Conference Paper

Model-Based Systems Engineering for AI-Based Systems

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In recent years, there has been significant progress in Artificial Intelligence (AI), leading to an increasing interest for integration of AI-based functions into newly developed systems. AI promises several benefits, amongst others, beyond the state-of-the-art functions and performance. However, the use of AI-techniques also introduces new challenges regarding safety and security of systems and their certification. These challenges mostly originate from the "black box nature" of complex AI algorithms. To tackle the challenges, safety of the AI-based systems has to be addressed throughout the entire development and life cycle of the system. The adaption of existing methods to the development of AI-based systems is necessary. An established method for the development of complex systems is Model-Based Systems Engineering (MBSE), which offers several advantages for the systems engineering process. In this paper three application examples of how MBSE can support the engineering process of AI-based systems are presented using an application use case: An AI-based threat localization system. First, a systematic development framework is used to design and model the AI-based system. Second, it is demonstrated how safety analysis can be integrated into a model of the system to identify potentially hazardous scenarios, which could arise, for example, due to erroneous predictions by an AI. For the analysis, an approach called Model-Based STPA is utilized which is based on the System-Theoretic Process Analysis. Third, it is demonstrated how MBSE can help in performing scenario-based safety assessment. From the operational domain model, executable configurations are generated to run scenario-based test cases.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Logical scenarios refer to a parameter space that simulates real situations and enables the assessment of the system-under-test. Applying a scientific approach to adapt an ODD definition from the automotive sector to the aviation domain remains a subject for ongoing research [9][10][11][12]. According to EASA, the Concept of Operations (ConOps) and ODDs are interlinked and are both part of the safety-assuring process. ...
... This poses challenges for engineers, setting up an adequate process ensuring full coverage of the ODD to ensure the safety of the system-under-test. Based on previous work [13] and other related works [10][11][12], an engineering framework is proposed, aiming to create a methodical structure for this process. By using simulation-based testing, a way to verify ODD coverage and the fulfillment of requirements from the ConOps description is shown. ...
... Other domains, such as the shipping industry [18] and the rail industry [19] increasingly adopt the concept of ODDs. Also, in the field of aviation, the application of an ODD is investigated [10][11][12][13]. According to other works [20], ODDs are especially helpful in the following tasks: ...
Article
Full-text available
Applications based on artificial intelligence (AI) promise benefits, ranging from improved performance to increased capabilities in many industries. In the aviation domain, one example is the new Airborne Collision Avoidance System (ACAS X). The current investigation aims at combining ACAS X and AI to maintain its performance while decreasing the memory footprint. However, the anticipation of AI being increasingly used confronts regulators with challenges in terms of safety assurance and certification. Consequently, the European Union Aviation Safety Agency (EASA) published a concept paper for machine learning applications in aviation. Both, the Concept of Operation (ConOps) in combination with an Operational Design Domain (ODD), are listed as objectives to be met for the safety analysis. From a developer’s perspective, this raises questions on how to effectively derive the ODD from ConOps and test the given system based on the ODD description. Based on an exemplary use case of a Near Mid-Air Collision avoidance between two aircraft through the advisories of ACAS X, a highly automated framework for generating and testing synthetic data is proposed. Using this framework, 1800 Near Mid-Air Collision scenario files are created and automatically executed in the simulation environment FlightGear. Scenario-based testing is used for the logging of ACAS X advisory data and evaluating it against predefined requirements. By this approach, an efficient way of verifying system requirements and conducting automated testing based on the ODD definition is demonstrated. Throughout this process, Model-Based Systems Engineering (MBSE) is used to reduce and manage complexity. The framework in this paper enables a systematic and highly automated approach for scenario generation based on the ODD.
... Besides the integration of multicore processors [8], versatile application interfaces [9] and functionalities such as Graphics Processing Units (GPUs) for advanced flight assistance will be implemented on a homogeneous platform. Integration of these additional functionalities supports the development of more elaborate and complex functions such as automated collision avoidance or autonomous flight [10,11]. However, these developments also come with increased system complexity, and challenges with reliability, certifiability, and safety. ...
... With the advance of technology, processing units with superior performance and processing power are required. One example is the use of machine learning applications for object detection in aircraft, as described in [11]. GPUs with their strong parallel computation capabilities greatly outperform CPUs concerning tasks which involve a large number of simple calculations, such as graphics processing [41,42]. ...
Conference Paper
Towards the end of the 20th century, the aviation industry started to adopt the Integrated Modular Avionics (IMA) architecture. It describes an airborne system with a unified design and standardized components. This allows application software to be used on various hardware modules that share common features. The previously established federated avionics architecture, which describes the self-containment of avionics functions as Line-Replaceable-Units, would therefore gradually become obsolete. A major advancement of IMA is its computing paradigm. With the allocation of multiple functions to single processing units, IMA systems show a higher efficiency, modularity, and maintainability compared to the federated systems. This paper motivates the journey to the next generation of IMA systems. For this new generation of avionics systems, highly adaptive and integrated structures, i.e., computing platforms, are being developed and implemented. The novel design enables the reconfiguration and reassignment of safety-critical applications to counter total system failures. The deployment of advanced airborne applications is enabled due to to more powerful processing units and wireless technologies. The study presents the state-of-the-art in designing ARINC 653-compliant IMA systems as well as development efforts for future IMA architectures. Three major points are discussed in the paper. First, IMA as a technology is presented. Second, the status quo and development efforts for IMA systems are discussed. This refers mainly to the research performed for state-of-the-art avionics systems. Third, the requirements for next generation IMA with some potential implementations are discussed. The research shows that IMA is invaluable for aviation systems and there will be a major shift to more advanced software and hardware technologies with future IMA systems. Nevertheless, there are many emerging requirements yet to be met with this next generation of IMA.
... AI has a wider range of applications than only ML. Some AI systems, for instance, may be built upon an ML model but not be entirely dependent on it; conversely, other systems may function solely on rule-based systems and not employ any machine-learnt models (Sprockhoff et al. 2023;Liubchenko 2022). Therefore, it is correct to assert that ML is a component of AI, but not all AI applications exclusively depend on ML methods, thereby demonstrating the variety and complexity within the wider domain of AI. ...
Article
Full-text available
As the range of decisions made by Artificial Intelligence (AI) expands, the need for Explainable AI (XAI) becomes increasingly critical. The reasoning behind the specific outcomes of complex and opaque financial models requires a thorough justification to improve risk assessment, minimise the loss of trust, and promote a more resilient and trustworthy financial ecosystem. This Systematic Literature Review (SLR) identifies 138 relevant articles from 2005 to 2022 and highlights empirical examples demonstrating XAI's potential benefits in the financial industry. We classified the articles according to the financial tasks addressed by AI using XAI, the variation in XAI methods between applications and tasks, and the development and application of new XAI methods. The most popular financial tasks addressed by the AI using XAI were credit management, stock price predictions, and fraud detection. The three most commonly employed AI black-box techniques in finance whose explainability was evaluated were Artificial Neural Networks (ANN), Extreme Gradient Boosting (XGBoost), and Random Forest. Most of the examined publications utilise feature importance, Shapley additive explanations (SHAP), and rule-based methods. In addition, they employ explainability frameworks that integrate multiple XAI techniques. We also concisely define the existing challenges, requirements, and unresolved issues in applying XAI in the financial sector.
... The scenarios represent different situations with foreign airplanes used for testing. The detailed use case is explained in [7]. A method for iterative scenario-based testing of AI-based systems is presented in the scope of this work. ...
Article
Full-text available
The development of Artificial Intelligence (AI) based systems is becoming increasingly prominent in various industries. The aviation industry is also gradually adopting AI-based systems. An example could be using Machine Learning algorithms for flight assistance. There are several reasons why adopting these technologies poses additional obstacles in aviation compared to other industries. One reason is strong safety requirements, which lead to obligatory assurance activities such as thorough testing to obtain certification. Amongst many other technical challenges, a systematic approach is needed for developing, deploying, and assessing test cases for AI-based systems in aviation. This paper proposes a method for iterative scenario-based testing for AI-based systems. The method contains three major parts: First, a high-level description of test scenarios; second, the generation and execution of these scenarios; and last, monitoring of scenario parameters during scenario execution. The scenario parameters, which can be for instance environmental or system parameters, are refined and the test steps are executed iteratively. The method forms a basis for developing iterative scenario-based testing solutions. As a domain-specific example, a practical implementation of this method is illustrated. For an object detection application used on an airplane, flight scenarios, including multiple airplanes, are generated from a descriptive scenario model and executed in a simulation environment. The parameters are monitored using a custom Operational Design Domain monitoring tool and refined in the process of iterative scenario generation and execution. The proposed iterative scenario-based testing method helps in generating precise test cases for AI-based systems while having a high potential for automation.
... As a result a framework was developed which demonstrates the process from ConOps to ODD description with included scenario-based testing of the operational scenarios. Throughout the engineering process Model-Based System Engineering (MBSE) is used in order to handle engineering complexity [10] [11]. ...
Conference Paper
Full-text available
In the project RESILIENZ at the German Aerospace Center, a systematic approach for combining operational scenarios from Concept of Operations (ConOps) to capture specific operational ranges and limitations, is investigated. Based on an exemplary aviation use case-collision avoidance-, the corresponding ConOps is defined and used as a basis to derive the Operational Design Domain (ODD). Since ODD is one of the pillars for developing safe AI-based systems this enables meeting high-level system requirements and in the future resilience for failure tolerant AI systems. In this paper, a model-based system engineering framework is introduced in which scenarios are generated from the ConOps description in a highly automated way. In total 50 scenarios were generated and evaluated. This dataset of the operational scenario can be used for testing the initial ODD coverage. The framework in this paper ensures a systematic and highly automated approach from describing the ConOps towards deriving and testing an ODD in the aviation domain.
... The scenarios represent different situations with foreign aircraft used for testing. The detailed use case is explained in [7]. A method for iterative scenario-based testing of AI-based systems is presented in the scope of this work. ...
Conference Paper
Full-text available
Machine learning (ML) has proven to be the tool of choice for achieving human-like or even super-human performance with automation on specific tasks. As a result, this data-driven approach is currently experiencing massive interest in all industry domains. This increased use also applies for the safety critical aviation domain. With no human pilot on board, the potential use cases of ML for unmanned aircraft are particularly promising. Even upcoming Urban Air Mobility (UAM) concepts are planning to remove the onboard pilot and instead use ML to support a remote pilot, possibly supervising a fleet of vehicles. However, the verification of ML algorithms is a challenging problem, since established safety standards and assurance methods are not applicable. Thus, this work comprises a literature study on the topic of ML verification and safety. This research paper uses a systematic approach to map and categorize the research and focus on specific subtopics that are of particular interest in the context of existing guidance documents.
Conference Paper
Full-text available
Automation and eventually autonomy are regarded as the enabler for upcoming Urban Air Mobility (UAM) / Advanced Air Mobility segment. Only they could enable unprecedented opportunities for scaling drones and air taxis to a large number of vehicles, making the services available for everyone. Artificial Intelligence (AI) in general, Machine Learning (ML) in particular promise a huge leap towards achieving high levels of automation and further autonomy. Nevertheless, the safety concerns and challenges regarding compliance to the existing software standards are more pressing then ever before. Existing regulatory framework for hardware and software items fail to provide adequate acceptable means of compliance for AI-based systems. Hence, there are currently a number of ongoing efforts to update and augment the current standards. This paper will give an overview of the existing and upcoming regulatory framework for certifying AI-based systems. It will elaborate the EASA documents, artificial intelligence roadmap, Concepts of Design Assurance for Neural Networks (CoDANN), CoDANN II, as well as the concept paper on first usable guidance for level I machine learning applications. Furthermore, suitable guidance from EuroCAE, RTCA, ASTM and AVSI will be discussed.
Article
Full-text available
Virtual testing using simulation will play a significant role in future safety validation procedures for automated driving systems, as it provides the needed scalability for executing a scenario-based assessment approach. This article combines multiple essential aspects that are necessary for the virtual validation of such systems. First, a general framework that contains the vital subsystems needed for virtual validation is introduced. Secondly, the interfaces between the subsystems are explored. Additionally, the concept of model fidelities is presented and extended towards all relevant subsystems. For an automated lane-keeping system with two different definitions of an operational design domain, all relevant subsystems are defined and integrated into an overall simulation framework. The resulting difference between both operational design domains is the occurrence of lateral manoeuvres, leading to greater demands of the fidelity of the vehicle dynamics model. The simulation results support the initial assumption that by extending the operation domain, the requirements for all subsystems are subject to adaption. As an essential aspect of harmonising virtual validation frameworks, the article identifies four separate layers and their corresponding parameters. In particular, the tool-specific co-simulation capability layer is critical, as it enables model exchange through consistently defined interfaces and reduces the integration effort. The introduction of this layered architecture for virtual validation frameworks enables further cross-domain collaboration.
Article
Full-text available
Testing and validation of the functionalities and safety of automated vehicles shifted from a distance-based to a scenario-based method in the past decade. A number of domain-specific languages and systems were developed to support scenario-based testing. The aim of this paper is to review and compare the features and characteristics of the major scenario description languages and systems (SDLS). Each of them is designed for different purposes and with different goals; therefore, they have their strengths and weaknesses. Their characteristics are highlighted with an example nontrivial traffic scenario that we designed. We also discuss some directions for further development and research of these SDLS.
Article
Full-text available
When will automated vehicles come onto the market? This question has puzzled the automotive industry and society for years. The technology and its implementation have made rapid progress over the last decade, but the challenge of how to prove the safety of these systems has not yet been solved. Since a market launch without proof of safety would neither be accepted by society nor by legislators, much time and many resources have been invested into safety assessment in recent years in order to develop new approaches for an efficient assessment. This paper therefore provides an overview of various approaches, and gives a comprehensive survey of the so-called scenario-based approach. The scenario-based approach is a promising method, in which individual traffic situations are typically tested by means of virtual simulation. Since an infinite number of different scenarios can theoretically occur in real-world traffic, even the scenario-based approach leaves the question unanswered as to how to break these down into a finite set of scenarios, and find those which are representative in order to render testing more manageable. This paper provides a comprehensive literature review of related safety-assessment publications that deal precisely with this question. Therefore, this paper develops a novel taxonomy for the scenario-based approach, and classifies all literature sources. Based on this, the existing methods will be compared with each other and, as one conclusion, the alternative concept of formal verification will be combined with the scenario-based approach. Finally, future research priorities are derived.
Conference Paper
Full-text available
The growing adoption of Distributed Energy Resources (DER) in low-voltage distribution grids calls for new feedback control algorithms that rely on quasi-real-time data collected by remote sensors. The design and evaluation of such algorithms necessitates a prudent and comprehensive approach since these algorithms require a tight integration of power and communication systems. A simple link failure or a sophisticated cyberattack launched against the grid's monitoring, communication , and control infrastructure could rapidly grow out of control, making the grid unstable. We investigate the design and implementation of a high-fidelity smart grid simulation platform which integrates a network simulator and a power flow simulator using the Mosaik co-simulation framework. The platform allows for evaluating the performance of new control algorithms and understanding dynamics of modern distribution grids. Example case studies are presented to validate the proposed platform.
Article
Full-text available
In the face of ever-increasing complexity of systems and system development programs, several aerospace, automotive, and defense organizations have already begun or are contemplating the transition to model-based systems engineering (MBSE). The key challenges that organizations face in making this decision are determining whether it is technically feasible and financially beneficial in the long-run to transition to MBSE, and whether such transition is achievable given budgetary constraints. Among other cost drivers of this transition, are a new digital infrastructure, personnel training in MBSE, and cost-effective migration of legacy models and data into the new infrastructure. The ability to quantify gains from MBSE investment is critical to making the decision to commit to MBSE implementation. This paper proposes a methodological framework for analyzing investments and potential gains associated with MBSE implementation on large-scale system programs. To this end, the MBSE implementation problem is characterized in terms of: system complexity, environment complexity and regulatory constraints, and system lifespan. These criteria are applied to systems in twelve major industry sectors to determine MBSE investment and expected gains. Results from this cost-benefit analysis are used to justify investment in MBSE implementation where warranted. This approach is generic and can be applied to different sectors for economic evaluation of costs and benefits and justification of transition to MBSE if warranted.
Article
Full-text available
Soft systems methodology (SSM), an analytic method commonly employed in engineering and business research, produces models focused on human activities and relevant structures used to explain complex, engineered systems. The original version of SSM involves seven stages; five address real-world aspects and observable data, while two stages leverage a systems thinking viewpoint. This approach allows the development of a simplified depiction of complex systems representative of the multi-perspective lenses used to comprehend the systemic complexity of a problem and provide a clearer picture to analysts and decision makers. This bibliometric meta-analysis of 286 relevant publications in engineering, business, and other social sciences fields explores the historic impacts of SSM on academic research and systems thinking in relevant publications that described or employed SSM for research from 1980–2018. This study produced descriptive narrative outcomes and data visualizations including information about top SSM authors, author citation impacts, common dissemination outlets for SSM work, and other relevant metrics commonly used to measure academic impact. The goal of this piece is to depict who, what, why, when, and where SSM had the greatest impact on research, systems thinking, and methodology after nearly 40 years of use, as we look towards its future as a methodological approach used to comprehend complex problem situations.
