CN112149293A

CN112149293A - Method for determining conditional probability in risk analysis

Info

Publication number: CN112149293A
Application number: CN202010958404.7A
Authority: CN
Inventors: 蔡景; 代定强; 李海亮; 杨天策; 康婷玮
Original assignee: Nanjing University of Aeronautics and Astronautics
Current assignee: Nanjing University of Aeronautics and Astronautics
Priority date: 2020-09-14
Filing date: 2020-09-14
Publication date: 2020-12-29

Abstract

The invention discloses a method for determining condition probability in risk analysis. And then, injecting risk events into the system model, analyzing the comprehensive performance of the system after the risk events occur through simulation, and constructing an event chain of risk transmission. And finally, loading actual disturbance data to the system simulation model, performing repeated simulation analysis by using a Monte Carlo method, and counting the conditional probability of risk transfer. The method overcomes the defects of traditional risk event chain construction and analysis development based on experience, improves the objectivity and comprehensiveness of risk transmission event chain construction, realizes the simulation calculation of condition probability in risk analysis, improves the reliability of risk analysis results, and has an important guiding function for the formulation of risk correction measures.

Description

Method for determining conditional probability in risk analysis

The technical field is as follows:

the invention relates to a method for determining condition probability in risk analysis, and belongs to the technical field of aviation systems.

Background art:

according to a fleet risk assessment model based on a TARAM (transportation aircraft risk assessment method) method, undetected fault probability exists in the fleet operation process, and corresponding fleet risk R_FComprises the following steps:

wherein_FPredicting a quantity for a failed aircraft; mu.s_FThe probability of undetected faults;

the conditional probability of catastrophic consequences, i.e. the sum of the event chaining probability products, is related to the fault type and the flight time; f. of_FIs a severity level.

The conditional probability is defined as: the probability of an unsafe outcome that the damage rate caused by a certain risk event is known. The conditional probabilities are typically calculated by the risk transition probabilities between events in the middle of the event chain. Because the event chain is not easy to construct and the transition conditional probability between each intermediate event is difficult to determine, the calculation of the conditional probability is crucial to the accuracy of the fleet risk assessment.

In the existing risk condition probability calculation method, a key risk event chain is constructed based on subjective experience, and a given method of risk transition probability in the event chain depends on historical data statistics, experimental tests, expert experience, fault tree analysis and the like. However, for the risk transfer process on a specific event, there are often situations where data is deficient and cannot be estimated. Especially in the case of a small amount of data, the conditional probability is set to 1 conservatively, which means that this unsafe event will certainly lead to some unsafe consequence, but the risk value calculated in this way must be large. Therefore, the existing method cannot guarantee the comprehensiveness of the constructed event chain and the accuracy of conditional probability calculation, influence the division of the event risk level, and cause unnecessary economic loss.

The invention content is as follows:

in order to overcome the defects that the conditional probability statistical data are insufficient, the risk calculation value is excessively conservative, and the event chain is not established comprehensively and objectively enough in the risk analysis, the invention provides a method for determining the conditional probability in the risk analysis.

The technical scheme adopted by the invention is as follows: a method for determining conditional probability in risk analysis comprises the following specific steps:

(1) establishing a system simulation model based on Modelica, carrying out similarity analysis on simulation data of system operation key parameters and characteristic values, characteristic change trends and distribution rules of actually measured data, verifying the accuracy of the model, and perfecting the simulation model by optimizing modeling parameters;

(2) taking the researched risk event as a fault, injecting the fault into a system model, combing a risk transfer path from the risk event to an unsafe consequence, and constructing a risk transfer event chain;

(3) and loading actual working condition data of the system on the system simulation model, carrying out Monte Carlo simulation analysis on the system, and counting and calculating the probability of the risk transfer condition based on the simulation result.

Further, the step (1) is specifically as follows:

a. defining a system structure layer side, dividing a modeling object system into a plurality of levels of subsystems, sub-subsystems and even bottom-layer components, splitting the system structure according to different physical fields to which the components belong, wherein the part with a simple hierarchical structure adopts a bottom-up mode, and the multi-field coupling part with a complex structure adopts a top-down mode for modeling;

b. establishing a component model, researching the working principle of the component by using a design file, an industrial standard and a test mode, carrying out formulated quantitative description on the input-output relationship and the internal variable conversion relationship of the component, and establishing a physical model of the component in the form of a physical equation set;

c. optimizing a simulation model, carrying out similarity analysis on the characteristic values, characteristic change trends, distribution rules and the like of the key operation parameters of the simulation and actual measurement system, verifying the correctness of the model, and improving the simulation model by optimizing and correcting the parameters of the model.

Further, the step (2) is specifically as follows:

a. the event mechanism research is used for finding out components or subsystems related to and influenced by the risk event according to the expression form of the risk event;

b. establishing an input-output relation of a fault component through simulation under a given working condition, correcting a physical equation used for modeling, and fitting a new empirical formula according to test data to realize fault modeling when working data deviation before and after the component fault is large;

c. carrying out simulation analysis on the state of the system with the risk event under different load working conditions, checking the function realization condition and the state parameter of the system, comparing the state parameter with a system FMECA table, and judging whether a fault result with harm occurs or not;

d. combining a system Modelica model, taking correlation analysis among model variables as a core, combining a fault tree and fishbone diagram analysis method, combing a risk transfer path from a risk event to a serious consequence, and constructing a risk transfer event chain.

Further, the step (3) is specifically as follows:

a. loading various disturbances in the actual working condition to a system simulation model by using a Modelica model, detecting random vibration and interference pulses of a loop where an electronic element is located in a working environment by using a sensor, loading the interferences to the Modelica model in real time through a semi-physical simulation platform, and participating in simulation calculation; or fitting the disturbance data into random distribution and inputting the random distribution into a model;

b. the method comprises the steps of randomly selecting environmental parameters according to the Monte Carlo idea, randomly taking values of the component parameters within a tolerance range, randomly simulating the probability of missed detection and repair of risk events in an intermediate link, carrying out a large number of repeated simulations, checking component state variables at key nodes based on a constructed risk transfer event chain, and counting the transition probability of the risk at the intermediate event.

Compared with the conventional risk analysis conditional probability calculation method, the method for establishing the risk transfer event chain is based on the quantitative simulation of the system model, overcomes the defects of traditional experience-based establishment of the risk event chain and development of analysis, and ensures that the established event chain is more comprehensive and objective; the calculation of the risk transfer conditional probability is derived from a large amount of random simulation on various conditions which may occur in the actual operation process of the system, and the statistical data of the risk transfer conditional probability is more accurate and credible. The calculated value of the risk analysis tends to be accurate, and the method has higher guiding significance for formulation of maintenance and correction measures and is beneficial to improving economic benefits.

Description of the drawings:

FIG. 1 is a flow chart of the modeling simulation calculation of the present invention.

FIG. 2 is a flow chart for modeling the system modelica according to the present invention.

Fig. 3 is a flow chart of the risk injection process of the present invention.

FIG. 4 is a simplified risk delivery path constructed in accordance with the present invention.

The specific implementation mode is as follows:

the invention will be further described with reference to the accompanying drawings.

(1) As shown in fig. 2, the Modelica-based system hierarchical modeling steps are as follows:

a. the system architecture layer side is defined. The structure and function realization process of the analysis system divides a modeling object system into a plurality of levels of subsystems, sub-subsystems and even bottom components, and splits the system structure according to different physical fields of electricity, machinery, hydraulic pressure, pneumatics and the like to which the components belong. The part with simple hierarchical structure adopts a bottom-up mode, and the multi-field coupling part with complex structure adopts a top-down mode for modeling.

b. And establishing a component model. The working principle of the component is researched by using modes such as design files, industrial standards, tests and the like, the input-output relationship and the internal variable conversion relationship of the component are quantitatively described in a formulaic mode, and a physical model of the component is established in a physical equation set mode. Meanwhile, the reusability of the model is improved in a mode of inheritance derivation and restitution by defining the components as abstract types, and the model is universal by using an international standard underlying library, so that the establishment of a Modelica-based basic component model library is realized. Taking orifice damping which is common in hydraulic pressure as an example, a fluid modeling formula is shown as a formula (2), and a fluid mechanics and other component power coupling equation is shown as a formula (3).

q＝vA (3)

Wherein q is the flux, C_dTo obtain a damping coefficient, A_Hole(s)Is the piston area, p is the hydraulic pressure, ρ is the hydraulic oil density, v is the piston movement velocity, and A is the piston area. The two formulas are packaged to form a local model of the small hole damping part, and the inheritance reuse of the model is realized by calling the model at a higher level system.

According to the mutual coupling mode of the functions and signals among the components, the interfaces of the models are defined, and the interfaces comprise different types such as mechanical interfaces, gas interfaces, logic interfaces, electric interfaces and the like. The necessary flow variables and potential variables, such as potential and current, are defined in the interface. In the above formula, the hydraulic pressure p is a potential variable, and it is required to ensure that the two end values of the interface are equal; the flow q is a flow variable, and meets the condition that the two end values are added to be zero and obeys the generalized kirchhoff law. According to the structural hierarchy of the system and the function interaction signal transmission among the components, the building of an integral model is realized by building corresponding algebraic constraint equations among the interfaces and connecting all component object interfaces by combining specific working conditions.

c. And optimizing the simulation model. And carrying out similarity comparison analysis on the characteristic value, the characteristic change trend, the distribution rule and the like of the key operation parameters obtained by simulation and the measured values, verifying the correctness of the model, and realizing the improvement and the perfection of the model by optimizing and correcting the parameters of the model. For example, when the pressure or flow rate obtained by orifice damping simulation does not match the actual measured value, it can be checked whether the orifice damping coefficient, hydraulic oil density, etc. in equation (2) match the actual value and corrected.

(2) As shown in fig. 3, the risk delivery event chain construction process based on the modeica model includes the steps of:

a. and (4) researching an event mechanism. And finding out the components or subsystems related to the risk events and influenced by the risk events according to the expression forms of the risk events. The method is characterized in that the fault mechanism research is carried out on typical unsafe events such as sensor faults, control device faults, electrical faults and the like, the two aspects comprise two aspects of system parts and event influences, the failure modes and reasons of the parts are explained, and the fault performance of the system after the parts are in fault is explained, for example, the circuit parts are worn and sundry chips can cause the damping small holes to be blocked, the flow rate of a hydraulic circuit can be reduced, the pressure of the hydraulic circuit can be increased, the execution speed of an actuating cylinder and a hydraulic cylinder can be influenced, and the like.

b. And regarding the system risk event as a fault, and modeling and injecting the event. Analyzing the event behavior and the propagation characteristics of the event signal; defining model correction parameters (such as signal drift coefficients, leakage coefficients, blocking coefficients and the like), combining the working principle equation set of the component and the influence of event parameters on the functions of the parts, and formulating risk events by means of tests, historical data fitting, empirical formulas and the like, as shown in formula (4).

r＝Kr₀ (4)

Wherein r is the actual radius of the aperture, K is the plugging coefficient, r₀The radius is designed for the aperture.

Different types of events have different digital expressions, and are divided into sudden events, component function degradation and the like. And risk injection based on a Modelica model is realized by adding an internal fault behavior model and a logic switch of the component module.

c. And (4) performing simulation analysis on the state of the system with the risk event under different load working conditions. And checking the function realization condition and the state parameter of the system, comparing the function realization condition and the state parameter with a system FMECA table, and judging whether a fault result with harm occurs or not. For example, a common fault in hydraulic systems is ram creep, which manifests as an unstable ram execution speed, presenting a stop-and-go condition that can be easily identified and marked as a fault consequence at the end of the chain of events, such as "a" and "B" in fig. 4.

d. And constructing an event chain. The propagation mechanism of the fault is researched by combining the existing analysis methods such as fault trees, fishbone diagrams and the like. For the components appearing in the fault tree and the fishbone diagram, key variables X and Y are extracted and correlation coefficients are calculated according to the formula (5). And (4) regarding the variable with high relevance as the same event chain, and regarding the component with the high relevance as a key node in the risk transfer process. For example, the key variable of a hydraulic pump in a hydraulic system is output pressure, the key variable of a ram is operating speed, simulation data of the hydraulic pump and the ram are subjected to correlation analysis, and the correlation between the simulation data and the simulation data is high, so that the hydraulic pump and the ram are considered as two key nodes on the same event chain, such as' A₁”“B₁"and the like.

Repeating the above analysis process, a path diagram of risk transmission is constructed, as shown in fig. 4, which includes two independent event chains.

(3) The risk condition probability calculation method of the system operation event comprises the following steps:

and loading various disturbances in the actual working condition to the system simulation model by utilizing the Modelica model to have the function of loading other source data. The method comprises the following steps of detecting random vibration, interference pulses of a loop where an electronic element is located and the like in a working environment by using a sensor, loading the interference to a Modelica model in real time through a semi-physical simulation platform, and participating in simulation calculation; or fitting the disturbance data into random distribution (for example, the actual output quantities of components such as a constant-voltage source, a hydraulic pump and the like are always subjected to normal distribution) and inputting the random distribution into a model, so that more accurate system working condition construction is realized. According to the Monte Carlo idea, random selection (such as temperature, air pressure and the like) of environmental parameters, random value taking of component parameters within a tolerance range, random simulation of possibility of missed detection and repair of risk events at an intermediate link and the like are carried out, a large number of repeated simulations are carried out, and effective models of various possible emergencies, design defects, manufacturing defects, improper maintenance and normal system degradation in reality are realizedAnd (3) simulating. Examining component state variables at key nodes based on a constructed chain of risk-delivery events, and counting transition probabilities of risks at intermediate events, e.g.

Comprises the following steps:

the conditional probabilities corresponding to the unsafe result a and the unsafe result B are:

the foregoing is only a preferred embodiment of this invention and it should be noted that modifications can be made by those skilled in the art without departing from the principle of the invention and these modifications should also be considered as the protection scope of the invention.

Claims

1. A method for determining conditional probability in risk analysis is characterized in that: the method comprises the following specific steps:

2. The method of determining a conditional probability in a risk analysis of claim 1, wherein: the step (1) is as follows:

3. The method of determining the conditional probability in a risk analysis of claim 2, wherein: the step (2) is specifically as follows:

4. A method of determining conditional probabilities in a risk analysis according to claim 3, characterized by: the step (3) is specifically as follows: