EP3899810A1 - Verfahren zur kontrolle eines elements - Google Patents

Verfahren zur kontrolle eines elements

Info

Publication number
EP3899810A1
EP3899810A1 EP19824328.9A EP19824328A EP3899810A1 EP 3899810 A1 EP3899810 A1 EP 3899810A1 EP 19824328 A EP19824328 A EP 19824328A EP 3899810 A1 EP3899810 A1 EP 3899810A1
Authority
EP
European Patent Office
Prior art keywords
data
prediction model
equipment
datum
relating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19824328.9A
Other languages
English (en)
French (fr)
Inventor
Vincent THOUVENOT
Simon GRAH
François SAUSSET
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales SA
Original Assignee
Thales SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales SA filed Critical Thales SA
Publication of EP3899810A1 publication Critical patent/EP3899810A1/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Definitions

  • the present invention relates to a method for controlling an element.
  • the present invention also relates to an associated computer program product.
  • the present description relates to a method of controlling an element, the method comprising:
  • control method comprises one or more of the following characteristics, taken alone or according to all technically possible combinations:
  • the training base includes a subset of first data, called data to be protected, the constraint also imposing that the image of each second data obtained by an inverse model of the prediction model is different from the data to be protected;
  • the optimization phase includes a step of assigning a penalizing weighting to each datum to be protected from the training base, the constraint also imposing that each datum to be protected is affected by the corresponding penalizing weighting;
  • the prediction model obtained comprises inputs and at least one output, the constraint also imposing that the learning technique applied to the output (s) of the prediction model obtained leads to an adverse model such as the image of the second data by the opposing model does not include any first data to be protected;
  • the or each model is a neural network
  • the exploitation phase comprising:
  • At least a first datum comes from measurements made by at least one sensor
  • each element is an item of equipment, at least one first data item collected relating to the environment of the equipment, at the origin of the equipment, the history of the equipment or of the malfunctions observed on the equipment, at least one second data item collected relating to a maintenance action on the equipment or to a fault detected on the equipment;
  • each element is a message from an entity, at least one first datum relating to a characteristic of the entity, at least one second datum relating to an anomaly relating to the entity or to the message.
  • the present description also relates to a computer program product comprising a readable information medium, on which a computer program comprising program instructions is stored, the computer program being loadable on a data processing unit. and adapted to entail the implementation of a method as previously described when the computer program is implemented on the data processing unit.
  • the present description also relates to a readable information medium on which a computer program product as previously described is stored.
  • FIG 1 a schematic view of an example of a computer allowing the implementation of an element control method
  • FIG 2 a flow diagram of an example of implementation of an element control method.
  • FIG. 1 A computer 10 and a computer program product 12 are illustrated in FIG. 1.
  • the computer 10 is preferably a computer.
  • the computer 10 is an electronic computer suitable for handling and / or transforming data represented as electronic or physical quantities in computer registers 10 and / or memories into other similar data corresponding to physical data in memories, registers or other types of display, transmission or storage devices.
  • the computer 10 interacts with the computer program product 12.
  • the computer 10 includes a processor 14 comprising a data processing unit 16, memories 18 and a data carrier reader 20.
  • the computer 10 comprises a keyboard 22 and a display unit 24.
  • the computer program product 12 includes an information medium 26.
  • the information medium 26 is a medium readable by the computer 10, usually by the data processing unit 16.
  • the readable information medium 26 is a medium suitable for storing electronic instructions and capable of being coupled to a computer system bus.
  • the information medium 26 is a floppy disk or flexible disk (of the English name "Floppy dise"), an optical disk, a CD-ROM, a magneto-optical disk, a ROM memory, a memory RAM, EPROM memory, EEPROM memory, magnetic card or optical card.
  • the computer program 12 comprising program instructions.
  • the computer program 12 is loadable on the data processing unit 16 and is adapted to cause the implementation of a method of controlling an element when the computer program 12 is implemented on the processing unit 16 of the computer 10.
  • FIG. 2 schematically illustrates an example of implementation of an element control method.
  • the element is, for example, equipment, such as aircraft equipment.
  • equipment such as aircraft equipment.
  • such equipment is, for example, a fan, an engine or wings of the aircraft.
  • the equipment includes, for example, parts. It is understood by the term "parts", the various components of the equipment.
  • the element is a message from an entity, for example, an AIS message (from the English Automatic Identification System, translated into French by Automatic Identification System) from a ship.
  • AIS message from the English Automatic Identification System, translated into French by Automatic Identification System
  • the control method comprises a phase 100 of collecting a set of first data relating to elements and a set of second data relating to the control of elements to form a training base. Each second datum of the training base is associated with at least one first datum.
  • the collection phase 100 is implemented by the computer 10 in interaction with the computer program product 12, that is to say is implemented by computer.
  • the data is collected by a first entity (such as a computer or a natural person) and is sent to a second entity comprising the computer 10 and the computer program product 12 for processing by the second entity.
  • the second entity then advantageously comprises a unit for receiving the collected data.
  • at least one first datum comes from measurements carried out by at least one sensor.
  • the training base obtained is, for example, stored in a memory 18 of the computer 10.
  • the training base includes a subset of first data, called data to be protected.
  • the data to be protected is, for example, determined according to a desired level of security for the data of the training base.
  • the data to be protected also includes second data from the training base.
  • the data to be protected is also called attributes.
  • first and second data collected from the training base are values.
  • first and second data collected from the training base are values.
  • first type of first data from the training base several other values are collected for a second type of first data from the training base, etc.
  • second type of first data from the training base etc.
  • first type of second data from the training base and possibly several other values for a second type of second data from the training base, etc.
  • the first data relates to equipment and the second data relates to the maintenance of the equipment.
  • the data relating to maintenance advantageously covers data relating to the repair of equipment.
  • the first data collected is data relating to the environment of the equipment, the origin of the equipment, the history of the equipment and / or the malfunctions observed on the equipment.
  • Data relating to the environment of the equipment is, for example, the temperatures or pressures of the atmosphere to which the equipment has been subjected.
  • Data relating to the origin of the equipment is, for example, the manufacturer of the equipment or the aircraft in which the equipment was installed.
  • the equipment history can include data relating to the operating time of the equipment or the number of maintenance performed on the equipment.
  • the malfunction data observed on the equipment includes, by way of illustration, all the abnormal measurements obtained during the equipment tests.
  • the expression "malfunction” means a failure, a absence of operation or operation not in accordance with the expected operation of the equipment.
  • At least one set of first and second data collected relates to equipment of the same kind as the equipment to be monitored.
  • At least one first datum is chosen from the group consisting of:
  • the supplier of at least one piece of equipment called the first piece
  • At least one first datum comes from measurements made by at least one sensor, whether these are measurements of the environment equipment 36 or measurements on the equipment itself.
  • the measurements on the equipment to be monitored are, for example, measurements relating to the mechanical resistance of the equipment or to the electrical reference values of the equipment.
  • the second data collected is data relating to maintenance actions on equipment or to faults detected on equipment.
  • the or each second datum is chosen from the group consisting of:
  • the data to be protected is the supplier or suppliers of the parts of the equipment or the probability of occurrence of a malfunction of the parts of the equipment.
  • each element when each element is a message originating from an entity, at least one first datum relates to a characteristic of the entity and at least a second datum relates to an anomaly relating to the entity or to the message.
  • At least one first datum is chosen from the group consisting of:
  • the temporal data of the message such as the date and time of delivery of the AIS message
  • the data to be protected are, for example, data relating to the nature of the AIS message.
  • the control method comprises a phase 1 10 of optimizing a prediction model of at least a second data as a function of first data according to a learning technique applied to the training base to obtain a prediction model, also called an optimized prediction model.
  • the optimization phase 110 is implemented by the computer 10 in interaction with the computer program product 12, that is to say is implemented by computer.
  • the prediction model obtained is a model with inputs (as many inputs as type of first data) and at least one output (as many outputs as type of second data).
  • the learning technique is implemented according to a constraint imposing that the prediction model obtained is different from a reference model.
  • the reference model is the prediction model obtained after optimization according to the same learning technique applied to the same training base but without the constraint imposed to obtain the prediction model.
  • the constraint also requires that the image of each second datum obtained by a model inverse to the prediction model be different from the data to be protected.
  • the outputs of the prediction model obtained do not make it possible to go back to the data to be protected (which are values) of the training base which was used to obtain the prediction model.
  • the prediction model obtained is then assigned a security level. The level of security depends in particular on the data to be protected taken into account when optimizing the prediction model.
  • the learning technique has as its starting point a neural network defined by an architecture and a configuration.
  • the optimization phase 1 10 consists in modifying the configuration of the neural network so that the configuration does not depend on the data to be protected from the learning base.
  • the optimization phase 110 includes a step of assigning a penalizing weighting to each datum to be protected from the training base.
  • the constraint then also imposes that each datum to be protected is affected by the corresponding penalizing weighting.
  • the data to be protected from the training base will be used less during optimization than the data not affected by a penalizing weighting.
  • the starting point of the optimization phase 1 10 is a neural network defined by an architecture and a configuration
  • due to the penalizing weighting the use of values from the training base directly or indirectly linked to the data to be protected is penalized in the configuration of the neural network.
  • the allocation of a penalizing weighting is implemented by means of an algorithm of the “random forest” type.
  • the constraint also requires that the learning technique applied to the output (s) of the prediction model obtained leads to an adverse model such as the image of the second data given by the model opponent does not have any first data to protect.
  • the optimization phase 110 includes a step of optimizing the prediction model to hide, in the or each output of the prediction model, the data to be protected from the training base.
  • the optimization phase 110 also includes a step of training the opposing model to find, from the outputs of the prediction model, the data to be protected from the training base.
  • the prediction model obtained is the prediction model optimized so that the opposing model no longer finds, from the outputs of the prediction model, the data to be protected from the training base.
  • the control method comprises a phase 120 of exploitation of the optimized prediction model.
  • the operating phase 120 is implemented by the computer 10 in interaction with the computer program product 12, that is to say is implemented by computer.
  • the operating phase 120 includes a step of supplying first data relating to an element to be checked.
  • the operating phase 120 comprises a step of prediction by the prediction model obtained of at least a second datum relating to the control of the element.
  • the first data provided is data relating to the nature of the equipment and the various parts of the equipment, such as the date of installation of the parts.
  • the second predicted datum is, for example, the probability of the occurrence of a malfunction of one or more pieces of equipment, which makes it possible to determine the maintenance actions to be implemented.
  • the operating phase 120 comprises a step of receiving a security level relating to a user and a step of transmitting the second predicted data to the user when the security level received is greater than or equal to the level of security of the prediction model obtained.
  • the user s security level is based on data that is not authorized for the user to access.
  • the prediction model obtained having been optimized to protect data to be protected, the user has access to the outputs of the prediction model only if the data not authorized for the user is included in the data to be protected. If data not authorized for the user is not included in the data to be protected, this means that the user could via the outputs of the prediction model go up to such data, this is why the outputs of the prediction model do not are not provided to such a user.
  • the control method comprises a phase 130 of implementing an action on the element as a function of the second predicted datum.
  • the second datum indicates that a maintenance action is to be carried out on the equipment, such as the replacement of a piece of equipment
  • a user performs such a maintenance action.
  • the method comprises a step of sending the second predicted data to a third entity, for example, with a view to its memorization or a subsequent analysis by the third entity.
  • the second entity advantageously includes a data transmission unit.
  • the first and third entities are, for example, identical.
  • the method described constitutes a decision aid tool for optimizing the control of an element.
  • a method makes it possible to avoid equipment breakdowns while optimizing the checks carried out by the operators on the equipment.
  • Such a process is therefore particularly useful for predictive maintenance of equipment to be monitored.
  • the messages to be checked such a method makes it possible to detect anomalies in the messages.
  • such a method makes it possible to prevent retrieving, from the outputs of the optimized prediction model, certain data (data to be protected) from the training base used to obtain the prediction model. This is particularly useful in the case of data sharing between several users who do not have the same level of security (for example, customers or suppliers) or in the case of classified multi-level data.
  • the method also makes it possible to minimize or hide the interactions between the data to be protected and the unprotected data of the training base, which makes it possible to improve the reliability of the prediction model.
  • the prediction model is optimized so that a change in the data to be protected from the training base does not influence the outputs of the prediction model, that the errors of the optimized prediction model are the same according to the values of the data to be protected from the training base and / or that the optimized prediction model generates similar outputs for two users with the same level of security.
  • the method described therefore makes it possible to ensure the relevance of the outputs of the prediction model obtained while protecting the values of the data to be protected from the training base.
  • the present process was presented in the specific context of equipment maintenance or message control. However, the present method also applies to the control of other elements, such as the detection of anomalies in data exchanged between entities (cyber attacks) or even the detection of anomalies in maritime, land or air transport. .
EP19824328.9A 2018-12-21 2019-12-19 Verfahren zur kontrolle eines elements Pending EP3899810A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1873748A FR3090583B1 (fr) 2018-12-21 2018-12-21 Procédé de contrôle d’un élément
PCT/EP2019/086374 WO2020127781A1 (fr) 2018-12-21 2019-12-19 Procédé de contrôle d'un élément

Publications (1)

Publication Number Publication Date
EP3899810A1 true EP3899810A1 (de) 2021-10-27

Family

ID=67441188

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19824328.9A Pending EP3899810A1 (de) 2018-12-21 2019-12-19 Verfahren zur kontrolle eines elements

Country Status (3)

Country Link
EP (1) EP3899810A1 (de)
FR (1) FR3090583B1 (de)
WO (1) WO2020127781A1 (de)

Also Published As

Publication number Publication date
WO2020127781A1 (fr) 2020-06-25
FR3090583A1 (fr) 2020-06-26
FR3090583B1 (fr) 2021-04-09

Similar Documents

Publication Publication Date Title
CA2619143C (fr) Procede de surveillance des moteurs d'avion
EP2630548B1 (de) Verfahren und vorrichtung zur überwachung einer rückkopplungsschleife mit betätigungssystem mit variabler geometrie eines triebwerks
EP2153329B1 (de) Verfahren und vorrichtung zur verwaltung, verarbeitung und überwachung von parametern an bord eines flugzeuges
EP3350660B1 (de) Entscheidungshilfesystem und verfahren zur instandhaltung einer maschine mit lernen eines entscheidungsmodells unter der aufsicht von expertenmeinungen
EP0699997A1 (de) Verfahren zur Fehleridentifizierung in einem komplexen System
FR2862404A1 (fr) Determination du risque pour une commande
FR3011105A1 (fr) Procede d'identification d'un equipement defaillant dans un aeronef.
CA2888716A1 (fr) Systeme de surveillance d'un ensemble de composants d'un equipement
FR3035232A1 (fr) Systeme de surveillance de l'etat de sante d'un moteur et procede de configuration associe
EP3619408A1 (de) System und verfahren zur überwachung einer turbomaschine mit durch einen verschleissfaktor korrigierter anomalitätserkennung
EP3151153B1 (de) Cyber-sicherheitssystem mit differenzierter kapazität, um komplexe internetangriffe zu handhaben
Ghorbanian et al. Signature-based hybrid Intrusion detection system (HIDS) for android devices
WO2010011188A1 (en) System and method for preventing leakage of sensitive digital information on a digital communication network
EP3899810A1 (de) Verfahren zur kontrolle eines elements
EP4042007A1 (de) Vorrichtung, verfahren und computerprogramm zur überwachung eines flugzeugtriebwerks
CN115643082A (zh) 一种失陷主机的确定方法、装置及计算机设备
FR3105489A3 (fr) Dispositif et procede de detection de fraude
EP3869368A1 (de) Verfahren und vorrichtung zur erkennung von störungen
US20240048585A1 (en) Methods and systems to assess cyber-physical risk
FR3074590A1 (fr) Methode de prediction d'une anomalie de fonctionnement d'un ou plusieurs equipements d'un ensemble.
FR3038093A1 (de)
US20230127927A1 (en) Systems and methods for protecting trainable model validation datasets
WO2019229174A1 (fr) Procédé de contrôle des dysfonctionnements d'un équipement et dispositifs associés
FR3023040A1 (fr) Systeme de cyberdefence d'un systeme d'information, programme d'ordinateur et procede associes
EP3962149A1 (de) Schnittstelle zum datenaustausch zwischen verarbeitungseinheiten, entsprechende vorrichtungen und entsprechendes verfahren

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210621

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230522