基于改进STPA-DEMATEL的智能航电系统致因要素分析

doi:10.12305/j.issn.1001-506X.2024.06.20

系统工程与电子技术 ›› 2024, Vol. 46 ›› Issue (6): 2023-2033.doi: 10.12305/j.issn.1001-506X.2024.06.20

• 系统工程 • 上一篇

基于改进STPA-DEMATEL的智能航电系统致因要素分析

刘嘉琛¹^,², 董磊¹^,³^,*, 陈曦¹^,³, 梁博尧¹^,², 王鹏¹^,³

1. 中国民航大学民航航空器适航审定技术重点实验室, 天津 300300
2. 中国民航大学安全科学与工程学院, 天津 300300
3. 中国民航大学科技创新研究院, 天津 300300

收稿日期:2023-01-03 出版日期:2024-05-25 发布日期:2024-06-04
通讯作者: 董磊
作者简介:刘嘉琛 (1996—), 男, 博士研究生, 主要研究方向为智能航电系统、民机系统安全性设计与评估
董磊 (1983—), 男, 副研究员, 博士, 主要研究方向为民机航电系统适航审定技术
陈曦 (1987—), 男, 助理研究员, 博士, 主要研究方向为模式识别、图像处理
梁博尧 (1998—), 男, 硕士研究生, 主要研究方向为人工智能鲁棒性、系统运行时保证
王鹏 (1982—), 男, 研究员, 博士, 主要研究方向为民机系统安全性设计与评估、机载电子硬件适航技术
基金资助:
中央高校基本科研业务费(3122022044)

Causal factor analysis of AI-based avionics system based on improved STPA-DEMATEL

Jiachen LIU¹^,², Lei DONG¹^,³^,*, Xi CHEN¹^,³, Boyao LIANG¹^,², Peng WANG¹^,³

1. Key Laboratory of Civil Aircraft Airworthiness Technology, Civil Aviation University of China, Tianjin 300300, China
2. College of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China
3. Department of Science and Technology, Civil Aviation University of China, Tianjin 300300, China

Received:2023-01-03 Online:2024-05-25 Published:2024-06-04
Contact: Lei DONG

摘要/Abstract

摘要：

针对智能航电系统在非线性耦合运行场景下产生的预期功能安全(safety of the intended functionality, SOTIF)问题, 提出一种将系统理论过程分析(systematic theory process analysis, STPA)与决策试验与评价实验法(decision-making trial and evaluation laboratory, DEMATEL)相结合的致因分析框架。首先, 在定义系统级危险的基础上构建安全控制结构, 识别其不安全控制行为并提取与智能化缺陷相关的STPA致因要素。接下来, 引入毕达哥拉斯模糊加权平均算子和闵可夫斯基距离对传统DEMATEL方法进行优化, 专家根据控制反馈回路对致因要素进行评价并计算其中心度与原因度。最后, 分析STPA致因要素与SOTIF致因属性之间的映射关系, 给出关键致因要素的风险减缓措施。以单一飞行员驾驶(single-pilot operation, SPO)模式下的虚拟驾驶员助理系统为例说明了所提方法的可行性与有效性。研究结果表明，改进的STPA-DEMATEL方法可以有效识别关键致因要素, 且能够克服专家评价的模糊性与不确定性, 为智能航电系统的安全性设计提供了参考依据。

关键词: 智能航电系统, 单一飞行员驾驶, 系统理论过程分析, 决策试验与评价实验法, 毕达哥拉斯模糊理论, 致因分析

Abstract:

Aiming at the safety of the intended functionality (SOTIF) problem of artificial intelligence (AI)-based avionics system under non-linear coupled operation scenarios, a causal analysis framework combining systematic theory process analysis (STPA) and decision-making trial and evaluation laboratory (DEMATEL) is proposed. Firstly, the safety control structure is constructed based on the definition of system-level hazards, then the unsafe control actions are identified and the STPA causal factors associated with the intelligent defects are extracted. Secondly, the traditional DEMATEL method is optimized by introducing the Pythagorean fuzzy (PF) weighted averaging operator and Minkowski distance, the experts evaluate the causal factors based on the control feedback loop and calculate their centrality and causality. Finally, the mapping relationship between STPA causal factors and SOTIF causal attributes is analyzed, and the risk mitigation measures for key causal factors are given. The virtual pilot assistant system under the single-pilot operation (SPO) mode is taken as an example to illustrate the feasibility and effectiveness of the proposed method, the research results show that the improved STPA-DEMATEL method can effectively identify the key causal factors and overcome the ambiguity and uncertainty of expert evaluation, which provides a reference basis for the safety design of AI-based avionics system.

Key words: artificial intelligence (AI)-based avionics system, single-pilot operation (SPO), systematic theory process analysis (STPA), decision-making trial and evaluation laboratory (DEMATEL), Pythagorean fuzzy (PF) theory, causal analysis

中图分类号:

F562.9

刘嘉琛, 董磊, 陈曦, 梁博尧, 王鹏. 基于改进STPA-DEMATEL的智能航电系统致因要素分析[J]. 系统工程与电子技术, 2024, 46(6): 2023-2033.

Jiachen LIU, Lei DONG, Xi CHEN, Boyao LIANG, Peng WANG. Causal factor analysis of AI-based avionics system based on improved STPA-DEMATEL[J]. Systems Engineering and Electronics, 2024, 46(6): 2023-2033.

图/表 19

图1

图2

图3

表1

图4

图5

表2

图6

图7

表3

表4

表5

表6

表7

图8

图9

表8

图10

图11

参考文献 37

1	董磊, 刘嘉琛, 陈曦, 等. 面向适航符合性的智能航电系统认证研究进展[J]. 航空工程进展, 2023, 14 (3): 26- 40.
	DONG L , LIU J C , CHEN X , et al. Research progress of AI-based avionics system certification for airworthiness compliance[J]. Advances in Aeronautical Science and Engineering, 2023, 14 (3): 26- 40.
2	卢新来, 杜子亮, 许赟. 航空人工智能概念与应用发展综述[J]. 航空学报, 2021, 42 (4): 251- 64.
	LU X L , DU Z L , XU Y . Review on basic concept and applications for artificial intelligence in aviation[J]. Acta Aeronautica et Astronautica Sinica, 2021, 42 (4): 251- 264.
3	GABREAU C, PESQUET-POPESCU B, KAAKAI F, et al. AI for future skies: on-going standardization activities to build the next certification/approval framework for airborne and ground aeronautical products[C]//Proc. of the International Joint Conference on Artificial Intelligence, 2021.
4	SCHWEIGER A, ANNIGHOEFER B, REICH M, et al. Classification for avionics capabilities enabled by artificial intelligence[C]//Proc. of the IEEE/AIAA 40th Digital Avionics Systems Conference, 2021.
5	COFER D. Unintended behavior in learning-enabled systems: detecting the unknown unknowns[C]//Proc. of the IEEE/AIAA 40th Digital Avionics Systems Conference, 2021.
6	李超. 复杂装备事故非线性耦合特征WPD-MF分析[J]. 中国安全科学学报, 2019, 29 (12): 97- 102.
	LI C . Research on non-linear coupling characteristics of complex materiel accident based on WPD-MF human-computer interaction safety analysis of airborne system from perspective of emergence[J]. China Safety Science Journal, 2019, 29 (12): 97- 102.
7	赵长啸, 李浩, 张伟, 等. 涌现性视角下机载系统人机交互安全性分析[J]. 中国安全科学学报, 2022, 32 (11): 113- 120.
	ZHAO C X , LI H , ZHANG W , et al. Human-computer interaction safety analysis of airborne system from perspective of emergence[J]. China Safety Science Journal, 2022, 32 (11): 113- 120.
8	HOBBS K L, HEINER B K, BUSSE L, et al. Systems theoretic process analysis of a run time assured neural network control system[C]//Proc. of the AIAA SciTech Forum, 2023: 2664.
9	UTNE I B , ROKSETH B , VINNEM J E , et al. Towards supervisory risk control of autonomous ships[J]. Reliability Engineering & System Safety, 2020, 196, 106757.
10	ZHANG S J , TANG T , LIU J T . A hazard analysis approach for the SOTIF in intelligent railway driving assistance systems using STPA and complex network[J]. Applied Sciences, 2021, 11 (16): 7714. doi: 10.3390/app11167714
11	谈东奎, 胡港君, 朱波, 等. 考虑预期功能安全的智能汽车自动紧急制动系统[J]. 汽车工程, 2022, 44 (6): 799- 808.
	TAN D K , HU G J , ZHU B , et al. Intelligent vehicle autonomous emergency braking system considering safety of the intended functionality[J]. Automotive Engineering, 2022, 44 (6): 799- 808.
12	SI S L , YOU X Y , LIU H C , et al. DEMATEL technique: a systematic review of the state-of-the-art literature on methodologies and applications[J]. Mathematical Problems in Engineering, 2018, 2018, 3696457.
13	孙永河, 黄子航, 李阳. DEMATEL复杂因素分析算法最新进展综述[J]. 计算机科学与探索, 2022, 16 (3): 541- 551.
	SUN Y H , HUANG Z H , LI Y . Review of state of the art on DEMATEL algorithms for complex factor analysis[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16 (3): 541- 551.
14	钟德明, 宫浩原, 孙睿. 一种准确识别损失场景的STPA[J]. 北京航空航天大学学报, 2023, 49 (2): 311- 323.
	ZHONG D M , GONG H Y , SUN R . An STPA for accurately identifying loss scenarios[J]. Journal of Beijing University of Aeronautics and Astronautics, 2023, 49 (2): 311- 323.
15	ABDULAZIM A, ELBAHAEY M, MOHAMED A. Putting safety of intended functionality SOTIF into practice[R]. Pittsburgh: Society of Automotive Engineers, 2021: 3-6.
16	European Union Aviation Safety Agency. Concepts of design assurance for neural networks(CoDANN)[R]. Cologne: European Union Avition Safety Agency, 2020: 28-62.
17	Society of Automotive Engineers. Artificial intelligence in aeronautical systems: statement of concerns: AIR6988[R]. Pittsburgh: Society of Automotive Engineers, 2021: 29-43.
18	BUSTINCE H , BURILLO P . Vague sets are intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1996, 79 (3): 403- 405. doi: 10.1016/0165-0114(95)00154-9
19	YAGER R R , ABBASOV A M . Pythagorean membership grades, complex numbers, and decision making[J]. International Journal of Intelligent Systems, 2013, 28 (5): 436- 452. doi: 10.1002/int.21584
20	金珍. 基于毕达哥拉斯模糊集的多准则群决策理论与方法研究[D]. 南昌: 江西财经大学, 2019.
	JIN Z. Research on multi-criteria group decision making theories and methods with pythagorean fuzzy sets[D]. Nanchang: Jiangxi University of Finance and Economics, 2019.
21	HUANG K , WANG M , LUO Y , et al. A safety analysis method based on hazard pattern mining for single pilot operations air-ground task collaboration in commercial aircraft[J]. Aerospace Systems, 2022, 6 (1): 25- 36.
22	许为, 陈勇, 董文俊, 等. 大型商用飞机单一飞行员驾驶的人因工程研究进展与展望[J]. 航空工程进展, 2022, 13 (1): 1- 18.
	XU W , CHEN Y , DONG W J , et al. Human factors engineering research on single pilot operations for large commercial aircraft: progress and prospect[J]. Advances in Aeronautical Science and Engineering, 2022, 13 (1): 1- 18.
23	王淼, 肖刚, 王国庆. 单一飞行员驾驶模式技术[J]. 航空学报, 2020, 41 (4): 197- 215.
	WANG M , XIAO G , WANG G Q . Single pilot operation mode technology[J]. Acta Aeronautica et Astronautica Sinica, 2020, 41 (4): 197- 215.
24	DORMOY C , ANDRÉ J M , PAGANI A . A human factors'approach for multimodal collaboration with cognitive computing to create a human intelligent machine team: a review[J]. IOP Conference Series Materials Science and Engineering, 2021, 1024 (1): 012105. doi: 10.1088/1757-899X/1024/1/012105
25	LIM Y , BASSIEN-CAPSA V , RAMASAMY S , et al. Commercial airline single-pilot operations: system design and pathways to certification[J]. IEEE Aerospace and Electronic Systems Magazine, 2017, 32 (7): 4- 21. doi: 10.1109/MAES.2017.160175
26	PONGSAKORNSATHIEN N, GARDI A, LIM Y, et al. Performance characterisation of wearable cardiac monitoring devices for aerospace applications[C]//Proc. of the IEEE 6th International Workshop on Metrology for AeroSpace (MetroAeroSpace), 2019.
27	LIM Y, GARDI A, EZER N, et al. Eye-tracking sensors for adaptive aerospace human-machine interfaces and interactions[C]//Proc. of the IEEE 5th International Workshop on Metrology for AeroSpace (MetroAeroSpace), 2018.
28	肖国松, 刘嘉琛, 董磊, 等. 面向IMA通用系统管理的STPA安全性分析[J]. 中国安全科学学报, 2021, 31 (9): 8- 14.
	XIAO G S , LIU J C , DONG L , et al. STPA safety analysis on IMA generic system management[J]. China Safety Science Journal, 2021, 31 (9): 8- 14.
29	SMITH C, DENNEY E, PAI G. Hazard contribution modes of machine learning components[C]//Proc. of the AAAI's Workshop on Artificial Intelligence Safety, 2020.
30	FORSBERG H, LINDÉN J, HJORTH J, et al. Challenges in using neural networks in safety-critical applications[C]//Proc. of the IEEE/AIAA 39th Digital Avionics Systems Conference, 2020.
31	STEIMERS A , SCHNEIDER M . Sources of risk of AI systems[J]. International Journal of Environmental Research and Public Health, 2022, 19 (6): 3641. doi: 10.3390/ijerph19063641
32	BANERJEE D N, CHANDA S S. AI failures: a review of underlying issues[EB/OL]. [2022-12-20]. arxiv. org/abs/2008.04073.
33	SCOTT P J , YAMPOLSKIY R V . Classification schemas for artificial intelligence failures[J]. Delphi-Interdisciplinary Review of Emerging Technologies, 2020, 2 (4): 186- 199.
34	PONGSAKORNSATHIEN N , LIM Y , GARDI A , et al. Sensor networks for aerospace human-machine systems[J]. Sensors, 2019, 19 (16): 3465. doi: 10.3390/s19163465
35	EASA. First usable guidance for Level 1 machine learning applications[R]. Cologne: European Union Aviation Safety Agency, 2021: 10-48.
36	DEEL. White paper machine learning in certified systems[R]. Toulouse: Dependable & Explainable Learning, 2021: 31-84.
37	F3269-17. Standard practice for methods to safely bound flight behavior of unmanned aircraft systems containing complex functions[S]. West Conshohocken: American Society of Testing Materials, 2017.

语言变量	PF数
影响极小(very low influence, VLI)	(0.1, 0.9)
影响较小(low influence, LI)	(0.35, 0.6)
影响适中(medium influence, MI)	(0.5, 0.45)
影响较大(high influence, HI)	(0.75, 0.2)
影响极大(very high influence, VHI)	(0.9, 0.1)

机组控制能力	飞行驾驶条件
机组控制能力	标称驾驶	非标称驾驶
健康	(1) SPO飞行员控制飞行, 智能航电系统辅助 (2) 航空运营中心操作员在地面站系统辅助下监控并支持多架SPO飞机	(1) SPO飞行员控制飞行, 智能航电系统辅助 (2) 地面操作员在地面站系统辅助下为SPO飞机提供“一对一”的飞行支持
失能	(1) 在地面站系统辅助下, 地面操作员承担SPO飞行员职责, 全权操控SPO驾驶舱机载系统, 控制飞机安全着陆 (2) 智能航电系统执行来自地面操作员的指令	(1) 在地面站系统辅助和多名支持人员的辅助下, 一名地面操作员承担SPO飞行员职责, 控制飞机安全着陆(除非通信网络中断) (2) 智能航电系统执行来自地面操作员的指令

类型	未提供控制行为	提供错误控制行为	提供错误时序的控制行为
不安全控制行为描述	UCAs-1当控制人员的心智模型发生变化时, 智能航电系统未调整空地协同交互方案	UCAs-2当控制人员的心智模型发生变化时, 智能航电系统调整了错误的空地协同交互方案 UCAs-3当控制人员的心智模型未发生变化时, 智能航电系统调整了不必要的空地协同交互方案	UCAs-4当控制人员的心智模型发生变化时, 智能航电系统未能及时调整空地协同交互方案
可能导致的危险	UCAs-1:H1-2/3, H2-2/3	UCAs-2:H1-3/4, H2-3/4 UCAs-3:H1-2, H2-2	UCAs-4:H1-1/2, H2-1/2
可能导致的事故	UCAs-1:A-1, A-2	UCAs-2:A-1, A-2, A-3 UCAs-3:A-1	UCAs-4:A-1, A-2

编号	致因要素描述	STPA通用致因要素	参考文献
f₁	数据集不均衡、规模较小或标注质量较差	不适当的控制算法	[10, 16-17, 29-31]
f₂	算法目标函数过拟合或欠拟合	不适当的控制算法	[10, 16-17, 29]
f₃	算法对学习框架和软硬件平台适应性较差	不适当的控制算法	[10, 16-17, 30-33]
f₄	算法容易受到对抗样本的欺骗, 鲁棒性较差	不适当的过程模型	[16-17, 30-33]
f₅	干扰数据、数据集分布迁移及野值数据	不适当的过程模型	[10, 16-17, 29-31]
f₆	传感器性能退化导致数据收集受到干扰	接收到不适当的反馈	[10, 29, 33-34]
f₇	驾驶舱环境质量较差(振动、烟雾、强光等)	接收到不适当的反馈	[10, 29-31, 33]
f₈	生理心理监测设备佩戴不规范	未接收到反馈或信息	[21, 26, 29, 34]
f₉	系统控制指令与飞行员习惯不一致(人员误用)	不安全的控制输入	[10, 29, 31-33]

编号	f₁	f₂	f₃	f₄	f₅	f₆	f₇	f₈	f₉
f₁	(0.100, 0.900)	(0.900, 0.100)	(0.338, 0.682)	(0.750, 0.200)	(0.422, 0.566)	(0.535, 0.493)	(0.100, 0.900)	(0.100, 0.900)	(0.281, 0.706)
f₂	(0.100, 0.900)	(0.100, 0.900)	(0.311, 0.716)	(0.900, 0.100)	(0.350, 0.600)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)
f₃	(0.100, 0.900)	(0.295, 0.686)	(0.100, 0.900)	(0.422, 0.566)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.500, 0.450)
f₄	(0.100, 0.900)	(0.422, 0.566)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.350, 0.600)
f₅	(0.500, 0.450)	(0.753, 0.229)	(0.422, 0.566)	(0.750, 0.200)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)
f₆	(0.350, 0.600)	(0.676, 0.278)	(0.350, 0.600)	(0.500, 0.450)	(0.750, 0.200)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)	(0.500, 0.450)
f₇	(0.100, 0.900)	(0.350, 0.600)	(0.338, 0.682)	(0.650, 0.310)	(0.900, 0.100)	(0.500, 0.450)	(0.100, 0.900)	(0.100, 0.900)	(0.500, 0.450)
f₈	(0.350, 0.600)	(0.647, 0.310)	(0.100, 0.900)	(0.629, 0.325)	(0.857, 0.132)	(0.419, 0.535)	(0.100, 0.900)	(0.100, 0.900)	(0.100, 0.900)
f₉	(0.338, 0.682)	(0.238, 0.765)	(0.100, 0.900)	(0.350, 0.600)	(0.459, 0.495)	(0.238, 0.765)	(0.100, 0.900)	(0.350, 0.600)	(0.100, 0.900)

基于改进STPA-DEMATEL的智能航电系统致因要素分析

Causal factor analysis of AI-based avionics system based on improved STPA-DEMATEL

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 19

参考文献 37

相关文章 2

编辑推荐

Metrics

本文评价

编号	影响度	被影响度	中心度	原因度
f₁	1.157	0.454	1.611	0.703
f₂	0.656	1.491	2.147	-0.835
f₃	0.463	0.424	0.887	0.039
f₄	0.293	1.810	2.103	-1.517
f₅	0.985	1.613	2.598	-0.628
f₆	1.170	0.693	1.863	0.477
f₇	1.161	0.056	1.217	1.105
f₈	1.054	0.149	1.203	0.905
f₉	0.505	0.754	1.259	-0.249

方法比较组		Pearson相关系数
本文方法	PF-DEMATEL	0.983 1
本文方法	TF-DEMATEL	0.966 1
PF-DEMATEL	TF-DEMATEL	0.960 4

[1]	李耀华, 高源. 基于STPA-ANP模型的民机系统安全性分析[J]. 系统工程与电子技术, 2022, 44(9): 2986-2994.
[2]	赵长啸, 李浩, 董磊, 王鹏. 基于STPA-Bayes模型的机载平视显示系统安全性分析与评价[J]. 系统工程与电子技术, 2020, 42(5): 1083-1092.

编号	f₁	f₂	f₃	f₄	f₅	f₆	f₇	f₈	f₉
f₁	0.109	0.173	0.089	0.210	0.206	0.104	0.065	0.075	0.125
f₂	0.031	0.179	0.014	0.178	0.168	0.061	-0.032	-0.017	0.074
f₃	0.005	0.146	0.003	0.186	0.172	0.037	-0.061	-0.045	0.020
f₄	-0.019	0.124	-0.022	0.201	0.158	0.013	-0.093	-0.076	0.007
f₅	0.051	0.164	0.055	0.201	0.216	0.108	0.031	0.043	0.117
f₆	0.092	0.180	0.089	0.222	0.187	0.136	0.072	0.081	0.112
f₇	0.111	0.198	0.091	0.215	0.183	0.104	0.069	0.079	0.111
f₈	0.074	0.173	0.092	0.210	0.176	0.094	0.048	0.059	0.128
f₉	0.001	0.153	0.014	0.188	0.147	0.037	-0.043	-0.050	0.059