CN103761418B - Accident analysis method based on system danger model progressive model - Google Patents
Accident analysis method based on system danger model progressive model Download PDFInfo
- Publication number
- CN103761418B CN103761418B CN201310723740.3A CN201310723740A CN103761418B CN 103761418 B CN103761418 B CN 103761418B CN 201310723740 A CN201310723740 A CN 201310723740A CN 103761418 B CN103761418 B CN 103761418B
- Authority
- CN
- China
- Prior art keywords
- accident
- model
- pmshm
- operating personnel
- mistake
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses an accident analysis method based on system danger model progressive model. The accident analysis method builds a perfect model through PMSHM and includes the following steps: before having an accident, listing the latest incidents occurred in the running period of a system and related to the accident; determining a layered control structure of the system; obtaining accident progress; clearing operations and operation errors of an operator from critical failure to accident occurrence; building a PMSHM model according to the results; analyzing PMSHM to obtain the analyzed results. The accident analysis method based on system danger model progressive model does not only take each component and interactions between related personnel into consideration but also reflects the constantly changing system safety states in the accident evolvement progress. When the dangerous situation occurs again, by means of the model analyzing results, the operator can realize the current safety state of the system, evaluate the possible system danger and carry out the corresponding emergency plan duly.
Description
Technical field
The present invention relates to the crash analysis method of the model that goes forward one by one based on system danger model, it is applied to railway and city rail
Road traffic accident analysis.
Background technology
In recent years, with the development of China Express Railway, bullet train has become as a kind of very universal vehicles.
Safety is the elementary object that train operation control system needs to meet all the time.Although train control system has had taken up a series of
Safety measure, but accident still frequently occurs.Wherein, one of accident the most serious is " 7.23 " river in Zhejiang Province occurring in 2011
Warm railway accident.Official's accident analysis report that government announces describes the overall process of accident generation, but it does not deeply divide
Analysis cause of accident and accident Forming Mechanism.In order to avoid similar accident occurs, improve the security of control system, need to take
Suitable method is analyzing Accident-causing and accident Forming Mechanism.At present, some accident analysis methods are abroad had been proposed for, such as
STAMP model.This model is pointed out, accident is due to lacking sufficiently peace in every one-level system development and control structure
Staff cultivation, and system is not unalterable.When using STAMP model analysis " 7.23 " river in Zhejiang Province temperature railway accident, it can not
Which change procedure the safe condition of enough accurate description systems experienced, nor accurate analysis system risk before accident occurs
How to increase.
Content of the invention
For above the deficiencies in the prior art, the present invention proposes a kind of to divide based on the go forward one by one accident of model of system danger model
Analysis method.
Gone forward one by one based on system danger model the crash analysis method of model, this analysis method comprises the steps:
Step 1:Investigation result according to early stage or the survey report announced, system before accident occurs of listing is being run
The recent events related to accident that period is experienced;
Step 2:Design structure according to system and system, in the actual distribution situation of run duration control unit, determine
The heterarchical architecture of system;
Step 3:The system layer control structure that the recent events list being obtained according to step 1 and step 2 obtain, determines
Accident process;
Step 4:The recent events list being obtained according to step 1, and step 3 obtain critical failure, error operation people
The information such as member, determine that operating personnel travel to performed operation and behaviour present in it during accident occurs from equipment key
Make mistake;
Step 5:Distribution in system layer control structure for the operating personnel that combining step 2 obtains and each operating personnel behaviour
Make the basic interaction scenario between program, the accident evolution progress information that step 3 obtains, and the operating personnel that step 4 obtains
Operation and operating mistake, set up PMSHM;
Step 6:According to PMSHM, turning between the limit risk that system process before accident generation is experienced, limit risk
The demand for security that under the interaction scenario of operating mistake and each limit risk in the change stage, operating personnel do not enable is analyzed.
Beneficial effects of the present invention are as follows:
The present invention considers not only the interaction between each assembly (including related personnel), also reflects and drills in accident
The system safe condition being continually changing during change.When dangerous situation occurs again, by the analysis result of model so that it may
The safe condition current to recognize system, assesses system risk that may be present, and timely executes emergent accordingly pre-
Case.
Brief description
Fig. 1:PMSHM model;
Fig. 2:The heterarchical architecture of train operation control system;
Fig. 3:Heterarchical architecture Organization Chart;
Fig. 4:Train operation accident process figure;
Fig. 5:River in Zhejiang Province temperature railway accident carries out the PMSHM model embodiment of formation mechenism analysis;
Fig. 6:Lead to the recent events list of accident;
Fig. 7:Human users in the temperature railway accident of river in Zhejiang Province and operating mistake list;
Fig. 8:The limit risk list that system process is experienced;
Fig. 9:The security constraint list being not carried out under each limit risk.
Specific embodiment
The present invention proposes a kind of PMSHM model (system danger model go forward one by one model), and this model is from system process
Angle is describing the formation mechenism of accident.PMSHM is a kind of mould accident formation mechenism being described from system process angle
Type.Carry out crash analysis using PMSHM, its range of application is:System process during primary event occurs to produce to accident,
Wherein system includes the operating personnel that all of equipment (hardware and software) and responsible system run well.Using PMSHM pair
Accident is analyzed, and can obtain following result:During occurring from equipment failure to accident, it is coherent that system process is experienced
Limit risk;Transformation stage between limit risk;Under every kind of limit risk, associative operation personnel in system layer control structure
The security constraint being not carried out.The analysis result of PMSHM, after on the one hand can reflecting that equipment failure occurs in detail, system
Process is how progressively to develop and then ultimately result in accident generation to dangerous direction;On the other hand, this analysis result can
The design of the improvement for system and system security protection system provides valuable reference information.
System process describes the process that system reaches target.System process by assembly in system (include equipment and
Personnel) be carrying out program composition.System process is dynamic.Program is static.Program refer in system assembly according to
Function performed by predefined procedure.
PMSHM model is as shown in figure 1, operator 1 is to be affected by equipment failure in system to operator K and operates in execution
The operating personnel of mistake occur during program.Operating personnel are respectively at the different levels of system layer control structure.Operator 1
Upper strata in heterarchical architecture.Operator 2 is usually located at the middle level of hierarchy.By that analogy, operator K is responsible for the bottom of at
Direct operation equipment in layer heterarchical architecture.Operation i ∈ [1, K], occurs from primary event to accident, and operation is in chronological order
It is followed successively by operation 1, operation 2 ..., operation i.By in faulty operation i occur operating mistake be set to OEi (i & lt mistake
Operation).After system process reaches a certain stage, the faulty operation of operating personnel will make system be in corresponding limit risk.
Meanwhile, the current operating mistake of operating personnel makes system process send out to wrong direction by the interaction between operation sequence
Exhibition.Develop to wrong direction with system process, current limit risk will be pushed to another more dangerous pattern, dangerous
The final result that pattern is gone forward one by one is accident.
On the other hand it is assumed that under each limit risk, system has a specific value-at-risk.Allow HM1 (dangerous mould
Formula 1), HM2 ..., HMm represents corresponding limit risk, and RHMj represents the system risk under limit risk HMj, j ∈ [1, m].
The differentiation of system danger model is the gradual change process from current generation steering more distress phase, RHM1<RHM2<...<
RHMm.It is believed that in accident evolutionary process, system risk is stepped up.
When accident being analyzed using PMSHM, for the model of Erecting and improving and obtain accurate analysis result, need
Complete following 6 steps:
Step 1:Investigation result according to early stage or the survey report announced, system before accident occurs of listing is being run
The recent events related to accident that period is experienced.
Step 2:Design structure according to system and system, in the actual distribution situation of run duration control unit, determine
The heterarchical architecture of system.It is system layer control structure as Figure 2-3, system layer control structure is included in scheduling
The heart, station, trackside and vehicle-mounted part.
Step 3:The system layer control structure that the recent events list being obtained according to step 1 and step 2 obtain, draws
Accident process.This accident process process specify that primary event, critical failure, operating personnel operating mistake and accident
The general procedure occurring.
Step 4:The recent events list being obtained according to step 1, and step 3 obtain critical failure, error operation people
The information such as member, specify operating personnel and travel to performed operation and behaviour present in it during accident occurs from equipment key
Make mistake.
Step 5:Distribution in system layer control structure for the operating personnel that combining step 2 obtains and each operating personnel behaviour
Make the basic interaction scenario between program, the accident evolution progress information that step 3 obtains, and the operating personnel that step 4 obtains
Operation and operating mistake, set up PMSHM.
Step 6:PMSHM is analyzed, the analysis result obtaining includes the danger that before accident occurs, system process is experienced
Under the interaction scenario of operating mistake and each limit risk in transformation stage between dangerous pattern, limit risk, operating personnel fail
The demand for security realized.
In the order of each step completing proposed by use above PMSHM analysis accident and each step it should be understood that letter
Breath is not fixing.As long as previous casualty investigation findings can be made full use of, and the heterarchical architecture of clear and definite system,
Just can with the PMSHM of Erecting and improving, and obtain further being conducive to the design of system security protection system or improved model analysis
Result.
It is applied to the formation mechenism analysis of river in Zhejiang Province temperature railway accident below in conjunction with PMSHM, provide a typical embodiment party
Formula, Fig. 5 carries out the PMSHM model embodiment of formation mechenism analysis for river in Zhejiang Province temperature railway accident.
Step 1:Set up the recent events list related to river in Zhejiang Province temperature railway accident, as shown in Figure 6.
Step 2:Specify the heterarchical architecture of train operation control system.It is broadly divided into:Control centre, station equipment,
Trackside equipment, mobile unit.
Step 3:Determine the accident process process of river in Zhejiang Province temperature railway accident, as shown in Figure 4.
Step 4:According to the accident process process of river in Zhejiang Province temperature railway accident, in the system process occurring from critical failure to accident
In, determine that CTC dispatcher, Platform attendant and D3115 train operator are all executing the behaviour occurring during respective operation sequence
Make mistake.In conjunction with recent events list (see Fig. 6), Fig. 7 is the operation of operating personnel and operating mistake row in the temperature railway accident of river in Zhejiang Province
Table.
Step 5:Step 2 provides CTC dispatcher, Platform attendant, train operator in CTCS-2 system layer control knot
Basic interaction scenario between distribution situation in structure and different operating program;Step 3 gained accident process figure reflects accident
The rough flow occurring;Step 4 provides operation and operating mistake list.These information comprehensive, can build to river in Zhejiang Province temperature railway
Accident carries out the PMSHM model of formation mechenism analysis, as shown in Figure 5.The CTC dispatcher respective operations person 1 of in figure control centre,
For operator 1:Operating mistake 1 may not commanded according to train diagram for dispatcher, and operating mistake 2 may be right
The TSR setting of CTC, operating mistake 3 may be to TCT status display read error.Operator 2 be station operator, then for
Operator 2:Operating mistake 1 may be the TSR setting to CTC station extension set, and operating mistake 2 may be TCT station extension set state
Display read error.Operator 3 is train driver, then for operator 3:Operation 1 may be to train operation model selection
Mistake, operating mistake 2 may be the ignorance for overspeed alarming, and mistake 3 may be the Wrong control to propulsion and brake, wrong
Maloperation 4 may be the read error to train speed.
Step 6:During the temperature railway accident of application PMSHM analysis river in Zhejiang Province, such as Fig. 4, the danger that system process is experienced
Pattern has been determined, and the interaction between operating mistake and operating mistake in the transformation stage between limit risk has also obtained
Clearly.According to these information it can be deduced that application PMSHM analyzes the complete analysis result of river in Zhejiang Province temperature railway accident, including:
(1), before train from overtaking collision, the process of train control system experienced from HM1 to HM 4 totally 4 limit risks (as Fig. 8).System
System risk increases with going forward one by one of limit risk, until accident occurs.
(2) the evolution process of accident experienced 4 transformation stages altogether, and each transformation stage comprises operating mistake and operation
The interaction of mistake.The interaction of operating mistake to be determined by System control structures and operation sequence.
(3) from HM 1 to HM 4, operating personnel due to operating mistake without realize system under current dangerous pattern
Security constraint (as Fig. 9).
Obviously, the above embodiment of the present invention is only intended to clearly illustrate example of the present invention, and is not right
The restriction of embodiments of the present invention, for those of ordinary skill in the field, also may be used on the basis of the above description
To make other changes in different forms, all of embodiment cannot be exhaustive here, every belong to this
Obvious change that bright technical scheme is extended out or change the row still in protection scope of the present invention.
Claims (1)
1. based on system danger model go forward one by one model crash analysis method it is characterised in that this analysis method includes walking as follows
Suddenly:
Step 1:Investigation result according to early stage or the survey report announced, before listing accident generation, system is in run duration
The recent events related to accident being experienced;
Step 2:Design structure according to system and system, in the actual distribution situation of run duration control unit, determine system
Heterarchical architecture;
Step 3:The system layer control structure that the recent events list being obtained according to step 1 and step 2 obtain, determines accident
Process;
Step 4:The recent events list being obtained according to step 1, and the critical failure that obtains of step 3 and error operation personnel
Information, determines that operating personnel travel to performed operation and operation present in it during accident occurs from equipment key wrong
By mistake;
Step 5:Distribution in system layer control structure for the operating personnel that combining step 2 obtains and each operating personnel operation journey
The behaviour of the operating personnel that the basic interaction scenario between sequence, the accident evolution progress information that step 3 obtains, and step 4 obtain
Make and operating mistake, set up system dangerous model and go forward one by one model PMSHM;
The go forward one by one construction step of model PMSHM of described system dangerous model includes:
S51, setting operation person 1 to operator K be affected by equipment failure in system and execute operation sequence when mistake occurs
Operating personnel;
S52, the upper strata being placed in operator 1 in heterarchical architecture, operator 2 are placed in the middle level of hierarchy to (K-1),
Operator K is responsible in bottom heterarchical architecture direct operation equipment;
S53, occur from primary event to accident, each operation is ranked up sequentially in time, that is, operation 1, operate 2 ...,
Operation i, wherein, i ∈ [1, K], and the operating mistake occurring in faulty operation i is set to i & lt faulty operation OEi;
S54, when system process reaches a certain stage, system is in corresponding limit risk by the faulty operation of operating personnel, and
The current operating mistake of operating personnel makes system process develop to wrong direction by the interaction between operation sequence, that is, from
Current dangerous pattern is pushed to another more limit risk;
S55, when current limit risk reaches value-at-risk, then accident occurs;
Step 6:Gone forward one by one model PMSHM according to system dangerous model, limit risk that before accident is occurred, system process is experienced,
Under the interaction scenario of operating mistake and each limit risk in transformation stage between limit risk, operating personnel do not enable
Demand for security is analyzed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310723740.3A CN103761418B (en) | 2013-12-24 | 2013-12-24 | Accident analysis method based on system danger model progressive model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310723740.3A CN103761418B (en) | 2013-12-24 | 2013-12-24 | Accident analysis method based on system danger model progressive model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103761418A CN103761418A (en) | 2014-04-30 |
| CN103761418B true CN103761418B (en) | 2017-02-15 |
Family
ID=50528654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310723740.3A Expired - Fee Related CN103761418B (en) | 2013-12-24 | 2013-12-24 | Accident analysis method based on system danger model progressive model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103761418B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115973237A (en) * | 2022-12-15 | 2023-04-18 | 华侨大学 | Rail transit ATP braking safety analysis method, system and electronic equipment |
-
2013
- 2013-12-24 CN CN201310723740.3A patent/CN103761418B/en not_active Expired - Fee Related
Non-Patent Citations (4)
| Title |
|---|
| 《A Study on Incident Analysis Method for RailWay Safety Management》;Hisaji FUKUDA etc;《Quarterly Report of RTRI》;20020731;第43卷(第2期);83-86 * |
| 《上海轨道交通1号线"12.22"列车侧面冲撞事故分析与反思》;周庆灏 等;《城市轨道交通研究》;20120731;第2012年卷(第7期);7-10 * |
| 《列车追尾事故的故障树分析兼谈复杂系统安全》;李志忠;《工业工程与管理》;20110831;第16卷(第4期);1-8 * |
| 《磁悬浮列车事故仿真分析》;齐照东 等;《工业安全与环保》;20040430;第30卷(第4期);37-41 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103761418A (en) | 2014-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Peng et al. | Risk assessment of railway transportation systems using timed fault trees | |
| CN104239694B (en) | The failure predication of a kind of municipal rail train bogie and condition maintenarnce method | |
| EP3511224B1 (en) | Dynamic analysis method of operating safety risks for a high-speed train operating control system | |
| CN103970034B (en) | Moonlet control subsystem work state automatic interpretation system | |
| CN104657613B (en) | A kind of complex electromechanical systems service life appraisal procedure | |
| CN108614539A (en) | AEF airborne equipment failure diagnosis and prediction model verification method | |
| CN107650950A (en) | A kind of urban railway transit train timetable is met an urgent need method of adjustment | |
| CN101789039A (en) | Calculation method for availability ratio and optimal repair cycle of relay protection device | |
| CN110386153B (en) | Lane keeping auxiliary system safety analysis method based on system theory hazard analysis | |
| Qiu et al. | Modeling of ERTMS level 2 as an SoS and evaluation of its dependability parameters using statecharts | |
| CN103761418B (en) | Accident analysis method based on system danger model progressive model | |
| CN105868115A (en) | Building method and system for software test model of software intensive system | |
| CN106873050A (en) | A kind of high speed rail earthquake pre-warning system detectio evaluation method | |
| Ye et al. | A human reliability analysis method based on cognitive process model for risk assessment | |
| Mariani et al. | Recent advances and trends on automotive safety | |
| Subotic et al. | Controller recovery from equipment failures in air traffic control: A framework for the quantitative assessment of the recovery context | |
| Duffey et al. | Errors in technological systems | |
| Yan et al. | An accident casual model for railway based on operational scenario cognition conflict | |
| Shi | Fuzzy evaluation approach of road traffic safety based on AHP | |
| Lv et al. | An improved man-machine system incident tree model considering incident dependence | |
| CN114118775A (en) | Rail transit operation scheme analysis method and device and readable storage medium | |
| Zheng | Modeling and hazard analysis of railway station protection system based on stochastic Petri nets | |
| Lu et al. | Timed fault tree models of the China Yongwen railway accident | |
| Rozenberg et al. | Func-[8] tional dependability of the display unit software of the BLOK system | |
| Zhang et al. | Predictive Probability Model of Pilot Error Based on CREAM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170215 Termination date: 20171224 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |