CN112560268B - System security analysis method based on performance model - Google Patents

System security analysis method based on performance model Download PDF

Info

Publication number
CN112560268B
CN112560268B CN202011497169.4A CN202011497169A CN112560268B CN 112560268 B CN112560268 B CN 112560268B CN 202011497169 A CN202011497169 A CN 202011497169A CN 112560268 B CN112560268 B CN 112560268B
Authority
CN
China
Prior art keywords
fault
performance
output
state
failure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011497169.4A
Other languages
Chinese (zh)
Other versions
CN112560268A (en
Inventor
王鑫
王如平
周一舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Aero Polytechnology Establishment
Original Assignee
China Aero Polytechnology Establishment
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Aero Polytechnology Establishment filed Critical China Aero Polytechnology Establishment
Priority to CN202011497169.4A priority Critical patent/CN112560268B/en
Publication of CN112560268A publication Critical patent/CN112560268A/en
Application granted granted Critical
Publication of CN112560268B publication Critical patent/CN112560268B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2119/00Details relating to the type or aim of the analysis or the optimisation
    • G06F2119/02Reliability analysis or reliability optimisation; Failure analysis, e.g. worst case scenario performance, failure mode and effects analysis [FMEA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Geometry (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

The invention provides a system security analysis method based on a performance model, which comprises the following steps: step S1: constructing a system performance model, including modeling information collection, unit module performance modeling, system integration performance modeling and system performance observation index determination; step S2: constructing a system performance fault model, including layering a system, performing failure modeling of unit modules, performing coupling failure modeling and performing fault triggering modeling; and step S3: the safety analysis based on the system performance fault model comprises the steps of obtaining sensitive parameters output by the system, selecting fault states needing to be triggered, obtaining system failure time, failure distribution and failure sets of coupling action, and then carrying out safety analysis of system performance output by combining with a sampling algorithm. The invention solves the problems of inaccuracy and incompleteness of the traditional reliability modeling method; sensitive parameters and key failure modes causing system performance failure are accurately positioned in a graphical mode and a mathematical model mode.

Description

System security analysis method based on performance model
Technical Field
The invention belongs to the technical field of equipment safety, and particularly relates to a system safety analysis method based on a performance model.
Background
Safety is a common inherent attribute of equipment products, and must be synchronously designed and effectively fused with functional performance of the products. Safety is a task of fighting against danger, and designers need to find various defects, weak links and use risks of products through continuous analysis and adopt effective improvement and compensation measures to improve the safety level. With higher integration degree of equipment products and more complex design algorithms, the difficulty of safety analysis work is more and more increased. In actual system design, the final purpose is to control the system performance within a desired range, and the exceeding of the desired range causes the safety problem of the system.
The conventional safety design analysis method cannot perform parametric description on risks based on a model on one hand, and cannot analyze the influence of specific faults on system output design parameters on the other hand. If the risk analysis method is only used for combing the potential risks of the system, designers can comb the risk factors and influences according to the system architecture, the use environment and the like, but specific description cannot be provided for the system output effect caused by parameter change of specific faults, sensitive parameter change and the like, and the accuracy and integrity of safety analysis work cannot be guaranteed. Meanwhile, danger analysis work based on manual deduction cannot realize accurate positioning of key hardware fault modes causing system performance failure and accurate identification of sensitive parameters, and fault control measure design of finished products cannot be effectively carried out.
Therefore, a new system safety analysis method is needed to realize safety analysis of complex equipment products, and effectively solve the problems of system fault mode parameterization, complex fault influence relation, disjointed functional FMEA and hardware FMEA analysis and the like.
Disclosure of Invention
The invention provides a system safety analysis method based on a performance model, which is suitable for a safety graphical and mathematical modeling method of a complex system, can realize safety analysis based on the model, and identifies key fault modes and sensitive parameters so as to carry out safety research on the system.
The invention provides a system security analysis method based on a performance model, which comprises the following implementation steps:
step S1: constructing a system performance model;
the system performance design is parameterized description for representing specific functions of the system design, and a system performance model adopts a hierarchical modeling mode and specifically comprises the following steps:
s1.1, collecting modeling information, collecting related design information for system performance modeling based on a document or a model of a system performance design implementation process, and carding design and implementation of system performance parameters, wherein the design information mainly comprises: the performance index, logic architecture, control law, interface information, design parameters and performance of each element and typical failure mode information of the system;
s1.2, unit performance module modeling is carried out, the unit performance module carries out graph and mathematical model construction on the basis of module elements, the unit performance module is constructed according to design information, construction contents comprise unit input, unit output and functional relation among the input and the output, and the unit input is set to be x i ={x i1 ,x i2 ,…,x im Denotes, where x i Representing the input of the unit i, and m represents the number of input parameters; cell output by y i ={y i1 ,y i2 ,…,y in Denotes wherein y is i Representing the output of the unit i, and n represents the number of output parameters; then y is i =F i x i Represents the transfer relationship of the unit under normal performance, wherein F i Designing parameters for the performance of the unit module, wherein the parameters represent input and output transfer function relation parameters, and the unit performance module needs to be verified after modeling;
s1.3, modeling a system performance model, combining a system performance architecture and the input/output interface relation of the unit modules, performing associated modeling on system input/output to realize integration of the system performance model, finally forming the system performance model by combining the unit performance modules, and finally forming the system performance model by using y = { y } as system output 1 ,y 2 ,…,y i ,…,y g Represents, wherein g is the number of system outputs;
s1.4, determining a performance index capable of representing the performance of the system, wherein the performance index is used as a fault criterion of the system and is selected from system output y;
step S2: constructing a system performance fault model;
on the basis of a system performance model, the influence relation of a system on system output parameters under the conditions of fault occurrence and parameter cross-linking is completely described through the extended definition of corresponding parameters of a fault state, a trigger event and fault cross-linking parameters, and the model building of the system performance fault is realized, and the method specifically comprises the following steps:
s2.1, layering the system:
the system can be divided into three large levels of a system, a component and an element according to the structure, the component can be divided into a plurality of sub-component layers according to the requirement, and the element can be divided into a plurality of sub-component layers according to the requirement;
s2.2, failure modeling of the unit module:
the failure modeling of the unit module is that on the basis of the unit model, a fault logic model is built by combining the input, the output and the transmission mechanism of the unit module, and the fault logic model is preliminarily expressed by the following formula:
Figure BDA0002842517850000021
wherein, { x i1f ,x i2f ,…,x imf Denotes the input fault status of unit i, { y } i1f ,y i2f ,…,y inf Denoted by element i is the output fault state, F if Is directed to F i The characterization of the fault, which represents the parameter fault state of the transfer function, is obtained by analyzing the fault mechanism of the fault of the related design;
s2.3 modeling failures caused by coupling between components or parts:
system failure system performance caused by coupling degradation of performance parameters of components or parts exceeds a threshold; output coupling failure is embodied as y i =Gy l Wherein G is a failure coupling factor matrix;
s2.4, controlling fault triggering;
and step S3: safety analysis based on a system performance fault model;
s3.1, acquiring sensitive parameters output by the system:
