CN109116831B - Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree - Google Patents

Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree Download PDF

Info

Publication number
CN109116831B
CN109116831B CN201810940140.5A CN201810940140A CN109116831B CN 109116831 B CN109116831 B CN 109116831B CN 201810940140 A CN201810940140 A CN 201810940140A CN 109116831 B CN109116831 B CN 109116831B
Authority
CN
China
Prior art keywords
information
mode
fault
event
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810940140.5A
Other languages
Chinese (zh)
Other versions
CN109116831A (en
Inventor
王庆学
曾声奎
郭健彬
吕红红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201810940140.5A priority Critical patent/CN109116831B/en
Publication of CN109116831A publication Critical patent/CN109116831A/en
Application granted granted Critical
Publication of CN109116831B publication Critical patent/CN109116831B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0262Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Abstract

A design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree comprises the following steps: firstly, the method comprises the following steps: dividing the faults which are easy to be confused into fault mode classes according to the system functional faults; II, secondly: constructing an information display mode set for the divided fault mode classes; thirdly, the method comprises the following steps: establishing a corresponding dynamic fault tree model according to the case accident situation; fourthly, the method comprises the following steps: counting the information display mode condition of case accidents, and analyzing the output event of a mode confusion gate; fifthly: constructing an input event and output event truth table; sixthly, the method comprises the following steps: and (4) conclusion: if the output event of the mode confusion gate is the same as the fault mode corresponding to the judgment condition event, the mode confusion does not occur to people, otherwise, the mode confusion occurs to people; through the method, the cognition of people, scene tasks and man-machine coupling characteristics are fully considered, and the system fault logic is improved, so that the reliability of a complex man-machine system is more accurately measured, the performance capability of personnel is improved, and the reliability and the safety of the man-machine system are enhanced.

Description

Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree
Technical Field
The invention provides a design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree, which designs a novel human-computer interaction fault logic gate based on a dynamic fault tree model (namely 'DFTA'), can be used for describing the logic cause and effect that a human cannot correctly judge the current fault mode due to the fact that partial information in sensed information is lost or the fault of an incorrect display mode occurs when a human-computer system is in an abnormal state within a certain time, and belongs to the field of logic-based human-computer interaction modeling analysis.
Background
In the aspect of human-computer interaction modeling analysis, a fault tree model (namely 'FTA') mainly takes human error behavior as a basic event, and describes the causal relationship between human and system, component or original fault in human-computer interaction fault through a logic gate. The FTA is used as a graphical method for modeling from a logic level, the thought is clear, and the modeling is simple. However, the disadvantage is that the human is considered too simply, only the action hierarchy of the human is focused on, and the human is not described as a main body with cognitive ability and the coupling characteristics between the human and the machine and the ring.
Human tasks in complex human-computer systems are usually dominated by surveillance-type tasks and multiple tasks may be performed simultaneously, with the main requirements and limitations being the ability of the human brain to recognize rather than the human operational ability. Two man-machine interaction fault types exist in the information interaction in the perception information stage and the judgment decision stage in the human information processing stage: cognitive overload and pattern confusion. The former indicates that under the current situation and task requirements, the information that the person needs to perceive exceeds the cognitive ability limit of the person, so that the task which should be done is abandoned; the latter means that due to cognitive overload, environmental disturbance or equipment failure, insufficient information is required for a person to make a judgment decision, so that the person makes an incorrect judgment decision, and therefore, countermeasures which should not be taken are taken.
Aiming at the mode confusion fault type in the human-computer interaction process, if a mode confusion fault logic gate can be designed, and the operation logic of the mode confusion fault logic gate is proposed from the information flow level of an information processing model, the uncertainty of the human-computer interaction logic is considered by the operation method of the mode confusion fault logic gate on the basis that the original DFTA method describes the uncertainty of the occurrence of the event with failure rate.
Disclosure of Invention
(1) The purpose is as follows:
the invention provides a design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree, which starts from the cognitive aspect of human-to-information in the human-computer interaction process, fully considers the cognitive characteristic, the scene task characteristic and the human-computer coupling characteristic of human, perfects the fault logic of a system and more accurately measures the reliability of a complex human-computer system. Scenes and design defects which are easy to induce human errors can be found through analysis, and the method plays an important role in improving the performance capability level of personnel and enhancing the reliability and safety of a man-machine system.
(2) The technical scheme is as follows:
design of mode confusion gate based on DFTA
When an abnormal state occurs, a person cannot correctly judge a current fault mode due to partial information loss in required sensing information and wrong display mode faults within a certain time, and in order to describe the logical cause and effect relationship of the occurrence of the mode confusion faults, the invention designs a mode confusion fault logic gate based on DFTA.
The mode confusion fault logic gate is a multi-input single-output logic, and an output event occurs if and only if a trigger event occurs, and the symbol of the logic gate is as shown in FIG. 1; event A, B, C is an input event of the mode-obfuscated gate, event D, E, F is an output event of the mode-obfuscated gate, and event M is a determination condition of the mode-obfuscated gate; wherein circles represent bottom events in the fault tree and boxes represent intermediate events; when a functional fault event M occurs, calling a fault mode class to which the functional fault event M belongs and all fault mode related information types in the class, namely, people can correctly identify the fault mode only by sensing the information; different man-machine systems are provided with a plurality of fault mode classes, each of which comprises a plurality of fault modes, and the subordinate fault mode class is related to the scene environment and the event M;
the input and output of the mode obfuscating gate are logically operated according to the display mode of the information, and the mode obfuscating operation logic is shown in fig. 2. The dashed boxes in fig. 2 represent the passing of information through the pattern obfuscation gate, one for each event. When the display modes of all the information types called by the event M are correct, people can certainly judge the current correct fault mode. The information type is all information that needs to be sensed to correctly identify the functional failure mode, and is an information set corresponding to the event M. The information states respectively correspond to input events and are composed of information types, information display failure modes and information acquisition channels, and information display failures (missing/errors) are caused by environments or failures in the contextual environment. Event C is the output event of event M as an input event to the cognitive overload gate, causing the information display to fail to a missing state. The failure modes 1, 2, and 3 corresponding to the event D, E, F are failure modes in the subordinate failure mode class, and thus the number of output events is determined by the subordinate failure mode class. Output events can cause certain events to occur (fundamental events in DFTA) in connection with response actions after the failure mode is determined.
The same information in a man-machine system may have multiple sources, and a person does not need to perceive all sources. In a certain scene environment, the information is obtained only through one source and is not checked and verified again; in a certain contextual environment, a person needs to identify certain important information through at least two sources.
The invention discloses a design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree, which is supposed as follows:
1. the information acquisition channel comprises a human-computer interaction interface (C)I) Environment (C)E) And communication (C)CE) Direct communication with human (C)CM) The information acquisition channel is at least 1 item, and the human-computer interaction interface may comprise a plurality of areas for providing the information;
2. in different task stages and different situations, people perceive different priorities of the same information; in the same task stage and in the same situation, people perceive different information with different priorities; suppose that a person would only obtain through the most preferred channel available and not continue to obtain rechecks from other channels;
3. if the same acquisition channel of the same information exists in the output event of the cognitive overload gate, the display fault mode of the channel of the information is subject to the output event of the cognitive overload gate;
the priority of the information acquisition channel is assumed as follows: communicating directly with human (C)CM)>Environment (C)E)>Human-computer interaction interface (C)I)>Communication (C)CE) Taking this as an example, the analysis information is shown in table 1:
TABLE 1 information display mode situation given information acquisition channel priority
Figure GDA0001810070560000031
Supplementary note 1: wherein M is1、M2、M3Indicating that the information display mode is correct/missing/wrong, respectively, and that the information is not available from the channel.
As can be seen from the above table, if the information has only one acquisition channel, and the channel of the information does not belong to the cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel, such as information 1; if the information only has one acquisition channel and the channel of the information belongs to cognitive overload output, the display mode of the information is the same as the cognitive overload output, namely the information is lost, such as the information 2; if the information has multiple acquisition channels, and the channels of the information do not belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel with high priority, such as information 3 and information 4; if the information has multiple acquisition channels, and part of the acquisition channels of the information belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel which does not belong to the cognitive overload output and has high priority, such as information 5 and information 6; thus, the information states of all information types in the fault mode class are obtained, and people judge and decide by sensing the information of the information states, namely output events are obtained; by analyzing the influence relationship between the occurrence of the input event and the information state, the expert needs to construct a corresponding truth table of the input event and the output event. And when the fault mode corresponding to the output event is the same as the event M, the mode confusion does not occur, otherwise, the mode confusion is considered to occur.
Pattern matching-based quantitative modeling method for pattern confusion gate
The invention relates to a design method of a pattern confusion fault logic gate of a human-computer interaction dynamic fault tree, wherein the pattern confusion gate quantitative modeling method based on pattern matching mainly comprises the following two stages:
the first stage is as follows: building information display mode collection
According to the characteristics of a man-machine system, relevant reference documents and accident cases are investigated, and all functional fault modes are selected and established; confusing failure modes are classified into one class, all functional failure modes are classified into failure mode classes, and all the failure symptom information required to identify a failure mode from the failure mode class is listed, as in table 2.
TABLE 2 partitioning of failure mode classes for a human machine system
Figure GDA0001810070560000041
There are multiple functional faults in each fault mode category, and there are also several corresponding fault symptom information types, as shown in table 3. When the functional fault is found, the person can perform mode recognition from the fault mode class to which the person belongs, perceive all information under the fault mode class and judge the current fault mode according to the information. The display modes of the information include: the probability of identifying the fault mode is different under the conditions of correctness, deficiency and error and different information display mode combinations; listing all information display mode combinations of all information of the mode class according to the fault mode class; if the number of information is n, the combination of all information display modes is 3nSeed growing;
TABLE 3 information display mode set of failure mode class i
Figure GDA0001810070560000051
Supplementary note 1: wherein M is1,M2,M3Respectively representing correct, missing and wrong information display modes;
and a second stage: building pattern garbled gate input-output operations
When a scene is given, the environmental condition of the mode confusion door and the priority of the information acquisition channel are determined, and the probability of the output event is related to whether the input event occurs (namely, the information display mode combination); under the given situation, if the condition judges that the event M occurs, the occurrence state combination 2 of the p input eventspSet 3 of information display modes belonging to a failure mode class (q items of information) possibly simultaneously with event MqThe multiple information display mode combinations in the items are matched, and the output event under each input event occurrence state combination is given by the expert according to the corresponding relation between the two and the incidence relation between the information display mode combination and the output event (function failure mode judgment result), as shown in table 4.
TABLE 4 truth table of input events and output events
Figure GDA0001810070560000052
Supplementary note 1: wherein, 1-occurrence, 0-non-occurrence, only one item of output event;
in summary, the rules are summarized as follows:
the invention discloses a design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree, which is supposed as follows:
1. the information acquisition channel comprises a human-computer interaction interface (C)I) Environment (C)E) And communication (C)CE) Direct communication with human (C)CM) The information acquisition channel is at least 1 item, and the human-computer interaction interface may comprise a plurality of areas for providing the information;
2. in different task stages and different situations, people perceive different priorities of the same information; in the same task stage and in the same situation, people perceive different information with different priorities; suppose that a person would only obtain through the most preferred channel available and not continue to obtain rechecks from other channels;
3. if the same acquisition channel of the same information exists in the output event of the cognitive overload gate, the display fault mode of the channel of the information is subject to the output event of the cognitive overload gate;
the specific implementation steps are as follows:
the method comprises the following steps: based on system functional failures, confusing failures are classified into failure mode classes
According to the characteristics of a man-machine system, relevant reference documents and accident cases are investigated, and all functional fault modes are selected and established; dividing the fault modes which are easy to be confused into one class, dividing all the functional fault modes into a plurality of fault mode classes, listing all fault symptom information required by identifying the fault modes from the fault mode classes, and showing in a table 2;
step two: constructing information display mode collection for divided fault mode classes
Each failure mode classThere are many kinds of functional faults, and there are several kinds of corresponding fault symptom information types, as shown in table 3; the display modes of the information include: correct, missing, error, M1,M2,M3Respectively representing correct, missing and wrong information display modes; under different information display mode combinations, the probability of identifying the fault mode is different; listing all information display mode combinations of all information of the mode class according to the fault mode class, and constructing an information display mode collection;
step three: establishing corresponding dynamic fault tree model according to case accident situation
On the basis of fault mode class division and related information mode set construction of two pairs of case accidents in the first step, establishing a corresponding dynamic fault tree model according to accident scene description;
step four: counting the information display mode condition of case accident, analyzing the output event of mode confusion gate
The priority of the information acquisition channel is assumed as follows: communicating directly with human (C)CM)>Environment (C)E)>Human-computer interaction interface (C)I)>Communication (C)CE) For this example, the situation of the information display mode is analyzed as shown in table 1, if the information only has one acquisition channel, and the channel of the information does not belong to the cognitive overload output, the display mode of the information is the same as the information display mode acquired by the channel, as shown in information 1 in table 1; if the information only has one acquisition channel and the channel of the information belongs to cognitive overload output, the display mode of the information is the same as the cognitive overload output and is absent, such as the information 2 in the table 1; if the information has multiple acquisition channels, and the channels of the information do not belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel with high priority, such as information 3 and 4 in the table 1; if the information has multiple acquisition channels, and part of the acquisition channels of the information belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel which does not belong to the cognitive overload output and has high priority, such as information 5 and 6 in the table 1; thereby obtaining the information status of all information types in the failure mode classThe state, people judge and decide by sensing the information of the information state, and the output event is obtained;
step five: constructing truth tables of input events and output events
Blocking information acquisition channels of certain information types according to input events of given scenes and mode confusion gates, referring to a table, obtaining information display modes of all information types in the fault mode class in the step four, and constructing true values of the input events and the output events; when a scene is given, the environmental condition of the mode confusion door and the priority of the information acquisition channel are determined, and the probability of the output event is related to whether the input event occurs (namely, the information display mode combination); under the given situation, if the condition judges that the event M occurs, the occurrence state combination 2 of the p input eventspSet 3 of information display modes belonging to a failure mode class (q items of information) possibly simultaneously with event MqThe multiple information display mode combinations in the items are matched, and the output event under each input event occurrence state combination is given by the expert according to the corresponding relation between the two and the incidence relation between the information display mode combination and the output event (function failure mode judgment result), as shown in table 4;
step six: on the basis of the models established in the first step, the fifth step is used for analyzing to obtain the following conclusion, if the output event of the mode confusion gate is the same as the fault mode corresponding to the judgment condition event, the mode confusion does not occur to people, and if not, the mode confusion occurs to people;
through the above method, a mode confusion fault logic gate of a human-computer interaction dynamic fault tree is designed, the human cognition characteristic, the scene task characteristic and the human-computer coupling characteristic are fully considered from the cognitive aspect of human-computer interaction information in the human-computer interaction process, the consideration on the uncertainty of the human-computer interaction logic is increased on the basis that the original DFTA method based on a dynamic fault tree model describes the uncertainty of the occurrence of an event with failure rate, the system fault logic is perfected, and the reliability of a complex human-computer system is more accurately measured; scenes and design defects which are easy to induce human errors can be found through analysis, the performance capability level of personnel is further improved, and the reliability and the safety of a man-machine system are enhanced.
(3) The invention has the advantages and effects that:
the method is based on the human-to-information cognition level in the human-computer interaction process, fully considers the human cognition characteristic, the scene task characteristic and the human-computer coupling characteristic, increases the consideration on the uncertainty of the human-computer interaction logic, perfects the system fault logic, can more accurately reproduce the result of the accident case of the complex human-computer system, and can find scenes and design defects which are easy to induce human errors through analysis.
Drawings
FIG. 1 is a block diagram of a logic gate design method for a pattern blending gate according to the present invention.
FIG. 2 is a logical representation of the mode obfuscation operation of the present invention.
Fig. 3401 flight incident case fault tree.
The symbols and codes in the figure are explained as follows:
A. b, C, M1, X5 mode confusing input events to a gate
D. E, F, M3, M4 mode obfuscating output events of gate
M, X4 conditional decision event for mode confusion gate
X1 trigger event
General events X3, M2, X2
T Final event
FDEP function phase-closing door
Detailed Description
The invention takes the 401 flight accident as a case, and the specific implementation mode is divided into two stages which are six steps.
401 flight accident case
In 1972 12 months and 29 days later, the eastern airline 401 flights from new york john phenanthritzegardnidi international airport take off and land at miami international airport. The unit consists of a captain, a copilot and a second copilot. In the landing preparation phase, the nose landing gear signal bulb is in failure. When the landing gear handle is in the "down" position, the green light indicating whether the nose landing gear is extended or locked is not illuminated. The green light remains unlit after the captain retracts the landing gear. Because it cannot be determined whether the nose landing gear is down, the crew notifies the tower to suspend landing, climbs to 2000 feet (609.6 meters), hovers for standby, sets the aircraft to autopilot at 2000 feet height, then attends to the bulb repair with full attention, and sends a second copilot to the cabin to visually confirm whether the nose landing gear is down. During bulb repair, the unit unintentionally touches the steering rudder, and is responsible for releasing the control of the height and releasing the automatic driving. The altitude of the aircraft begins to descend, but the crew is dedicated to repairing the aircraft without effectively monitoring the aircraft flight parameters, not being aware of the fact and warning sounds that the aircraft is out of altitude. When the driver is in the nighttime, the second assistant driver cannot obtain the information of the height abnormality even in the visual confirmation. When the tower finds that the height of the airplane is reduced, the tower is communicated with the unit and confirms that the unit is in an automatic driving state and the height is not abnormal. In the 70 s, the performance of the radar was poor, and the problem of measurement errors often occurred. Therefore, the tower judges that the radar measurement error exists at present, and the crew member informs the airplane that the airplane can enter the airport at any time after applying for landing. At this point, the unit finds that the height is too low and takes immediate action, but really too late. The left engine of the airplane touches down the ground, and serious crash accidents occur.
The invention relates to a design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree, which is shown in figure 1, wherein the operation logic representation of mode confusion is shown in figure 2, the application embodiment of the method is divided into two stages, the first stage is divided into two steps, and the second stage is divided into four steps;
the first stage is as follows: information display mode collection construction of 401 # flight accident case
The method comprises the following steps: based on system functional failures, confusing failures are classified into failure mode classes
The tower is the highest building in an airport and is an air transportation control facility used for monitoring airplanes and ground vehicles, controlling the takeoff and landing of the airplanes and the like; the tower contains radio equipment capable of communicating with the aircraft, a monitor for monitoring the location of the aircraft, weather conditions and flight advisories, etc. In this case, when the monitor displays that the altitude of the aircraft is abnormal, the tower is in contact with the flight crew, the error of the altitude data returned by the crew cannot be recognized, the fault is judged to be a radar fault, mode confusion occurs, and the crew cannot be reminded to pay attention to the altitude data again. Dividing the two fault modes into a fault mode class, listing all fault symptom information required by the fault modes identified from the fault mode class, and viewing the list;
partitioning of human machine System failure mode classes for flight Accident case Table 5401
Figure GDA0001810070560000101
Step two: constructing information display mode collection for divided fault mode classes
In the man-machine system fault mode class of the No. 401 flight accident case, the information type only comprises one type of height information, and the information display mode is M1/M2/M3Wherein M is1,M2,M3The three information display modes of correct, missing and error are represented respectively, so the information display mode collection of the case fault mode class 1 is shown in the following table 6;
table 6401 information display mode collection of flight accident case failure mode class 1
Figure GDA0001810070560000102
And a second stage: input and output operation of mode confusion gate of 401 flight accident case
Step three: establishing corresponding dynamic fault tree model according to case accident situation
Establishing a fault tree model according to the description of the 401 number flight accident scenario, wherein the number of mode confusion gate input events in the fault tree is 2 as shown in figure 3;
step four: counting the information display mode condition of the accident case, analyzing the output event of the mode confusion gate
The tower acquires aircraft altitude information from three sources, including radar altitude data from tower monitor instrumentation, visual aircraft position data, and crew replies via communications. At this point, the tower needs to know this information from all information acquisition channels. According to the case description, the flight scene of the airplane of flight number 401 is no-month at night, so that the position of the airplane cannot be obtained by the tower visually, namely, the information display mode for obtaining information by the environment is missing (M)2) But the aircraft altitude information needs to be rechecked and verified by contacting with the aircrew to inquire whether the altitude is normal or not, and judgment and decision are made. When the priority of the information acquisition channel is not given, the information display mode of the 401 flight accident case is as shown in the following table 7;
table 7401 information display mode situation of flight accident case
Figure GDA0001810070560000111
Thus, the information states of all information types in the fault mode class are obtained, and people can judge and decide by sensing the information of the information states, so that the output event of the mode confusion door can be obtained;
step five: constructing truth tables of input events and output events
And (3) establishing a corresponding truth table 8 of the input event and the output event by analyzing whether the input event occurs and the influence relation of the information state.
Table 8401 truth table of input and output events for flight accident case
Figure GDA0001810070560000112
Supplementary note 1: wherein 1 represents occurrence and 0 represents non-occurrence;
step six: analyzing the accident case according to the known conditions
When the failure mode corresponding to the output event is the same as the event X4, no mode confusion occurs, otherwise, the mode confusion is considered to occur. The conditional determination event X4 is linked to the trigger event X1 by a functionally closed door (i.e., "FDEP"), and when the trigger event X1 occurs, the event X4 occurs. When the condition judgment event X4 does not occur, the tower does not sense the altitude abnormity information of the airplane, and the mode confusion door cannot occur; when the condition judgment event X4 occurs, the tower senses that the radar displays the aircraft altitude abnormal information, and the tower starts to judge whether the aircraft altitude abnormal information is correct or not, so that the event X3 may occur through a mode confusion gate. According to the condition judgment event X4 and the case description, the case where radar is not displayed and the communication system is failed is not considered in the pattern confusion gate analysis of this example, and therefore, the absence of information obtained by the tower through the man-machine interaction interface and communication in table 7 is not considered, that is, cases 2, 4, 5, 6, and 8;
firstly, when an input event X5 occurs, the tower considers that the aircraft height information of the unit is more reliable, and therefore the flight height information obtained through communication is taken as the standard;
when the input event X5 does not occur, the tower considers that the airplane height information of the radar is more reliable;
when the input event M1, X5 occur simultaneously, and the condition judgment event also occurs, the output event is M4, the tower does not find the airplane height abnormality, and the mode confusion occurs, so that the 401 flight accident occurs.

Claims (1)

1. A design method of a mode confusion fault logic gate of a human-computer interaction dynamic fault tree is assumed as follows:
1. the information acquisition channel comprises a human-computer interaction interface (C)IEnvironment is CECommunication namely CCEDirect communication with human being, i.e. CCMThe information acquisition channel is at least 1 item, and the human-computer interaction interface comprises a plurality of areas for providing the information;
2. in different task stages and different situations, people perceive different priorities of the same information; in the same task stage and in the same situation, people perceive different information with different priorities; suppose that a person would only obtain through the most preferred channel available and not continue to obtain rechecks from other channels;
3. if the same acquisition channel of the same information exists in the output event of the cognitive overload gate, the display fault mode of the channel of the information is subject to the output event of the cognitive overload gate;
the method is characterized in that: the specific implementation steps are as follows:
the method comprises the following steps: based on system functional failures, confusing failures are classified into failure mode classes
According to the characteristics of a man-machine system, relevant reference documents and accident cases are investigated, and all functional fault modes are selected and established; dividing confusing failure modes into one class, and dividing confusing functional failure b11,b12,b13Dividing the fault modes into a fault mode class 1, dividing all functional fault modes into a plurality of fault mode classes, and listing all fault symptom information required by identifying the fault modes from the fault mode classes;
step two: constructing information display mode collection for divided fault mode classes
There are multiple functional faults under each fault mode category, there are several corresponding fault symptom information types; the display modes of the information include: correct, missing, error, M1,M2,M3Respectively representing correct, missing and wrong information display modes; under different information display mode combinations, the probability of identifying the fault mode is different; listing all information display mode combinations of all information of the mode class according to the fault mode class, and constructing an information display mode collection;
step three: establishing corresponding dynamic fault tree model according to case accident situation
On the basis of fault mode class division and related information mode set construction of two pairs of case accidents in the first step, establishing a corresponding dynamic fault tree model according to accident scene description;
step four: counting the information display mode condition of case accident, analyzing the output event of mode confusion gate
The priority of the information acquisition channel is assumed as follows: communicating directly with human (C)CM)>Environment (C)E)>Human-computer interaction interface (C)I)>Communication (C)CE) If the information only has one acquisition channel and the channel of the information does not belong to cognitive overload output, the display mode of the information is the same as the information display mode acquired by the channel; if the information only has one acquisition channel and the channel of the information belongs to cognitive overload output, the display mode of the information is the same as the cognitive overload output and is absent; if the information has multiple acquisition channels and the channels of the information do not belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel with high priority; if the information has multiple acquisition channels, and part of the acquisition channels of the information belong to cognitive overload output, the display mode of the information is the same as the display mode of the information acquired by the channel which does not belong to the cognitive overload output and has high priority; thus, the information states of all information types in the fault mode class are obtained, and people judge and decide by sensing the information of the information states, namely output events are obtained;
step five: constructing truth tables of input events and output events
Blocking information acquisition channels of some information types according to input events of given scenes and mode confusion gates, obtaining information display modes of all information types in the fault mode class according to the step four, and constructing true values of the input events and the output events; when a scene is given, the environmental condition of the mode confusion door and the priority of the information acquisition channel are determined, and the probability of the output event is related to whether the input event occurs or not; under the given situation, if the condition judges that the event M occurs, the occurrence state combination 2 of the p input eventspInformation display mode collection 3 simultaneously belonging to fault mode class with event MqMatching a plurality of information display mode combinations in the items, and giving an output event under each input event occurrence state combination by an expert according to the corresponding relation between the information display mode combinations and the output events;
step six: on the basis of the models established in the first step, the fifth step, the analysis obtains the conclusion that if the output event of the mode confusion gate is the same as the fault mode corresponding to the judgment condition event, the mode confusion does not occur to people, otherwise, the mode confusion occurs to people.
CN201810940140.5A 2018-08-17 2018-08-17 Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree Active CN109116831B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810940140.5A CN109116831B (en) 2018-08-17 2018-08-17 Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810940140.5A CN109116831B (en) 2018-08-17 2018-08-17 Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree

Publications (2)

Publication Number Publication Date
CN109116831A CN109116831A (en) 2019-01-01
CN109116831B true CN109116831B (en) 2020-09-08

Family

ID=64852429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810940140.5A Active CN109116831B (en) 2018-08-17 2018-08-17 Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree

Country Status (1)

Country Link
CN (1) CN109116831B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110705051B (en) * 2019-09-17 2021-07-02 北京航空航天大学 Dynamic fault tree model and simulation method of time constraint touch-change logic
CN110763984B (en) * 2019-10-25 2021-06-22 长沙理工大学 Method, device and equipment for determining failure rate of logic circuit and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950327A (en) * 2010-09-09 2011-01-19 西北工业大学 Equipment state prediction method based on fault tree information
CN102427275A (en) * 2011-10-19 2012-04-25 浙江大学 High-reliability substation automation system and control method for EPA (Ethernet for plant automation)-based flat network architecture
CN104454785A (en) * 2014-09-25 2015-03-25 中南大学 Engineering machinery hydraulic cylinder fault diagnosis system and fault sample signal acquisition method applicable to same
AU2013369924A1 (en) * 2012-12-27 2015-08-13 Nuctech Company Limited Object inspection method, display method and device
CN107608658A (en) * 2017-08-08 2018-01-19 青岛科技大学 Fault tree synthesis Similarity Match Method based on hidden Markov

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950327A (en) * 2010-09-09 2011-01-19 西北工业大学 Equipment state prediction method based on fault tree information
CN102427275A (en) * 2011-10-19 2012-04-25 浙江大学 High-reliability substation automation system and control method for EPA (Ethernet for plant automation)-based flat network architecture
AU2013369924A1 (en) * 2012-12-27 2015-08-13 Nuctech Company Limited Object inspection method, display method and device
CN104454785A (en) * 2014-09-25 2015-03-25 中南大学 Engineering machinery hydraulic cylinder fault diagnosis system and fault sample signal acquisition method applicable to same
CN107608658A (en) * 2017-08-08 2018-01-19 青岛科技大学 Fault tree synthesis Similarity Match Method based on hidden Markov

Also Published As

Publication number Publication date
CN109116831A (en) 2019-01-01

Similar Documents

Publication Publication Date Title
CN102460516B (en) Method and device for processing faults
EP3229095A1 (en) Methods and apparatus for providing real-time flight safety advisory data and analytics
EP3772030A1 (en) Systems and methods to utilize flight monitoring data
US8798811B2 (en) Method and device for assisting in the diagnostic and in the dispatch decision of an aircraft
Kritzinger Aircraft system safety: Assessments for initial airworthiness certification
CN103425817A (en) Method, devices and program for computer-aided analysis of the failure tolerance of an aircraft system, using critical event charts
Alves et al. Considerations in assuring safety of increasingly autonomous systems
CN103970122A (en) Aircraft fault real-time monitoring method and system based on ACMS
US20110196881A1 (en) Method and device for managing information in an aircraft
CN109116831B (en) Design method of mode confusion fault logic gate of human-computer interaction dynamic fault tree
CN109145438B (en) Analysis method for influence of man-machine system under coupling effect of man-machine ring three factors
US20090326738A1 (en) Device for aiding to take a decision concerning the ability of an aircraft to start a flight
US20100162255A1 (en) Device for reconfiguring a task processing context
Friedrich et al. A novel human machine interface to support supervision and guidance of multiple highly automated unmanned aircraft
Ud-Din et al. Analysis of loss of control parameters for aircraft maneuvering in general aviation
CN107316087B (en) Method for judging fault use of aviation product
Kozuba et al. Selected elements influencing pilot situational awareness
Mosier The human in flight: From kinesthetic sense to cognitive sensibility
Scandura et al. A unified system to provide crew alerting, electronic checklists and maintenance using IVHM
Johnson et al. The dangers of failure masking in fault-tolerant software: aspects of a recent in-flight upset event
Leiden et al. Context of human error in commercial aviation
Loe et al. Visualization of Business Intelligence Insights into Aviation Accidents
Payan et al. Review of proactive safety metrics for rotorcraft operations and improvements using model-based parameter synthesis and data fusion
Martins et al. Human error in aviation: the behavior of pilots facing the modern technology
Bruseberg et al. Understanding human error in context: Approaches to support interaction design using air accident reports

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant