基于STPA-BN的真北导航过渡风险评估模型

doi:10.16265/j.cnki.issn1003-3033.2026.05.0952

摘要/Abstract

摘要：

随着全球民航导航系统向以真北为基准的导航方式转型,为量化识别与有效控制导航基准转换所引发的系统性风险,提出一种融合系统理论过程分析(STPA)与模糊贝叶斯网络(FBN)的动态风险评估模型,用于支持真北导航过渡过程中的多源不确定性风险识别与演化分析,构建包含“战略-区域-组织-设备”4层次的控制结构,系统识别7类系统级危险与12项不安全控制行为(UCA),并通过模糊集方法处理专家认知的不确定性,结合Leaky Noisy-or门逻辑建立贝叶斯网络(BN),进一步扩展为动态贝叶斯网络(DBN)模拟5阶段(t₀~t₀+28年)风险演化过程。结果表明:技术适配滞后与政策协同不足是初期主要风险驱动因素(如空域冲突概率达0.852),但通过分阶段推进技术升级、政策协调与冗余设计,关键风险在t₀+28年可降低至0.01以下。研究提出融合“阶段达标-资金拨付”政策联动机制、基于机型寿命分级的技术迭代路径以及“惯导 + 低轨卫星”双冗余人工智能(AI)治理体系的原创策略,以系统性解决真北过渡中的政策延迟、设备代际冲突及运行风险问题。

关键词: 系统理论过程分析(STPA), 模糊贝叶斯网络(FBN), 真北导航, 风险评估, 不安全控制行为(UCA), 过渡过程, 风险缓解

Abstract:

With the global transition of civil aviation navigation systems from magnetic north to true north reference, a dynamic risk assessment model integrating STPA and FBN was proposed to quantify, identify, and effectively control systemic risks induced by the navigation reference transition. A four-level control structure-covering strategic, regional, organizational, and equipment layers-was established to identify seven categories of system-level hazards and twelve types of unsafe control actions. Expert uncertainty was quantified via fuzzy sets, and a Bayesian network (BN) was constructed using the Leaky Noisy-or Gate model. Furthermore, a dynamic Bayesian network (DBN) was developed to simulate risk evolution across five phases (t₀ to t₀+28 years). The results show that technological lag and insufficient policy coordination are the major risk drivers in the early stage (e.g., airspace conflict probability up to 0.852). However, through phased implementation of technology upgrades, policy alignment, and redundancy design, key risks can be reduced to below 0.01 by t₀+28. This study proposes an original strategy integrating the 'phased compliance-fund disbursement' policy linkage mechanism, aircraft service life-based technical iteration path, and the 'inertial navigation + low-orbit satellite' dual-redundancy artificial intelligence (AI) governance system, to systematically resolve policy delays, intergenerational equipment conflicts and operational risks in the true north transition.

Key words: system-theoretic process analysis(STPA), fuzzy Bayesian network(FBN), true north navigation, risk assessment, unsafe control action(UCA), transition process, risk mitigation

中图分类号:

X949

任杰, 曲仕茹, 王莉莉, 韩元松, 孙志远. 基于STPA-BN的真北导航过渡风险评估模型[J]. 中国安全科学学报, 2026, 36(5): 165-173.

Ren Jie, Qu Shiru, Wang Lili, Han Yuansong, Sun Zhiyuan. Risk assessment model for true north transition in aviation based on STPA-BN[J]. China Safety Science Journal, 2026, 36(5): 165-173.

图/表 12

图1

表1

表2

图2

表3

表4

表5

表6

表7

表8

表9

表10

参考文献 16

[1]	Pleter O T, Constantinescu C E. Study on the transition to true north in air navigation[J]. Aerospace, 2023, 10(11):DOI:10.3390/aerospace10110912.
[2]	International Coordinate Council of Aerospace Industries Associations. ICCAIA true north whitepaper v.1.1: true north ICCAIA Ad-hoc group white paper v1. 1[R/OL]. (2023-11-20). https://iccaia.org/wp-content/uploads/2023/11/True-North-ICCAIA-White-Paper-v1.1-20Nov2023.pdf.
[3]	ICAO/ANB/OPS. Survey report survey on moving from a magnetic to a true north reference system for heading and tracking in aviation operations[R/OL]. (2023-11-20). https://www.navnin.nl/new/wp-content/uploads/2023/07/True-north-survey_AHRTAG_V1.pdf.
[4]	Abdulkhaleq A, Wagner S, Leveson N. A comprehensive safety engineering approach for software-intensive systems based on STPA[J]. Procedia Engineering, 2015, 128:2-11. doi: 10.1016/j.proeng.2015.11.498
[5]	Krauss S S, Rejzek M, Hilbes C. Tool qualification considerations for tools supporting STPA[J]. Procedia Engineering, 2015, 128:15-24. doi: 10.1016/j.proeng.2015.11.500
[6]	Sahay R, Estay D A S, Meng W, et al. A comparative risk analysis on CyberShip system with STPA-Sec, STRIDE and CORAS[J]. Computers & Security, 2023,128:DOI:10.1016/j.cose.2023.103179.
[7]	Basnet S, Bahootoroody A, Montewka J, et al. Selecting cost-effective risk control option for advanced maritime operations; integration of STPA-BN-Influence diagram[J]. Ocean Engineering, 2023,280:DOI:10.1016/j.oceaneng.2023.114631.
[8]	张子昂, 张晓全. 基于STPA 和模糊贝叶斯网络的大型无人驾驶航空器运行风险分析[J]. 航空工程进展, 2026, 17(1):72-80, 89.
	Zhang Zi'ang, Zhang Xiaoquan. Operational risk analysis of large unmanned aerial vehicles based on STPA and fuzzy Bayesian network[J]. Advances in Aeronautical Science and Engineering, 2026, 17(1):72-80, 89.
[9]	王洁宁, 李保燊, 冀姗姗. 基于STPA和模糊BN的AIDC移交人误研究[J]. 中国安全科学学报, 2019, 29(9): 27-35. doi: 10.16265/j.cnki.issn1003-3033.2019.09.005
	Wang Jiening, Li Baoshen, Ji Shanshan. Study on human error in AIDC transfer based on STPA and fuzzy BN[J]. China Safety Science Journal, 2019, 29(9): 27-35. doi: 10.16265/j.cnki.issn1003-3033.2019.09.005
[10]	席永涛, 刘鹏杰, 胡甚平, 等. 基于STPA和FTPN的海上自主水面船舶航行实时风险评估[J]. 中国安全科学学报, 2024, 34(8):18-26. doi: 10.16265/j.cnki.issn1003-3033.2024.08.1290
	Xi Yongtao, Liu Pengjie, Hu Shenping, et al. Real-time risk assessment for maritime autonomous surface ships based on STPA and FTPN[J]. China Safety Science Journal, 2024, 34(8): 18-26. doi: 10.16265/j.cnki.issn1003-3033.2024.08.1290
[11]	Li Wei, Chen Weijiong, Hu Shenping, et al. Risk evolution model of marine traffic via STPA method and MC simulation: a case of MASS along coastal setting[J]. Ocean Engineering, 2023,281:DOI:10.1016/j.oceaneng.2023.114673.
[12]	Lu Xin, Zeng Shengkui, Guo Jianbin, et al. An integrated method of extended STPA and BN for safety assessment of man-machine phased-mission system[J]. Reliability engineering & system safety, 2025,253:DOI:10.1016/j.ress.2024.110569.
[13]	张玉磊, 朱德米. 重大决策社会稳定风险评估中的利益相关者参与:行动逻辑与模式构建[J]. 上海行政学院学报, 2018, 19(5):70-81.
	Zhang Yulei, Zhu Demi. The stakeholder participation of major policy social stability risk assessment: action logic and pattern construction[J]. The Journal of Shanghai Administration Institute, 2018, 19(5):70-81.
[14]	门茂林, 王智, 薛慧艳, 等. 真北定向测量方法及其对比分析[J]. 城市勘测, 2018(5):135-137.
	Men Maolin, Wang Zhi, Xue Huiyan, et al. Analysis and comparison of true north orientation measurement[J]. Urban Geotechnical Investigation & Surveying, 2018 (5):135-137.
[15]	Thomas J, Suo Dajiang. STPA-based method to identify and control feature interactions in large complex systems[J]. Procedia Engineering, 2015, 128:12-14. doi: 10.1016/j.proeng.2015.11.499
[16]	Zhang Jixin, Zhang Shihao, Liang Zhengwei, et al. A risk assessment method based on DEMATEL-STPA and its application in safety risk evaluation of hydrogen refueling stations[J]. International Journal of Hydrogen Energy, 2024, 50:889-902. doi: 10.1016/j.ijhydene.2023.07.250

编号	危险类别	危险描述	严重性等级
H-1	政策协同风险	各国过渡政策不统一	3级
H-2	技术适配风险	老旧设备无法支持真北运行	2级
H-3	空管混合运行风险	磁/真双基准指令混乱	3级
H-4	数据断层风险	导航数据库更新周期差异	2级
H-5	经济超支风险	设备改造成本超标	2级
H-6	人为失误风险	飞行员误读航图	2级
H-7	环境干扰风险	GNSS信号受太阳耀斑干扰	3级

控制行为	UCA类型	不安全场景	触发条件	关联危险
政策制定滞后	未提供	缺乏实施细则,无法启动设备/ 系统设计改造	政策协调效率<50%	H-1
改装方案不兼容	错误提供	硬件冲突,设备运行不稳定	未纳入老旧机型替换协议	H-2
提前进入真北运行	时机错误	混合运行未验证,空管指令解读混乱	空管培训覆盖率<80%,技术验证不足	H-3
数据维护延迟	持续时间不当	导航数据库过期,航图与运行不一致	数据提供商资源调配不足	H-4
缺乏改造补贴	未提供	企业因成本过高推迟改造计划	财政预算未设专项资金	H-5
导航设施校准误差	参数错误	误差超限,影响运行精度	校准工具缺失或培训不足	H-2/H-6
备份激活失败	持续时间不当	GNSS失效未能及时激活惯导备份	应急程序机制缺失,测试覆盖不足	H-7

节点名称	对应UCA类型	关联危险
政策延迟P	未提供(政策制定滞后)	H-1
技术滞后T	错误提供(设备改装不兼容)	H-2
培训不足H	时机顺序错误(提前进入真北运行)	H-3
数据维护延迟M	持续时间不当 (数据维护延迟)	H-4
经济补贴缺失E	未提供 (经济补贴缺失)	H-5
操作校准偏差K	参数错误 (操作校准偏差)	H-2/H-6
备份激活延迟B	持续时间不当 (备份系统激活延迟)	H-7

节点名称	风险传播路径	新增关联UCA
政策协同失效C₁	P+E	未提供类UCA双重影响
技术适配失败C₂	T+K	错误提供+参数错误类UCA叠加
空管负荷过载C₃	H+P	时机顺序错误+未提供类UCA关联
数据同步异常C₄	M+T	持续时间不当+错误提供类UCA耦合
改造计划推迟C₅	E+P	未提供类UCA联合影响
人为操作失误C₆	K+ H	参数错误+时机顺序错误类UCA交织
应急响应失效C₇	B+M	持续时间不当类UCA 叠加影响

节点名称	核心触发路径	关联危险组合	严重性等级
空域冲突S	C₃+C₂	H-2+H-3	3级(高)
通信中断I	C₄+C₇	H-4+H-7	2级(中)
航班延误F	C₅+C₄	H-4+H-5	1级(低)
导航偏移N	C₆+C₂	H-2+H-6	2级(中)