on the basis of a system performance fault model, a performance design parameter F of a unit module i Setting step length and range, carrying out single parameter scanning simulation or parameter combination scanning simulation, and obtaining sensitive parameters with large influence on system output according to system output under different parameter values and system output change rate under the condition of parameter change;
s3.2 selecting the fault state to be triggered and sending it
Figure BDA0002842517850000031
Set to 1 or τ iqf τ corresponding to 1 iq When the fault state is 0, the triggering of the fault state is controlled, and single injection or combined injection of the fault state is carried out by configuring different fault state parameters to obtain the output performance parameters of the systemA range; based on a system performance fault model, combining with a simulation solver, selecting a fault state mode to be analyzed for triggering to obtain a system output range, and if the fault state mode is within a reasonable range, judging that the selected fault state does not cause the system output performance to fail; otherwise, judging that the system output performance is invalid;
s3.3, for a unit module fault mode which causes system failure along with time or use environment change, obtaining system failure time, and obtaining system failure distribution of unit module faults through a large number of sampling simulation calculations;
s3.4, for the fault mode combination of which the coupling action fails to cause the system output performance to fail, obtaining the failure distribution of the coupling action by changing the coupling related parameters and carrying out a large amount of sampling simulation;
and S3.5, integrating the failure mode combinations analyzed in the steps S3.2, S3.3 and S3.4 to obtain a failure set, and then carrying out safety analysis on system performance output by combining a sampling algorithm.
Preferably, the sampling algorithm in step S3.5 includes the following specific steps:
s3.5.1 defining performance index and threshold of observation simulation according to fault criterion of system;
s3.5.2 random sampling is carried out according to the fault time distribution of each element/assembly fault to obtain a group of element/assembly fault time sequences (t) 1 ,t 2 ……t n );
S3.5.3, if the failure mode is that the element/component performance fails and is independent, directly sampling the failure time of the failure mode; if the fault type is a gradual change mode, firstly performing fusion calculation on gradual change curves of all elements/components in a system performance model, then judging the random distribution of gradual change over-error time of the system performance according to a system fault criterion, and then performing random sampling;
s3.5.4 at the resulting time series of failures (t) 1 ,t 2 ……t n ) Taking out the shortest time point, wherein the shortest time point is a potential point for judging that system task failure possibly exists;
s3.5.5 determines that the time point is at the second timeA task unit; let the time point be t f Each time of the task is t m If the task number is less than t f /t m Maximum integer of (d) mod (t) f /t m );
S3.5.6 selects the time interval [ mod (t) f /t m )·t m ,(mod(t f /t m )+1)·t m ]All fault combinations that occur within;
s3.5.7 injecting all the fault combinations obtained in step S3.5.6 into a system performance model for simulation, and recording the time point and the task serial number if the key performance of the multi-state system is influenced;
s3.5.8 the next simulation run begins with the repair of the failed unit in the current task, with the time of the failure being resampled and the time of the non-failed unit being subtracted by the last sampling time (mod (t) f /t m )+1)·t m
S3.5.9 determining whether the sampling frequency has been reached, if not, repeating the process S3.5.3; if the specified sampling times are reached, the simulation is finished;
s3.5.10 calculating the normal probability of system performance output according to the recorded fault time point and number;
if the obtained system performance output normal probability does not meet the requirement, design improvement or compensation is required.
Preferably, in step S1.3, a coupling relationship exists in the input/output interface relationship of the unit module, specifically:
for the model with coupling of the input and output interfaces of the unit module, the coupling mechanism is combined, the coupling mechanism is expressed by using a modularization or programming language, if the output y of the ith unit is ih And the output y of the l unit lk There is a coupling effect as the jth cell input x js Then the coupling mechanism is:
x js =γ 1 y ih2 y lk
wherein, γ 1 And gamma 2 Is the coupling factor.
Preferably, in step S2.1, the failure of the unit module is specifically caused by the following reasons:
the failure of the unit module is generally caused by the failure of components or parts, and the failure of the components or parts is the condition that the physical structure of the components or parts changes or the performance level is unacceptable due to stress damage or accumulated damage along with the time of a product under a certain load condition; there are three basic types of component or part failures in a system: discrete two-state faults, discrete multi-state faults, continuous multi-state faults;
the discrete two-state fault is 0,1 fault, which is realized by adding input port fault state x on the basis of a performance model if Output port fault status y if Fault state of transmission variable F if Triggering a fault state; discrete multi-state faults are multiple variables for the input
Figure BDA0002842517850000041
The fault state of the output end is characterized as
Figure BDA0002842517850000042
The multi-state fault characteristic of the unit module is characterized in that
Figure BDA0002842517850000043
The continuous multi-state fault is the most common fault, and the fault is the most different from the first two faults in that the fault is continuous, namely gradual, and generally changes along with the change of the service time or the environment, and the fault state of the fault is characterized by the continuous multi-state fault at the input end
Figure BDA0002842517850000044
Wherein p is the number of fault states of the input port; the continuous multi-state fault characteristic of the output end is characterized in that
Figure BDA0002842517850000045
Figure BDA0002842517850000051
(r is an output port)Number of fault conditions) of the vehicle; the multi-state fault characteristic of the unit module is characterized as F (t, z) if (ii) a In the above formula, t is a time variable factor, z is a variable factor such as usage environment, F (t, z) if A description of the transfer state function over time and the environment is shown.
Preferably, the triggering control of the fault in step S2.4 is performed by adding a switch and combining with a visual module interface, and by controlling the switch module, the triggering of the fault state is controlled, generally, when the switch is defined as "0", the relevant fault is not triggered, and when the fault needs to be triggered, the corresponding switch is set as "1"; for input state, increase
Figure BDA0002842517850000052
Controlling the fault triggering; increase for output
Figure BDA0002842517850000053
Controlling the fault triggering; increase the transfer function, increase
Figure BDA0002842517850000054
Controlling the fault state of the design parameter F; wherein
Figure BDA0002842517850000055
The two states are 0 and 1, when the state is 0, the performance model is a normal performance model, when the state is 1, the performance model is switched to a fault state expression, and a software tool simulates parameters in a fault state mode.
Preferably, the triggering control of the fault in the step S2.4 is to perform control simulation on the fault and normal performance models through functions, establish the following equation for the state of the transfer function, and describe the equation by combining with a graphical modeling language and programmable logic;
Figure BDA0002842517850000056
wherein, tau iq And τ iqf Is normalThe control factors of the state and the fault state are generally set to 0 or 1 to perform corresponding fault state control.
Compared with the prior art, the invention has the following beneficial effects:
(1) The problem that the traditional safety cannot accurately describe the specific influence on the system output is solved;
(2) Clearly and visually displaying the fault state of the system in a graphical mode, and accurately expressing the fault transfer relation between different levels of the system in a mathematical model mode;
(3) And accurately positioning hardware fault design parameters causing the key functions of the system to fail, and guiding design improvement.
Drawings
FIG. 1 is a block diagram of the overall architecture of the performance model-based system security analysis method of the present invention;
FIG. 2 is a diagram of an example of a system constructed based on a performance fault model according to the present invention.
Detailed Description
In order to better understand the technical solution of the present invention, the following detailed description is made with reference to the accompanying drawings and examples. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The invention provides a system security analysis method based on performance. Firstly, defining and dividing a system appointed hierarchy, and defining a modeling object; then, taking the composition of different-level product architectures of the system as input, constructing an architecture graphical and parameterized model on the basis of modules, state parameters and signal transmission relation elements among the modules, and constructing a hierarchy mathematical model by using a mathematical expression with input x, output y and design variable F as variables; then, a fault state model is constructed by designing fault states, input/output port fault states and local fault parameter relations through a graphical and data variable expansion description module; and finally, forming a full-system fault state graphical and mathematical model based on the internal interactive relation and the mathematical expression of different levels of the system, and identifying a key fault mode and related design parameters which cause system-level performance output deviation.
The invention provides a system security analysis method based on performance, which comprises the following specific implementation steps as shown in figures 1 and 2:
step S1: constructing a system performance model;
the system performance design is a parameterized description for representing specific functions of system design realization, the system output usually has deviation in the system design process, and the system performance design is to ensure that the system output is within a reasonable deviation range. In this embodiment, a system performance model is constructed based on a modeling means that is graphical and editable in a Modelica language. The system performance model adopts a hierarchical modeling mode, and specifically comprises the following steps: modeling from the unit performance module to the system performance integration module, and finally realizing system performance model modeling. When one unit performance module completes modeling or a plurality of unit modules are combined into a system performance integration module, the completed module is checked immediately to avoid module errors or error accumulation in the modeling process. Finally, an index capable of representing the performance of the system is determined and used as a fault criterion of the system.
The system performance model construction specifically comprises the following steps:
s1.1, collecting modeling information, collecting related design information for system performance modeling based on a document or a model of a system performance design implementation process, and carding design and implementation of system performance parameters. The design information mainly includes: the system comprises design information such as performance indexes, logic architectures, control laws, interface information, design parameters and performance of each element, typical fault mode information and the like. Detailed description as shown in table 1, table 1 is a related design information table for system modeling and safety modeling analysis;
TABLE 1 modeling information Collection
Figure BDA0002842517850000061
Figure BDA0002842517850000071
S1.2, unit performance module modeling is carried out, the unit performance module carries out graph and mathematical model construction on the basis of module elements, the unit performance module is constructed according to design information, construction contents comprise unit input, unit output and functional relation among the input and the output, and the unit input is set to be x i ={x i1 ,x i2 ,…,x im Denotes wherein x i Representing the input of the unit i, and m represents the number of input parameters; cell output by y i ={y i1 ,y i2 ,…,y in Denotes wherein y is i Representing the output of unit i, n represents the number of output parameters; then y is i =F i x i Represents the transfer relationship of the unit under normal performance, wherein F i Design parameters for the performance of the unit modules, F i The specific content in (3) is obtained according to the design information in step S1.1, and the characteristic is the input-output transfer function relation parameter. The unit performance module needs to be verified after modeling. y is i =F i x i The detailed expression equation of (a) is as follows:
Figure BDA0002842517850000072
wherein,
Figure BDA0002842517850000073
s1.3, modeling of a system performance model, and performing associated modeling on input and output of the system by combining a system performance architecture and the input and output interface relation of unit modules to realize integration of the system performance model. The model with coupling exists for the input and output interfaces of the unit module, and the coupling mechanism is expressed by combining the coupling mechanism and utilizing a modularization or programming language. For example, if the output y of the ith cell ih And the output y of the l unit lk There is a coupling effect as the jth cell input x js Then the coupling mechanism is:
x js =γ 1 y ih2 y lk
wherein, γ 1 And gamma 2 The coupling factor is also obtained from the design information in step S1.1.
Finally forming a system performance model by combining the unit performance modules, wherein the system output is in a mode of y = { y = { (y) } 1 ,y 2 ,…,y i ,…,y g Represents, where g is the number of system outputs.
S1.4, determining a performance index capable of representing the performance of the system as a fault criterion of the system. And selecting the performance index from the system output y, selecting a specific output variable from the system-level output as an observed value according to a system performance logic architecture and a system performance output design parameter, and taking the ideal design output as a control range, namely the output fault criterion of the system.
Step S2: system performance fault model construction
On the basis of a system performance model, the influence relation of the system on the system output parameters under the conditions of fault occurrence and parameter cross-linking is completely described through the extended definition of the corresponding parameters of the fault state, the trigger event and the fault cross-linking parameters, and the model building of the system performance fault is realized.
The specific modeling process of the system performance fault model is as follows:
s2.1 layering the System
The system is an organic whole mostly composed of a plurality of subsystems which are related, interacted and mutually restricted, so that the fault transmission of the system has hierarchy, the system, the assembly (including equipment and functional modules) and the element (including components and parts) can be divided into three large layers according to the structure, the assembly can be divided into a plurality of sub-assembly layers according to the requirement, and the element can be divided into a plurality of sub-element layers according to the requirement.
S2.2 failure modeling of Unit modules
The failure modeling of the unit module is that on the basis of the unit model, a fault logic model is built by combining the input, the output and the transmission mechanism of the unit module, and the fault logic model can be preliminarily expressed by the following formula:
Figure BDA0002842517850000081
wherein, { x i1f ,x i2f ,…,x imf Denotes the input fault status of unit i, { y } i1f ,y i2f ,…,y inf Denotes the output failure state of cell i, F if Is directed to F i The characterization of the fault represents the parameter fault state of the transfer function, and is obtained by analyzing the fault mechanism of the fault of the related design:
Figure BDA0002842517850000082
the failure of a unit module is generally caused by the failure of components or parts, which is the condition that the physical structure of the components or parts changes or the performance level is not acceptable due to stress damage or accumulated damage as time goes on under certain load conditions of a product, such as vibration, temperature, humidity and stress. There are three basic types of component or part failures in a system: discrete two-state faults, discrete multi-state faults, continuous multi-state faults.
The discrete two-state fault is (0,1) fault, which is based on the performance model by adding the input port fault state x if Output port fault status y if Fault state of transmission variable F if And triggering of a fault condition is performed. Discrete multi-state faults are multiple variables for the input
Figure BDA0002842517850000091
The fault state of the output end is characterized as
Figure BDA0002842517850000092
The multi-state fault characteristic of the unit module is characterized in that
Figure BDA0002842517850000093
Continuous multi-state faults are the most common type of faults, and the faults of this type are most different from the first two types of faults in that the faults of this type are continuous, i.e., gradual, and generally change with the change of the service time or the environment, and the fault state of the faults is characterized by the continuous multi-state faults at the input end
Figure BDA0002842517850000094
Wherein p is the number of fault states of the input port; the characteristic of the continuous multi-state fault of the output end is characterized in that
Figure BDA0002842517850000095
Figure BDA0002842517850000096
r is the number of fault states of the output port; the multi-state fault characteristic of the unit module is characterized as F (t, z) if . In the above formula, t is a time variable factor, z is a variable factor such as usage environment, F (t, z) if A description of the transfer state function over time and the environment is shown.
Common failure modes for mechanical components/assemblies are given in table 2 below and common failure modes for electronic components/assemblies are given in table 3 below.
TABLE 2 common failure modes of mechanical elements/assemblies
Figure BDA0002842517850000097
TABLE 3 common failure modes of electronic components/assemblies
Figure BDA0002842517850000098
S2.3 modeling failure due to coupling between components or parts
System failure the system performance, coupled by the degradation of performance parameters of components or parts, exceeds a threshold. Failure mechanism analysis combined with system performance parametersThe cross-linking coupling relation among the numbers is used for building a parameter cross-linking function with a coupling failure state; output coupling failure is embodied as y i =Gy l Wherein G is a failure coupling factor, and the failure coupling factor is a matrix;
Figure BDA0002842517850000101
wherein n is i Is the output number of unit i, m l Is the output number of the unit l.
S2.4 Fault triggering control
The triggering control of the fault adopts two modes, one mode is that a ' switch is added, a visual module interface is combined for carrying out control, the ' switch ' module is controlled for triggering the fault state, generally, when the ' switch ' is defined as ' 0 ', the relevant fault is not triggered, and when the fault needs to be triggered, the corresponding ' switch ' is set as ' 1 '; for input state, increase
Figure BDA0002842517850000102
Controlling the fault triggering; increase for output
Figure BDA0002842517850000103
Controlling the fault triggering; increase the transfer function, increase
Figure BDA0002842517850000104
And controlling the fault state of the design parameter F. In the above-described manner of description,
Figure BDA0002842517850000105
Figure BDA0002842517850000106
the state is 0 and 1, when the state is 0, the normal performance model is obtained, when the state is 1, the fault state expression is switched, the software tool simulates the parameters in the fault state mode,
Figure BDA0002842517850000107
Figure BDA0002842517850000108
"switch" switches representing the inputs, outputs, and design parameters of cell i, respectively.
The other method is to control and simulate the fault and normal performance model through a function, establish the following equation aiming at the state of a transfer function, and describe the equation by combining a graphical modeling language and programmable logic;
Figure BDA0002842517850000109
wherein, tau iq And τ iqf The control factors of the normal state and the fault state are generally set to be "0" or "1" to perform corresponding fault state control.
And step S3: security analysis based on system performance fault model
S3.1 obtaining sensitive parameters output by the system
Designing parameters F for the performance of unit modules on the basis of a system performance fault model i Setting step length and range, carrying out single parameter scanning simulation or parameter combination scanning simulation, and obtaining sensitive parameters with large influence on system output according to system output under different parameter values and system output change rate under the condition of parameter change; the unit module which has a large influence on the system safety and the related design are obtained by identifying the sensitive parameters, in actual use, the sensitive parameters are observed by adding an observation point, and when the sensitive parameters exceed the preset design value, maintenance is carried out to improve the safety of the system use.
S3.2 selecting the fault state to be triggered and sending it
Figure BDA00028425178500001010
Set to 1 or set τ iqf τ corresponding to 1 iq When 0, the trigger of the fault state is controlled, andand performing single injection or combined injection of the fault state to obtain the range of the system output performance parameters after configuring different fault state parameters. Based on a system performance fault model, combining with a simulation solver, selecting a fault state mode to be analyzed for triggering to obtain a system output range, and if the fault state mode is within a reasonable range, judging that the selected fault state (group) cannot cause the output performance failure of the system; otherwise, judging that the system output performance is invalid; and (4) obtaining whether the system output is within a deviation range or not through fault injection, and judging as a minimum cut set when the system output exceeds a reasonable allowable range due to a single fault or a combined fault. In this embodiment, single fault injection and combined fault injection are performed in sequence, and a minimum cut set is determined until the system output performance fails due to the fault mode or the fault mode combination.
S3.3, for a unit module fault mode which causes system failure along with time or use environment change, obtaining system failure time, and obtaining system failure distribution of unit module faults through a large number of sampling simulation calculations;
and S3.4, for the fault mode combination of which the coupling action fails to cause the system output performance to fail, obtaining the failure distribution of the coupling action by changing the coupling related parameters and carrying out a large amount of sampling simulation.
And S3.5, integrating the failure mode combinations analyzed in the steps S3.2, S3.3 and S3.4 to obtain a failure set, and then, combining a sampling algorithm to perform safety analysis on system performance.
The detailed implementation of step S3.5 is as follows:
s3.5.1 defines the performance index and threshold of the observation simulation based on the fault criteria of the system.
S3.5.2 random sampling is carried out according to the fault time distribution of each element/assembly fault to obtain a group of element/assembly fault time sequences (t) 1 ,t 2 ……t n )。
S3.5.3 if the failure mode is element/component performance failure and is independent, the failure time of the failure mode can be directly sampled; if the fault type is a gradual change mode, the gradual change curves of all elements/components are firstly subjected to fusion calculation in a system performance model, wherein the system fault is probably caused by considering the aggregation effect of gradual change intermediate states, and then the random distribution of the gradual change over-error time of the system performance is judged according to a system fault criterion, and then random sampling is carried out.
S3.5.4 at the resulting time series of failures (t) 1 ,t 2 ……t n ) And taking out the shortest time, wherein the time point is a potential point for judging that the system task is possibly failed.
S3.5.5 determines that this time point is in the task unit of the second time. Assume that the time point is t f Each time of the task is t m If the task number is less than t f /t m Maximum integer of (d) mod (t) f /t m )。
S3.5.6 selects a time interval [ mod (t) f /t m )·t m ,(mod(t f /t m )+1)·t m ]All failures occurring within are combined.
S3.5.7 injects all the fault combinations obtained in S3.5.6 into the system performance model for simulation, and if the key performance of the multi-state system is affected, the time point and the task sequence number are recorded.
S3.5.8 the next simulation run begins with the repair of the failed unit in the current task, with the time of the failure being resampled and the time of the non-failed unit being subtracted by the last sampling time (mod (t) f /t m )+1)·t m
S3.5.9 determining whether the sampling frequency has been reached, if not, repeating S3.5.3; if the specified sampling times are reached, the simulation is ended.
S3.5.10 calculates the system performance output normal probability according to the recorded fault time point and number.
If the obtained system performance output normal probability does not meet the requirement, design improvement or use compensation and the like are required. And feeding the minimum cut set back to a designer according to the obtained minimum cut set which causes the system output value to exceed the allowable safety value range, and performing parameter adjustment, redundancy design and the like by the designer to increase the number of fault modes in the minimum cut set so as to reduce single-point faults of the system or common cause faults causing system output failure. The use of compensation mainly includes the following aspects:
(1) for continuous faults changing along with time, unacceptable system output is found through simulation, corresponding service time is obtained through analysis, and in actual use, regular maintenance is carried out to avoid safety problems caused by the faults;
(2) for discrete multi-state faults, the fault state is observed by setting a state observation point, unacceptable values output by a system are analyzed, and measures such as unit module replacement or maintenance are carried out according to the fault observation values.
Moreover, FIG. 2 is a schematic diagram of an exemplary system constructed based on a performance fault model of the present invention, wherein
Figure BDA0002842517850000121
Respectively, output performance parameters 5 of the subsystem B and 4 of the subsystem A;
Figure BDA0002842517850000122
as a parameter
Figure BDA0002842517850000123
And
Figure BDA0002842517850000124
the failure coupling factor of (a);
Figure BDA0002842517850000125
Figure BDA0002842517850000126
output performance parameter 7 and output performance parameter 8 of subsystem C,
Figure BDA0002842517850000127
is the failure coupling factor between the output performance parameter 7 and the output performance parameter 8. From this example, it can also be seen that the innovation of the present invention is to visually and clearly display the system fault in a graphical, editable mannerAnd the state parameter relationship accurately expresses the fault parameter transfer relationship among different layers of the system in a mathematical model mode and is used for solving the key fault mode and sensitive design parameters which influence the performance parameter deviation of the system.
Finally, it should be noted that: the above-mentioned embodiments are only used for illustrating the technical solution of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (6)

1. A system security analysis method based on a performance model is characterized by comprising the following steps:
step S1: constructing a system performance model;
the system performance design is parameterized description for representing specific functions of the system design, and a system performance model adopts a hierarchical modeling mode and specifically comprises the following steps:
s1.1, collecting modeling information, collecting related design information for system performance modeling based on a document or a model of a system performance design implementation process, and carding design and implementation of system performance parameters, wherein the design information mainly comprises: the performance index, the logic architecture, the control law, the interface information, the design parameters and the performance of each element and typical fault mode information of the system;
s1.2, unit performance module modeling is carried out, the unit performance module carries out graph and mathematical model construction on the basis of module elements, the unit performance module is constructed according to design information, construction contents comprise unit input, unit output and functional relation among the input and the output, and the unit input is set to be x i ={x i1 ,x i2 ,…,x im Denotes, where x i Representing the input of the unit i, and m represents the number of input parameters; cell output by y i ={y i1 ,y i2 ,…,y in Denotes wherein y i Representing the output of the unit i, and n represents the number of output parameters; then y is i =F i x i Representing the transfer relationship of the unit under normal performance, wherein F i Designing parameters for the performance of the unit module, wherein the parameters represent input and output transfer function relation parameters, and the unit performance module needs to be verified after modeling;
s1.3, modeling a system performance model, combining a system performance architecture and the input/output interface relation of the unit modules, performing associated modeling on system input and output to realize integration of the system performance model, finally forming the system performance model by combining the unit performance modules, and finally forming the system output in the form of y = { y = 1 ,y 2 ,…,y i ,…,y g Represents, wherein g is the number of system outputs;
s1.4, determining a performance index capable of representing the performance of the system, wherein the performance index is used as a fault criterion of the system and is selected from system output y;
step S2: constructing a system performance fault model;
on the basis of a system performance model, the influence relation of a system on system output parameters under the conditions of fault occurrence and parameter cross-linking is completely described through the extended definition of corresponding parameters of a fault state, a trigger event and fault cross-linking parameters, and the model building of the system performance fault is realized, and the method specifically comprises the following steps:
s2.1, layering the system:
the system can be divided into three large levels of a system, a component and an element according to the structure, the component can be divided into a plurality of sub-component layers according to the requirement, and the element can be divided into a plurality of sub-component layers according to the requirement;
s2.2, failure modeling of the unit module:
the failure modeling of the unit module is that a fault logic model is built by combining the input, the output and the transmission mechanism of the unit module on the basis of the unit model, and the fault logic model is expressed by the following formula:
Figure FDA0002842517840000021
wherein, { x i1f ,x i2f ,…,x imf Denotes the input fault status of unit i, { y } i1f ,y i2f ,…,y inf Denoted by element i is the output fault state, F if Is directed to F i The characterization of the fault, which represents the parameter fault state of the transfer function, is obtained by analyzing the fault mechanism of the fault of the related design;
s2.3 modeling failures caused by coupling between components or parts:
system failure system performance caused by coupling degradation of performance parameters of components or parts exceeds a threshold; output coupling failure is embodied as y i =Gy l Wherein G is the failure coupling factor;
s2.4, controlling fault triggering;
and step S3: safety analysis based on a system performance fault model;
s3.1, acquiring sensitive parameters output by the system:
on the basis of a system performance fault model, a performance design parameter F of a unit module i Setting step length and range, carrying out single parameter scanning simulation or parameter combination scanning simulation, and obtaining sensitive parameters with large influence on system output according to system output under different parameter values and system output change rate under the condition of parameter change;
s3.2 selecting the fault state to be triggered and sending it
Figure FDA0002842517840000022
Set to 1 or τ iqf τ corresponding to 1 iq When the fault state is 0, controlling the triggering of the fault state, and performing single injection or combined injection of the fault state by configuring different fault state parameters to obtain the range of the output performance parameters of the system; selecting a fault state mode to be analyzed for triggering based on a system performance fault model and combining a simulation solver to obtain a system output range, and if the fault state mode is within a reasonable range, judging that the fault state mode is within the reasonable rangeThe selected fault condition does not cause system output performance to fail; otherwise, judging that the system output performance is invalid;
s3.3, for a unit module fault mode which causes system failure along with time or use environment change, obtaining system failure time, and obtaining system failure distribution of unit module faults through a large number of sampling simulation calculations;
s3.4, for the fault mode combination of which the coupling action fails to cause the system output performance to fail, obtaining the failure distribution of the coupling action by changing the coupling related parameters and carrying out a large amount of sampling simulation;
and S3.5, integrating the failure mode combinations analyzed in the steps S3.2, S3.3 and S3.4 to obtain a failure set, and then combining a sampling algorithm to realize the safety analysis of the system.
2. The performance model-based system security analysis method of claim 1, wherein: the sampling algorithm in step S3.5 specifically comprises the following steps:
s3.5.1 defining performance index and threshold of observation simulation according to fault criterion of system;
s3.5.2 random sampling is carried out according to the fault time distribution of each element/assembly fault to obtain a group of element/assembly fault time sequences (t) 1 ,t 2 ......t n );
S3.5.3 if the failure mode is element/component performance failure and is independent, directly sampling the failure time of the failure mode; if the fault type is a gradual change mode, firstly performing fusion calculation on gradual change curves of all elements/components in a system performance model, then judging the random distribution of gradual change over-error time of the system performance according to a system fault criterion, and then performing random sampling;
s3.5.4 at the resulting time series of failures (t) 1 ,t 2 ......t n ) Taking out the shortest time point, wherein the shortest time point is a potential point for judging that system task failure possibly exists;
s3.5.5 determining that the time point is in the task unit of the second time; let the time point be t f Each time of the taskIs t m If the task number is less than t f /t m Maximum integer of (d) mod (t) f /t m );
S3.5.6 selects a time interval [ mod (t) f /t m )·t m ,(mod(t f /t m )+1)·t m ]All fault combinations that occur within;
s3.5.7 injecting all the fault combinations obtained in step S3.5.6 into a system performance model for simulation, and recording the time point and the task serial number if the key performance of the multi-state system is influenced;
s3.5.8 treats the failed unit of this task as a repair, and starts the next round of simulation, the failure occurrence time is sampled again, and the failed unit is subtracted by the last sampling time (mod (t) f /t m )+1)·t m
S3.5.9 determining whether the sampling frequency has been reached, if not, repeating step S3.5.3; if the specified sampling times are reached, the simulation is finished;
s3.5.10 calculating the normal probability of system performance output according to the recorded fault time point and number;
if the obtained system performance output normal probability does not meet the requirement, design improvement or compensation is required.
3. The performance model-based system security analysis method of claim 1, wherein: in the step S1.3, there is a coupling relationship in the input/output interface relationship of the unit module, specifically:
for the model with coupled input and output interfaces of the unit module, combining the coupling mechanism and expressing the coupling mechanism by using a modularization or programming language, if the output y of the ith unit is ih And the output y of the l unit lk There is a coupling effect as the jth cell input x js Then the coupling mechanism is:
x js =γ 1 y ih2 y lk
wherein, γ 1 And gamma 2 Is the coupling factor.
4. The performance model-based system security analysis method of claim 1, wherein: in step S2.1, the specific reasons for the failure of the unit module are as follows:
the failure of the unit module is generally caused by the failure of components or parts, and the failure of the components or parts is the condition that the physical structure of the components or parts changes or the performance level is unacceptable due to stress damage or accumulated damage along with the time of a product under a certain load condition; there are three basic types of component or part failure in a system: discrete two-state faults, discrete multi-state faults, continuous multi-state faults;
the discrete two-state fault is 0,1 fault, which is realized by adding input port fault state x on the basis of a performance model if Output port fault status y if Fault state of transmission variable F if Triggering a fault state; discrete multi-state faults are multiple variables for the input
Figure FDA0002842517840000041
The fault state of the output end is characterized as
Figure FDA0002842517840000042
The multi-state fault characteristic of the unit module is characterized in that
Figure FDA0002842517840000043
Continuous multi-state faults are the most common type of faults, and the faults of this type are most different from the first two types of faults in that the faults of this type are continuous, i.e., gradual, and generally change with the change of the service time or the environment, and the fault state of the faults is characterized by the continuous multi-state faults at the input end
Figure FDA0002842517840000044
Wherein p is the number of fault states of the input port; the characteristic of the continuous multi-state fault of the output end is characterized in that
Figure FDA0002842517840000045
Figure FDA0002842517840000046
(r is the number of fault states at the output port); the multi-state fault characteristic of the unit module is characterized as F (t, z) if (ii) a In the above formula, t is a time variable factor, z is a variable factor such as usage environment, F (t, z) if The representation is a description of the transfer state function over time and the environment.
5. The performance model-based system security analysis method of claim 1, wherein: the step 52.4 of triggering control of the fault is performed by adding a switch, combining with a visual module interface, and controlling the switch module to control the triggering of the fault state, generally, when the switch is defined as "0", the relevant fault is not triggered, and when the fault needs to be triggered, the corresponding switch is set as "1"; for input state, increase
Figure FDA0002842517840000047
Controlling the fault triggering; increase for output
Figure FDA0002842517840000048
Controlling the fault triggering; increase the transfer function, increase
Figure FDA0002842517840000049
Controlling the fault state of the design parameter F; wherein
Figure FDA00028425178400000410
The two states are 0 and 1, when the state is 0, the performance model is a normal performance model, when the state is 1, the performance model is switched into a fault state expression, and a software tool simulates parameters in the fault state mode.
6. The performance model-based system security analysis method of claim 1, wherein: s2.4, the triggering control of the fault is to control and simulate the fault and normal performance models through functions, establish the following equation aiming at the state of a transfer function and describe the equation by combining a graphical modeling language and programmable logic;
Figure FDA0002842517840000051
wherein, tau iq And τ iqf The control factors of the normal state and the fault state are generally set to 0 or 1 to perform corresponding fault state control.
CN202011497169.4A 2020-12-17 2020-12-17 System security analysis method based on performance model Active CN112560268B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011497169.4A CN112560268B (en) 2020-12-17 2020-12-17 System security analysis method based on performance model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011497169.4A CN112560268B (en) 2020-12-17 2020-12-17 System security analysis method based on performance model

Publications (2)

Publication Number Publication Date
CN112560268A CN112560268A (en) 2021-03-26
CN112560268B true CN112560268B (en) 2022-12-09

Family

ID=75063113

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011497169.4A Active CN112560268B (en) 2020-12-17 2020-12-17 System security analysis method based on performance model

Country Status (1)

Country Link
CN (1) CN112560268B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114970188B (en) * 2022-06-10 2024-08-13 南京航空航天大学 A safety analysis method for aircraft systems based on dynamics model
CN115270425B (en) * 2022-07-08 2023-05-23 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Processing method and device for fault characteristic mapping relation between logic model and physical model
CN116976134B (en) * 2023-08-09 2025-08-19 中国航空综合技术研究所 System testability analysis method based on performance model

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015143750A1 (en) * 2014-03-27 2015-10-01 北京交通大学 Fault logic modeling method for high-speed railway train operation control vehicular system
CN108229049A (en) * 2018-01-17 2018-06-29 中国航空综合技术研究所 The method that multistate system mission reliability modeling is carried out based on performance model
CN111639436A (en) * 2020-06-04 2020-09-08 中国航空综合技术研究所 System fault propagation model modeling method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015143750A1 (en) * 2014-03-27 2015-10-01 北京交通大学 Fault logic modeling method for high-speed railway train operation control vehicular system
CN108229049A (en) * 2018-01-17 2018-06-29 中国航空综合技术研究所 The method that multistate system mission reliability modeling is carried out based on performance model
CN111639436A (en) * 2020-06-04 2020-09-08 中国航空综合技术研究所 System fault propagation model modeling method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于航电系统架构模型的安全性分析工具的设计与实现;徐文华等;《计算机科学》;20161115;全文 *

Also Published As

Publication number Publication date
CN112560268A (en) 2021-03-26

Similar Documents

Publication Publication Date Title
CN112560268B (en) System security analysis method based on performance model
US20240184940A1 (en) Digital twin data model driven high-performance virtual simulation method and system
CN110991036B (en) Spacecraft attitude and orbit control system fault case library construction system and construction method
CN114743703B (en) Reliability analysis method, device, equipment and storage medium for nuclear power plant units
US20120180027A1 (en) Software verification system and method, and computer-readable medium for use with the method
US20230095827A1 (en) Systems and methods for modeling a manufacturing assembly line
CN104298843A (en) Complex mechanism dynamic cascading reliability modeling method based on colored stochastic Petri network
Yang et al. Online application of a risk management system for risk assessment and monitoring at NPPs
CN105320805B (en) A kind of skin satellite multi-source reliability information fusion method
CN112668210A (en) Fault tree-based aircraft complex system task reliability modeling prediction method
CN118761005A (en) Fault diagnosis method, device and computer equipment based on digital twin
Kaalen et al. Tool-supported dependability analysis of Semi-Markov processes with application to autonomous driving
Pham System reliability concepts
CN114510469B (en) Power system bad data identification method, device, equipment and medium
Poll et al. Evaluation, selection, and application of model-based diagnosis tools and approaches
CN112070335B (en) A method and system for evaluating the availability of planned outages of nuclear power plants
CN118446019B (en) Trusted evaluation method, system, equipment and medium for digital twin evolution process
Feng et al. Reliability evaluation for distribution system based on probabilistic model checking
Shin et al. Improvement of the reliability graph with general gates to analyze the reliability of dynamic systems that have various operation modes
CN109738717B (en) Method and system for sampling verification of smart substation equipment based on continuity variance
CN106372420A (en) Evaluation method for data uncertainty in reliability analysis
CN121329388B (en) Digital twinning-based aircraft component residual life prediction and maintenance decision method
CN119202556A (en) A method, system, device and medium for processing missing data
Byeon et al. Reliability analysis of power substation with common cause failure
CN119378484B (en) Method for constructing digital twin model of electronic component reliability and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant