基于STPA-Bayes模型的机载平视显示系统安全性分析与评价

doi:10.3969/j.issn.1001-506X.2020.05.15

系统工程与电子技术 ›› 2020, Vol. 42 ›› Issue (5): 1083-1092.doi: 10.3969/j.issn.1001-506X.2020.05.15

基于STPA-Bayes模型的机载平视显示系统安全性分析与评价

赵长啸^1,²(), 李浩^1,³(), 董磊^1,⁴(), 王鹏^1,⁴()

1. 中国民航大学适航学院, 天津 300300
2. 中航工业洛阳电光设备研究所光电控制技术重点实验室, 河南洛阳 471000
3. 中国民航大学中欧航空工程师学院, 天津 300300
4. 民航航空器适航审定技术重点实验室, 天津 300300

收稿日期:2019-10-10 出版日期:2020-04-30 发布日期:2020-04-30
作者简介:赵长啸(1989-),男,讲师,博士,主要研究方向为民机航电系统设计与评估、航空电子综合研究。E-mail:zhaochangxiao@yeat.net|李浩(1995-),男,硕士研究生,主要研究方向为航电系统可靠性与安全性。E-mail:damienleeh@foxmail.com|董磊(1983-),男,讲师,博士,主要研究方向为形式模型与安全性评估。E-mail:dlcauc@126.com|王鹏(1982-),男,研究员,博士,主要研究方向为民机系统安全性设计与评估、机载电子硬件适航技术。E-mail:pwang_cauc@163.com
基金资助:
国家自然科学基金-民航联合基金(U1933106);航空科学基金(20185167017);中央高校基本科研业务费(3122019167)

Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model

Changxiao ZHAO^1,²(), Hao LI^1,³(), Lei DONG^1,⁴(), Peng WANG^1,⁴()

1. College of Airworthiness, Civil Aviation University of China, Tianjin 300300, China
2. Science and Technology on Electro-optic Control Lab, Luoyang Institute of Electro-optic Equipment, Aviation Industry Corporation of China, Luoyang 471000, China
3. Sino-European Institute of Aviation Engineering, Civil Aviation University of China, Tianjin 300300, China
4. Key Lab of Civil Aircraft Airworthiness Technology, CAAC, Tianjin 300300, China

Received:2019-10-10 Online:2020-04-30 Published:2020-04-30
Supported by:
国家自然科学基金-民航联合基金(U1933106);航空科学基金(20185167017);中央高校基本科研业务费(3122019167)

摘要/Abstract

摘要：

机载平视显示(head-up display, HUD)系统可以大幅提高恶劣天气下的飞机起降成功率,已成为我国民航重点推广的安全提升技术。构建低能见度下飞机使用HUD系统进行特殊Ⅰ/Ⅱ进近场景,利用系统理论过程分析(system-theoretic process analysis, STPA)方法识别该场景下潜在的不安全控制行为,通过严格的形式化语言对其进行验证与致因分析,并给出了包含21条通用因素的致因场景分析框架。同时,为弥补STPA方法缺少定量分析的缺点,引入贝叶斯网络计算不安全控制行为发生概率,提出了STPA-Bayes安全性分析与评价模型。结果表明,该方法能有效地识别并分析系统潜在的危险,减少人为因素对分析结果的影响,为机载显示系统的安全性分析提供支持。

关键词: 安全性分析, 系统理论过程分析, 形式化验证, 贝叶斯网络, 平视显示系统

Abstract:

The airborne head-up display (HUD) system can greatly improve the success rate of take-off and landing in bad weather and has become a safety promotion technology promoted by the civil aviation administration of China. By constructing a special Ⅰ/Ⅱ approach scene using the HUD system under low visibility, the system-theoretic process analysis (STPA) is used to identify potential unsafe control actions in this scenario. The verification and scenario analysis is carried out through strict formal language, and a scenario analysis framework containing 21 general factors is presented. In order to make up the shortcomings of lacking quantitative analysis, the Bayesian network is introduced to calculate the probability of unsafe control action, and the STPA-Bayes safety analysis and evaluation model is proposed. The results show that this method can effectively identify and analyze potential hazards of the system, reduce the influence of human factors on the results, and provide supports to the safety analysis of the airborne display system.

Key words: safety analysis, system-theoretic process analysis (STPA), formal verification, Bayesian network, head-up display (HUD) system

中图分类号:

赵长啸, 李浩, 董磊, 王鹏. 基于STPA-Bayes模型的机载平视显示系统安全性分析与评价[J]. 系统工程与电子技术, 2020, 42(5): 1083-1092.

Changxiao ZHAO, Hao LI, Lei DONG, Peng WANG. Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model[J]. Systems Engineering and Electronics, 2020, 42(5): 1083-1092.

图/表 14

图1

图2

图3

图4

图5

表1

图6

表2

图7

表3

图8

图9

图10

图11

参考文献 30

1	修忠信. 民用飞机系统安全性设计与评估技术概论[M]. 上海: 上海交通大学出版社, 2013.
	XIU Z X . Introduction to safety design and evaluation technology for civil aircraft systems[M]. Shanghai: Shanghai Jiaotong University Press, 2013.
2	OZARIN N W. Bridging software and hardware FMEA in complex systems[C]//Proc.of the Reliability & Maintainability Symposium, 2013: 1-6.
3	LEVESON N . A new accident model for engineering safer systems[J]. Safety Science, 2004, 42 (4): 237- 270.
4	YOUSEFI A , RODRIGUEZ H M . Using a system theory based method (STAMP) for hazard analysis in process industry[J]. Journal of Loss Prevention in the Process Industries, 2019, 61, 305- 324.
5	SULTANA S , OKOH P , HAUGEN S . Hazard analysis: application of STPA to ship-to-ship transfer of LNG[J]. Journal of Loss Prevention in the Process Industries, 2019, 60, 241- 252. doi: 10.1016/j.jlp.2019.04.005
6	LEVESON N, FLEMING C, THOMAS J. A comparison of STPA and the ARP 4761 safety assessment process[EB/OL].[2019-07-22].http://sunnyday.mit.edu/STAMP/ARP4761-Comparison-Report-final-2.pdf.
7	KHAWAJI I A. Developing system-based leading indicators for proactive risk management in the chemical processing industry[D]. Boston: Massachusetts Institute of Technology, 2012.
8	REJZEK M , HILBES C . Use of STPA as a diverse analysis method for optimization and design verification of digital instrumentation and control systems in nuclear power plants[J]. Nuclear Engineering and Design, 2018, 331, 125- 135.
9	HAN X , TANG T , LU J D . Analysis of requirement-errors-caused failure of on-board subsystem of CTCS-3 train control system based on failure logs[J]. Journal of the China Railway Society, 2017, 39 (3): 59- 70.
10	ZHANG Y, LIU S. STPA based safety analysis of regional data center in ctcs-1 train control system[C]//Proc.of the International Conference of Safety Produce Informatization, 2019: 240-245.
11	王瑛, 郭之俊, 孙贇, 等. 基于IDAC-STPA模型的战机飞行安全性分析与评价[J]. 系统工程与电子技术, 2019, 41 (5): 1056- 1062.
	WANG Y , GUO Z J , SUN W , et al. Aircraft flight safety analysis and simulation based on IDAC-STPA model[J]. Systems Engineering and Electronics, 2019, 41 (5): 1056- 1062.
12	HU J B , ZHENG L , XU S K . Safety analysis of wheel brake system based on STAMP/STPA and Monte Carlo simulation[J]. Journal of Systems Engineering and Electronics, 2018, 29 (6): 1327- 1339. doi: 10.21629/JSEE.2018.06.20
13	王洁宁, 孙晓萌. 基于STPA空管运行系统安全分析方法研究[J]. 武汉理工大学学报, 2017, 39 (12): 54- 60.
	WANG J N , SUN X M . Research on safety analysis of air traffic control system based on STPA[J]. Journal of Wuhan University of Technology, 2017, 39 (12): 54- 60.
14	KRAUSS S S , REJZEK M , HILBES C . Tool qualification considerations for tools supporting STPA[J]. Procedia Engineering, 2015, 128 (11): 15- 24.
15	LONGJI D A , EMILIA V . System safety assessment based on STPA and model checking[J]. Safety Science, 2018, 109 (11): 130- 143.
16	YANG P , KARASHIMA R , OKANO K . Automated inspection method for an STAMP/STPA-fallen barrier trap at railroad crossing[J]. Procedia Computer Science, 2019, 159 (9): 1165- 1174.
17	LEVESON N . Engineering a safer world: systems thinking applied to safety[M]. Cambridge: MIT Press, 2011.
18	邓雪峰, 孙瑞志, 聂娟, 等. 基于时间自动机的温室环境监控物联网系统建模[J]. 农业机械报, 2016, 47 (7): 301- 308.
	DENG X F , SUN R Z , NIE J , et al. Greenhouse environment monitoring iot system modeling based on timed automata[J]. Transactions of the Chinese Society for Agricultural Machinery, 2016, 47 (7): 301- 308.
19	NIGRO L, SCIAMMARELLA P F. Statistical model checking of distributed real-time actor systems[C]//Proc.of the IEEE/21st ACM International Symposium on Distributed Simulation and Real Time Applications, 2017: 1-8.
20	LU Y , SUN M . Modeling and verification of IEEE 802.11i security protocol in UPPAAL for internet of things[J]. International Journal of Software Engineering and Knowledge Engineering, 2018, 28 (11/12): 1619- 1636.
21	王国卿, 庄雷, 王瑞民, 等. 基于时间自动机的物联网网关安全系统的建模及验证[J]. 通信学报, 2018, 39 (3): 63- 75. doi: 10.3969/j.issn.1001-2400.2018.03.012
	WANG G Q , ZHUANG L , WANG R M , et al. Modeling and verifying based on timed automata of Internet of things gateway security system[J]. Journal on Communications, 2018, 39 (3): 63- 75. doi: 10.3969/j.issn.1001-2400.2018.03.012
22	NIGRO L , SCIAMMARELLA P F . Qualitative and quantitative model checking of distributed probabilistic timed actors[J]. Simulation Modelling Practice and Theory, 2018, 87, 343- 368. doi: 10.1016/j.simpat.2018.07.011
23	LEVESON N, THOMAS J. STPA handbook[EB/OL].[2019-07-22].http://psas.scripts.mit.edu/home/get_file.php?name=STPA_handbook.pdf.
24	陈长飞, 白国强. 贝叶斯网络在消防系统可靠性分析中的应用[J]. 中国安全科学学报, 2018, 28 (6): 97- 102.
	CHEN C F , BAI G Q . Application of Bayesian network in analysis of reliability of fire protection system[J]. Chinese Journal of Safety Science, 2018, 28 (6): 97- 102.
25	ABAEI M M , ABBASSI R , GARANIYA V . Reliability assessment of marine floating structures using Bayesian network[J]. Applied Ocean Research, 2018, 76 (6): 51- 60.
26	KABIR S , PAPADOPOULOS Y . Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: a review[J]. Safety Science, 2019, 115 (6): 154- 175.
27	IEŠMANTAS T , ALZBUTAS R . Bayesian spatial reliability model for power transmission network lines[J]. Electric Power Systems Research, 2019, 173 (8): 214- 219.
28	JIANG L , LIU Y L , WANG X M , et al. Operation-oriented reliability and availability evaluation for onboard high-speed train control system with dynamic Bayesian network[J]. Proceedings of the Institution of Mechanical Engineers, 2019, 233 (3): 455- 469.
29	GUETARNI H M I , AISSANI N , CHÂTELET E , et al. Relia- bility analysis by mapping probabilistic importance factors into Bayesian belief networks for making decision in water deluge system[J]. Process Safety Progress, 2019, 38 (2): 1- 14.
30	王鹏, 李浩, 赵长啸, 等. 基于STPA的机载平视显示系统安全性分析[J]. 电讯技术, 2019, 59 (12): 1469- 1476.
	WANG P , LI H , ZHAO C X , et al. Safety analysis of head-up display system based on STPA[J]. Telecommunication Engineering, 2019, 59 (12): 1469- 1476.

类型	未提供控制行为	提供错误的控制行为	控制行为时序错误	控制行为作用时间错误
UCA描述	UCA-1:飞行员正确操作后, HUD未显示飞行和导引信息	UCA-2:飞行员正确操作后, HUD显示错误的飞行和导引信息,且未显示告警信息 UCA-3:HUD显示正确的飞行和导引信息时,显示了告警信息	UCA-4:飞行员正确操作后, HUD画面显示延时 UCA-5:HUD在显示错误的飞行和导引信息后,未及时显示告警信息	N/A
导致的危险	H1-2, H2-2, H3-1	H1-3, H2-3, H3-2	H1-3, H2-2, H3-2	N/A
导致的事故	A-4	A-1, A-2, A-3, A-4	A-1, A-2, A-3, A-4	N/A
影响等级	Ⅲ	Ⅱ	Ⅱ	N/A
概率要求	小于10E-5	小于10E-7	小于10E-7	N/A

节点名称	先验概率
HCP_DPM	7.2E-8
HCP_MM	6.5E-8
HUDC_IOM	5.7E-9
HUDC_DPM	2.3E-8
HUDC_GPM	8.8E-8
HUDC_MM	2.6E-8
HUDC_A818	6.7E-9
HPU_A818	1.4E-8
HPU_DCM	3.8E-8
HPU_ICM	2.5E-8
HPU_ISM	1.1E-8
HCU_RFM	1.2E-8

[1]	李耀华, 高源. 基于STPA-ANP模型的民机系统安全性分析[J]. 系统工程与电子技术, 2022, 44(9): 2986-2994.
[2]	李懿凡, 钱华明, 黄洪钟, 张庭瑜, 黄土地. 基于广义连续时间贝叶斯网络的指挥控制网络系统可靠性分析[J]. 系统工程与电子技术, 2022, 44(12): 3880-3886.
[3]	王鹏, 孙紫荆, 张帆, 肖国松. 考虑概率型共因失效的多阶段任务系统可靠性分析模型[J]. 系统工程与电子技术, 2022, 44(12): 3887-3898.
[4]	乔殿峰, 梁彦, 马超雄, 杨心语, 汪冕, 李建国. 多域作战下的群目标意图识别与预测[J]. 系统工程与电子技术, 2022, 44(11): 3403-3412.
[5]	刘延钊, 黄志球, 沈国华, 王金永, 徐恒. 基于决策树和BN的自动驾驶车辆行为决策方法[J]. 系统工程与电子技术, 2022, 44(10): 3143-3154.
[6]	赵禄达, 王斌. 基于RS-DBN的电子对抗目标清单生成方法[J]. 系统工程与电子技术, 2021, 43(9): 2373-2382.
[7]	陈洪转, 赵爱佳, 李腾蛟, 蔡匆聪, 程硕, 徐春丽. 基于故障树的复杂装备模糊贝叶斯网络推理故障诊断[J]. 系统工程与电子技术, 2021, 43(5): 1248-1261.
[8]	孙雪, 黄志球, 沈国华, 王金永, 徐恒. 基于本体和BN的无人车行为决策方法[J]. 系统工程与电子技术, 2021, 43(2): 452-465.
[9]	柯宇航, 李艳军, 曹愈远, 张兴成. 基于模型的飞控系统安全性分析研究[J]. 系统工程与电子技术, 2021, 43(11): 3259-3265.
[10]	曾强, 黄政, 魏曙寰. 融合专家先验知识和单调性约束的贝叶斯网络参数学习方法[J]. 系统工程与电子技术, 2020, 42(3): 646-652.
[11]	乔森, 黄志球, 王金永, 宛伟健. 基于统计模型检测的DFT定量分析方法[J]. 系统工程与电子技术, 2020, 42(2): 480-488.
[12]	孟光磊, 周铭哲, 朴海音, 张慧敏. 基于协同战术识别的双机编队威胁评估方法[J]. 系统工程与电子技术, 2020, 42(10): 2285-2293.
[13]	孙海文, 谢晓方, 孙涛, 张龙杰. 小样本数据缺失状态下DBN舰艇编队防空目标威胁评估方法[J]. 系统工程与电子技术, 2019, 41(6): 1300-1308.
[14]	吕学志, 胡晓峰, 吴琳, 贺筱媛. 基于改进竞争性假设分析的战役企图分析方法[J]. 系统工程与电子技术, 2019, 41(3): 555-563.
[15]	刘久富, 丁晓彬, 郑锐, 王彪, 刘海阳, 王志胜. 混沌量子粒子群的权重类条件贝叶斯网络分类器参数学习[J]. 系统工程与电子技术, 2019, 41(10): 2304-2309.

基于STPA-Bayes模型的机载平视显示系统安全性分析与评价

Safety analysis and evaluation of airborne HUD system based on STPA-Bayes model

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 30

相关文章 15

编辑推荐

Metrics

本文评价

编号	致因场景
01	HCP_DPM和HCP_MM同时错误处理,导致HCP输出错误的控制命令
02	HCP输出错误的控制命令, HUDC组件正常运行,导致HUDC输出错误的符号数据
03	HUDC输入的源数据错误, HUDC组件正常运行,导致HUDC输出错误的符号数据
04	HUDC_IOM数据转换功能错误,导致HUDC输出错误数据
05	HUDC_A818数据转换功能错误,导致HUDC输出错误数据
06	HUDC_DPM数据处理功能、HUDC_GPM图像转换功能和HUDC_MM监控功能同时错误,导致HUDC输出错误数据
07	HUDC_DPM数据处理功能错误与HUDC_MM监控功能错误同时发生,导致HUDC输出错误数据
08	HUDC_GPM图像转换功能错误与HUDC_MM监控功能错误同时发生,导致HUDC输出错误数据
09	HPU_A818数据转换功能错误,导致HPU投影错误的图像
10	HPU_ISM模块投影功能错误,导致HPU投影错误的图像
11	HPU_DCM畸形矫正功能错误与HPU_ICM监控功能错误同时发生,导致HPU投影错误的图像
12	HUDC输出错误的符号数据, HPU组件正常运行,导致HPU投影错误的图像
13	HCU的RFM模块校准错误,导致HCU显示的画面与实际情况发生偏移
14	HCU的RFM模块校准正确, HPU投影错误的图像,导致HCU显示错误的画面且无告警标识