Dynamic human-computer interaction security risk assessment system and method
Technical Field
The invention relates to a dynamic human-computer interaction security risk assessment system and method, and belongs to the technical field of risk assessment.
Background
Risk assessment is the task of quantitatively assessing the severity and likelihood of impact and loss before or after a risk event occurs but has not yet ended. Dynamic security risk assessment is the dynamic assessment of the security risk level for an incident occurring process with a potentially dangerous event.
In the 70 s of the 20 th century, the safety analysis of the American nuclear power plant is firstly carried out by applying a risk assessment method, and then the safety analysis is popularized and applied in many fields such as aerospace, chemical industry, medical health, economy, environmental protection and the like. In the 80 s of the 20 th century, probabilistic risk assessment methods were proposed for quantitative analysis and assessment of risk in the nuclear and chemical industries. In the risk assessment of products and system equipment in the fields of carrying tools, nuclear industry and the like, a physical system is mainly used as a research object to identify, analyze and assess risks, safety risks caused by human-computer interaction are rarely considered, generally, a person is assumed to have the capability of correctly executing a specified program to complete tasks, the safety risks caused by actual human-computer interaction are usually not negligible, and an effective tool means for dynamically assessing the safety risks of human-computer interaction is lacked.
Disclosure of Invention
Aiming at the defect that an effective technical means for supporting human-computer interaction safety risk assessment is lacked at present, the invention provides a dynamic human-computer interaction safety risk assessment system and method.
The technical scheme of the invention is as follows:
a dynamic human-computer interaction security risk assessment system is characterized by comprising a security risk data access module, an event correlation module, a security risk analysis module, a risk level output module and a database module;
the safety risk data access module accesses input data required by safety risk evaluation, transmits the acquired data in a wired/wireless communication mode through the human-computer interaction sensor, extracts the acquired data to the safety risk analysis module through the characterization indexes, and transmits the acquired data to the safety risk analysis module in a database calling mode;
the event correlation module expresses the relationship of the human-computer interaction safety risk events by using a topological structure based on a graph theory, and reflects a triggering mechanism among different events, namely a logical relationship of cause/effect; the severity levels and the occurrence probabilities of different states of the event are described and expressed in an event attribute mode, and the triggering probabilities of the different states of the event are directly or indirectly derived from the security risk data access module;
the safety risk analysis module is used for dynamically analyzing the safety risks in different task stages under an event incidence relation framework based on a Bayesian network model, and calculating the triggering probabilities of events with different severity levels in real time;
the risk level output module matches the analysis result of the safety risk analysis module with a safety risk matrix of a risk level display interface according to a preset refreshing frequency, displays the safety risk levels of human-computer interaction at different task stages, and gives an alarm for a high risk level event;
the database module stores relevant information of human-computer interaction, state information of the computer and event information.
The wired/wireless communication mode is used for transmitting data, aiming at matching visual attention, cognitive load level and behavior action of people and dynamic characteristics of machines in different task stages with predefined behavior states of people and machines, extracting and identifying working states of the machines, and judging whether an event with potential risk is triggered or not.
For the visual attention and cognitive load level of the human, the eye movement data of the human is collected through the eye movement camera, and whether the human eyes focus at the glance and perceive the attention information at the corresponding task stage is judged based on the field range and the display information layout direction of the human.
For the behavior and the motion of the person, the data of the operation behavior and the motion of the person are acquired by tracking and capturing in an optical mode, a mechanical mode or an inertia measurement mode, the data are matched and identified with the motion of the person in the motion library, which is required to be done at different task stages, and whether the person does the motion at the corresponding stage is judged.
For the dynamic characteristic of the 'machine', whether the corresponding operation component is actuated after the human acts is judged and determined through the operation component position sensor of the 'machine', so as to determine whether the human acts effectively.
The database calling mode is that the prior probability data of different events are read from the database, and the prior probability data mainly come from the statistical result of the occurrence of the past accident events and the pre-judging probability distribution of field experts.
The related information of the person comprises action data information and eye movement data information of the person.
The state information of the machine includes component actuation of the machine at different task phases.
The event information comprises events with different severity levels, event attributes and relationships among the events.
A dynamic human-computer interaction security risk assessment method is characterized by comprising the following steps:
(1) a dynamic human-computer interaction security risk assessment system is adopted, and the system comprises a security risk data access module, an event correlation module, a security risk analysis module, a risk level output module and a database module;
(2) the safety risk data access module accesses input data required by safety risk evaluation, transmits the acquired data in a wired/wireless communication mode through the man-machine interaction sensor, extracts the acquired data to the safety risk analysis module through the characterization indexes, and transmits the acquired data to the safety risk analysis module through a database calling mode;
1) the wired/wireless communication mode is used for matching visual attention, cognitive load level and behavior action of people and dynamic characteristics of machines in different task stages with predefined behavior states of people and machines, extracting and identifying the working state of the machines, and judging whether an event with potential risk is triggered or not;
(a) the method comprises the steps that eye movement data of a person are collected through an eye movement camera, and whether the person focuses on a glance and perceives information which needs to be noticed in a corresponding task stage is judged based on the field range and the display information layout direction of the person;
(b) tracking and capturing in an optical, mechanical or inertial measurement mode to acquire the operation behavior and motion data of the person, matching and identifying the data with the motions of the person in the motion library, which the person should do at different task stages, and judging whether the person does the motions at the corresponding stages;
(c) determining whether the human action is effective by judging whether the human action is actuated after the human action is performed through a control component position sensor of the 'machine';
2) the database calling mode is that the prior probability data of different events are read from the database, and the prior probability data mainly come from the statistical result of the occurrence of the past accident events and the pre-judging probability distribution of field experts;
(3) the event correlation module expresses the relationship of the human-computer interaction security risk event by using a topological structure based on a graph theory, reflects a triggering mechanism (cause/effect logic relationship) among different events, describes and expresses the severity grade and the occurrence probability of different states of the event in an event attribute mode, and directly or indirectly derives from the security risk data access module;
(4) the safety risk analysis module is used for dynamically analyzing the safety risks in different task stages under an event incidence relation framework based on a Bayesian network model, and calculating the triggering probabilities of events with different severity levels in real time;
(5) the risk level output module matches the analysis result of the safety risk analysis module with a safety risk matrix of a risk level display interface according to a preset refreshing frequency, displays the safety risk levels of human-computer interaction at different task stages, and gives an alarm for a high risk level event;
(6) the database module stores human-related information of human-computer interaction, state information of a machine and event information;
1) the information of the person comprises action data information and eye movement data information of the person;
2) the state information of the machine comprises component actuation of the machine in different task phases;
3) the event information includes events of different severity levels, event attributes and relationships between events.
According to the invention, the safety risk data access module accesses input data required by safety risk evaluation, the event correlation module expresses the relation of human-computer interaction safety risk events by using a topological structure based on a graph theory, the safety risk analysis module calculates the trigger probability of the events with different severity levels in real time based on a Bayesian network model, and the risk level output module displays the safety risk level of human-computer interaction at different task stages. The system can effectively evaluate the safety risk of the man-machine system according to the dynamic risk data input, and can provide important support for timely risk early warning and taking effective measures to control the risk level.
Drawings
FIG. 1 is a functional relationship diagram between modules of a human-computer interaction security risk assessment system;
FIG. 2 is a topological structure diagram of the correlation of human-machine interaction events.
Detailed Description
The invention will be further described with reference to the accompanying drawings in which:
as shown in fig. 1, the dynamic human-computer interaction security risk assessment system mainly includes a security risk data access module, an event correlation module, a security risk analysis module, a risk level output module, and a database module.
The safety risk data access module accesses input data required by safety risk assessment, transmits the acquired data in a wired/wireless communication mode through the man-machine interaction sensor, extracts the acquired data to the safety risk analysis module through the characterization indexes, and transmits the acquired data to the safety risk analysis module in a database calling mode.
The event correlation module expresses the relationship of the human-computer interaction safety risk events by using a topological structure based on a graph theory, and reflects a triggering mechanism between different events, namely a logical relationship of cause/effect; the severity level and the occurrence probability of different states of an event are described and expressed in the form of event attributes, and the triggering probability of the different states is directly or indirectly derived from the security risk data access module.
And the safety risk analysis module is used for dynamically analyzing the safety risks in different task stages under an event incidence relation framework based on a Bayesian network model, and calculating the triggering probabilities of the events with different severity levels in real time.
And the risk level output module matches the analysis result of the safety risk analysis module with a safety risk matrix of a risk level display interface according to a preset refreshing frequency, displays the safety risk levels of human-computer interaction at different task stages, and gives an alarm for a high risk level event.
The database module stores relevant information of human-computer interaction, state information of the computer and event information.
The wired/wireless communication mode is used for matching visual attention, cognitive load level and behavior action of people and dynamic characteristics of machines in different task stages with predefined behavior states of people and machines, extracting and identifying working states of the machines, and judging whether an event with potential risks is triggered or not.
For the visual attention and cognitive load level of the human, the eye movement data of the human is collected through the eye movement camera, and whether the human eyes focus at the glance and perceive the attention information at the corresponding task stage is judged based on the field range and the display information layout direction of the human.
The behavior and the motion of the person are tracked and captured in an optical, mechanical or inertial measurement mode to obtain the data of the operation behavior and the motion of the person, the data are matched and identified with the motions of the person in the motion library, and whether the person performs the motion at the corresponding stage is judged.
For the dynamic characteristic of the 'machine', whether the corresponding operation component is actuated after the human acts is judged and determined through the operation component position sensor of the 'machine', so as to determine whether the human acts effectively.
The database calling mode is to read prior probability data of different events from the database, wherein the prior probability data mainly comes from statistical results of past accident events and pre-judging probability distribution of field experts.
The related information of the person comprises action data information and eye movement data information of the person; the state information of the machine comprises component actuation of the machine in different task phases; the event information includes events of different severity levels, event attributes and relationships between events.
A dynamic human-computer interaction security risk assessment method comprises the following steps:
1. the safety risk data access module accesses input data required by safety risk assessment, transmits the acquired data in a wired/wireless communication mode through the man-machine interaction sensor, extracts the acquired data to the safety risk analysis module through the characterization indexes, and transmits the acquired data to the safety risk analysis module in a database calling mode.
1) The wired/wireless data transmission method is characterized in that visual attention, cognitive load level and behavior action of people and dynamic characteristics of machines in different task stages are matched with predefined human and machine behavior states, and the working states of the human and the machine are extracted and identified, so that whether an event with potential risk is triggered or not is judged.
(a) The eye movement data of the person, such as pupil diameter, saccade track, fixation time and the like, are collected through the eye movement camera. Judging whether human eyes are focused during glancing and perceive information which needs attention in a corresponding task stage based on the field range of the human eyes and the layout direction of the display information;
(b) tracking and capturing by optical, mechanical or inertial measurement and other modes to acquire the operation behavior and motion data of the person, matching and identifying the data with the motions of the motion instance person in the database, wherein the motion is mainly compared with whether the limb joint part of the person is consistent with the gesture for correctly completing the motion or not, and judging whether the person performs the motion at the corresponding stage or not;
(c) through a position sensor of a mechanical operating component, whether the corresponding operating component is actuated after the human acts is determined by judging, such as whether a button is pressed down, whether a knob reaches a specified position, whether an operating lever reaches a preset gear, and whether the human acts effectively;
2) the database calling mode is to read prior probability data of different events from the database, wherein the prior probability data mainly comes from statistical results of past accident events and pre-judging probability distribution of field experts.
2. The event correlation module expresses the relationship of the human-computer interaction security risk event by using a topological structure based on graph theory, fig. 2 shows a topological structure example of the event correlation, which reflects a triggering mechanism (cause/effect logical relationship) among different events, the severity grade and the occurrence probability of different states of the event are described and expressed in an event attribute mode, and the triggering probability of the different states is directly or indirectly derived from the security risk data access module.
3. The safety risk analysis module is used for dynamically analyzing the safety risks in different task stages under an event incidence relation framework based on a Bayesian network model, and calculating the triggering probabilities of events with different severity levels in real time;
4. the risk level output module matches the analysis result of the safety risk analysis module with a safety risk matrix of a risk level display interface according to a preset refreshing frequency, displays the safety risk levels of human-computer interaction in different task stages, and gives an alarm for high risk level events, wherein the risk matrix relates to two dimensions of severity and possibility, and the division of severity level and possibility probability area can be predefined according to different human-computer interaction situations.
5. The database module stores human-related information of human-computer interaction, state information of the computer and event information.
1) The information of the person comprises action data information and eye movement data information of the person;
2) the state information of the machine comprises component actuation of the machine in different task phases;
3) the event information comprises events with different severity levels, event attributes and incidence relations among the events.