödinger
• Measurement uncertainty (plus-or-minus) ½ or 1 unit

​

• Etymologically, random means unpredictable

​

https://www.youtube.com/watch?v=6EsuJDpDvW0 ; https://www.youtube.com/watch?v=3gcEhGlfu4U

Two kinds of uncertainty

• Variability
• Aleatory uncertainty
• Type A uncertainty
• Stochasticity
• Randomness
• Chance
• Risk

• Incertitude
• Epistemic uncertainty
• Type B uncertainty
• Ambiguity
• Ignorance
• Imprecision
• True uncertainty

Monte Carlo methods

and probability theory

Interval arithmetic and

constraint analysis

They can change in different contexts. Distinguishing them may be subtle, sometimes like dividing ice from snow. But it’s essential to do so, as getting hit with a snowball is different from getting hit with a block of ice.

Photo credit: Jason Hollinger, https://commons.wikimedia.org/wiki/File:Feathery_Snow_Crystals_(2217830221).jpg, behind translucent filter

Variability = aleatory uncertainty

• Arises from natural stochasticity

​

• Variability arises from
• spatial variation
• temporal fluctuations
• manufacturing or genetic differences

​

• Not reducible by empirical effort

​

Incertitude = epistemic uncertainty

• Arises from incomplete knowledge

​

• Incertitude arises from
• limited sample size
• mensurational limits (‘measurement uncertainty’)
• use of surrogate data

​

• Reducible with empirical effort

​

Propagating incertitude

Suppose

A is in [2, 4]

B is in [3, 5]

What can be said about the sum A+B?

The right answer for

risk analysis is [5,9]

Must be treated differently

• Variability should be modeled as randomness with probability theory

​

• Incertitude should be modeled as ignorance with methods of interval or constraint analysis

​

• Imprecise probabilities or probability bounding can do both at once

Propagation methods

• Analytical (delta method, Laplace transforms)

​

​

• Monte Carlo simulation

​

​

• Probability bounding (imprecise probabilities)

​

��Relaxing all assumptions�� Laplace Dependence Shape

Cumulative distribution of Laplace’s unreasonable triangular density function

Any CDF inside this region is possible…same as interval

This contains any CDF arising from dependent uniforms

Aleatory or epistemic?

“These concepts only make unambiguous sense if they are defined with the confines of a model of analysis. In one model an addressed uncertainty may be aleatory, in another model it may be epistemic. So, the characterization of uncertainty becomes a pragmatic choice dependent on the purpose of the application.” (Der Kiureghian and Ditlevsen 2009)

“The probability of a component failure is 0.01”

• An aleatoric interpretation
• On average, 1 in every 100 components of this type will fail

​

• An epistemic interpretation
• There is 0.01 probability that all components of this type will fail

​

• Very different characterizations of an uncertainty statement

​

• Once understood, proper analysis is straightforward

(Jon Helton 2009)

Getting the inputs

Expert elicitation

Maximum likelihood

Bayesian inference

PERT

Method of moments

Maximum entropy

Estimation

methods

the great frontier of making things up

A two-front assault

How to specify input distributions

• Default distribution
• PERT
• Expert opinion
• Maximum entropy
• Fitted distribution (goodness of fit)
• Method of matching moments
• Maximum likelihood
• Bayesian analysis
• Empirical distribution

Default distributions

• Physicists overuse normal distributions
• Risk analysts overuse uniform distributions
• Reliability engineers overuse Weibulls
• Ecologists overuse lognormals
• Statisticians overuse beta distributions
• Food safety overuses triangular distributions

​

Cooper’s quip

Arguments (frequently abused)

• Sum of many independent comparable terms (normal)
• Product of many independent factors (lognormal)
• Largest of many values (Gumbel, Weibull, Fréchet)
• Lifetimes with neither aging nor burn-in (exponential)
• Symmetry (uniform)
• Rare discrete events (Poisson)
• Independent trials (binomial)

Engineers cannot always get data

• New systems may have no performance history
• spacecraft of new design or in a new environment
• biology using novel genetic constructs that have never existed before
• components so well constructed that there’s no failure data

​

• Three ways to estimate probabilities without data
• disaggregation into parts whose probabilities are easier to estimate (i.e., breaking it into subproblems)
• expert elicitation (i.e., guessing)
• modern statistical estimation

Rare events

• Often the driving concern in analyses
• Typically big consequences
• Hardly ever characterized by good data
• Perhaps never seen, or seen only once
• How can we estimate the probability of a rare event?

​

Random sample data

• Maximum likelihood says p is zero for never-seen events
• Nobody believes this is a reasonable estimate
• Bayesian estimator is more reasonable…

Just kidding

0

1

0

1

2

Probability density

Means

0.001 Haldane

0.0015 Jeffreys

0.001986 Zellner

0.001996 Bayes-Laplace

Data is “once out of 1000”

Data is “zero out of 1000”

​

Means

0 Haldane

0.0005 Jeffreys

0.000942 Zellner

0.000998 Bayes-Laplace

Random sample data

• Maximum likelihood says p is zero for never-seen events
• Nobody believes this is a reasonable estimate
• The Bayesian estimator is many things
• ‘Reasonable’ only in that it’s whatever you want
• Modern estimators
• Imprecise beta (Dirichlet) models
• Confidence structures

Confidence structure (c-box)

• Estimator of a (fixed) parameter
• Gives confidence intervals for the parameter at any confidence level

α

β

(α−β)100% confidence interval

θ

Confidence boxes

• Structures that infer confidence intervals, at any level, for a parameter

​

• Can be propagated just like p-boxes

​

• Allow us to compute with confidence

​

• Generalize confidence distribution (e.g. Student t)

​

• Different from confidence bandssuch as Kolmogorov-Smirnov or distributional bands

​

​

Estimators

• Point estimates (e.g., sample mean)

​

• Interval estimates (e.g., confidence intervals)

​

• Distributional estimates (Bayesian posteriors)

​

• P-box-shaped estimates (e.g., c-boxes)

​

Probability of rare event

• Inference about a probability from binary data, k successes out of n trials

​

​

​

p ~ [beta(k, n−k+1), beta(k+1, n−k)]

​

notation extends the use of tilda

Data

k = 2

n = 10

Binomial rate

0

.4

.8

0

.2

.4

.6

.8

1

1

.2

.6

p

0/1

1/1

0/0

0/2

1/2

2/2

0/3

1/3

2/3

3/3

0/20

15/20

20/20

0/200

150/200

200/200

0/2000

1500/2000

2000/2000

…

…

…

…

…

…

…

…

…

…

…

…

Notice that the c-boxes in every row partition the vacuous ‘dunno’ interval

Zero out of 10^k trials

0 8×10^−k

“zero corner”

One out of 10^k trials

0 10^1−k

“once corner”

Computing with c-boxes

Plan A

249 out of 1,014 failed

Plan B

39 out of 60 failed

Plan C

17 out of 20 failed

What if we tried all three plans independently?

Conjunction (AND)

a = balchbox(100,25)

b = balchbox(60,39)

c = balchbox(20,17)

​

ABC = a %&% b %&% c

​

abc = a %|&|% b %|&|% c

0

0.2

0.4

0.6

0.8

1

0

1

Probability that all three plans fail

Has the confidence performance!

Probability

Vesely’s pressurized tank

on-off switch S1 relay K1 timer relay R

0/2000 3/500 1/150

​

​

​

0/460 7/10000 0/380

tank T relay K2 pressure switch S