Book
Full-text available
A new approach to safety, based on systems thinking, that is more effective, less costly, and easier to use than current techniques. Engineering has experienced a technological revolution, but the basic engineering techniques applied in safety and reliability engineering, created in a simpler, analog world, have changed very little over the years. In this groundbreaking book, Nancy Leveson proposes a new approach to safety—more suited to today's complex, sociotechnical, software-intensive world—based on modern systems thinking and systems theory. Revisiting and updating ideas pioneered by 1950s aerospace engineers in their System Safety concept, and testing her new model extensively on real-world examples, Leveson has created a new approach to safety that is more effective, less expensive, and easier to use than current techniques. Arguing that traditional models of causality are inadequate, Leveson presents a new, extended model of causation (Systems-Theoretic Accident Model and Processes, or STAMP), then shows how the new model can be used to create techniques for system safety engineering, including accident analysis, hazard analysis, system design, safety in operations, and management of safety-critical systems. She applies the new techniques to real-world events including the friendly-fire loss of a U.S. Blackhawk helicopter in the first Gulf War; the Vioxx recall; the U.S. Navy SUBSAFE program; and the bacterial contamination of a public water supply in a Canadian town. Leveson's approach is relevant even beyond safety engineering, offering techniques for “reengineering” any large sociotechnical system to improve safety and manage risk.
Conference Paper
Full-text available
The latest version of the ISO 26262 standard from 2016 represents the state of the art for a safety-guided development of safety-critical electric/electronic vehicle systems. These vehicle systems include advanced driver assistance systems and vehicle guidance systems. The development process proposed in the ISO 26262 standard is based upon multiple V-models, and defines activities and work products for each process step. In many of these process steps, scenario based approaches can be applied to achieve the defined work products for the development of automated driving functions. To accomplish the work products of different process steps, scenarios have to focus on various aspects like a human understandable notation or a description via state variables. This leads to contradictory requirements regarding the level of detail and way of notation for the representation of scenarios. In this paper, the authors discuss requirements for the representation of scenarios in different process steps defined by the ISO 26262 standard, propose a consistent terminology based on prior publications for the identified levels of abstraction, and demonstrate how scenarios can be systematically evolved along the phases of the development process outlined in the ISO 26262 standard.
Conference Paper
Full-text available
While any simulation study starts with a scenario, scenario development is usually conducted in an unstructured and ad hoc manner. In order to streamline scenario development, a formal approach is envisioned in the research flight simulator facility of German Aerospace Center (DLR), namely Air Vehicle Simulator (AVES). System Entity Structure (SES) which is a high level ontology that was introduced to specify a set of system structures and parameter settings is proposed as the foundations. The paper outlines a model-based methodology for scenario development. SES is exploited for metamodeling in order to capture all possible elements of a scenario that can be simulated in AVES. Then a scenario modeling methodology is built upon this metamodel.
Conference Paper
Full-text available
Although the importance of scenarios in modeling and simulation has long been well known, there still exists a lack of common understanding and standardized practices in simulation scenario development. This paper proposes a Domain-Specific Language (DLS) to provide a standard scenario specification that will lead to a common mechanism for verifying and executing aviation scenarios, effective sharing of scenarios among various simulation environments, improve the consistency among different simulators and simulations, and even enable the reuse of scenario specifications. Following DSL design practices, the proposed Aviation Scenario Definition Language (ASDL) will provide a well-structured definition language to formally specify complete aircraft landing scenarios. In order to capture the necessary constructs for a simulation scenario, Simulation Interoperability Standards Organization (SISO) Base Object Model (BOM) is adopted as the baseline metamodel. This baseline is extended using the fundamentals of aircraft landing that cover all the domain-related concepts and terminology as constructs. By taking a formal approach in defining aviation scenarios, ASDL aims at providing consistency and completeness checking, and model-to-text transformations capabilities for various targets in the aviation scenario definition domain. The results of this work will be used to develop a graphical modeling environment and automatic means to transform scenario models into executable scenario scripts. The work presented here is the first stepping stone in formal scenario definition in aviation domain.
Conference Paper
Full-text available
A joint research project between MIT and JAXA/JAMSS is investigating the application of a new hazard analysis to the system and software in the HTV. Traditional hazard analysis focuses on component failures but software does not fail in this way. Software most often contributes to accidents by commanding the spacecraft into an unsafe state (e.g., turning off the descent engines prematurely) or by not issuing required commands. That makes the standard hazard analysis techniques of limited usefulness on software-intensive systems, which describes most spacecraft built today.
Conference Paper
Full-text available
Scenarios play an important role in planning, engineering and executing a distributed simulation environment. During the simulation environment engineering process the operational scenarios provided by the user are refined into one or more conceptual scenarios and finally executable scenarios are derived which are used for initializing and stimulating participating simulation systems and other member applications. Conceptual scenarios provide the linking elements between operational scenarios and executable scenarios. Although complete and precise specification of conceptual scenarios is of crucial importance for the whole simulation environment engineering process, we find very little (if at all) guidance on how to specify and document conceptual scenarios. This paper presents how the Base Object Model (BOM) standard may be utilized for specifying conceptual scenarios. We demonstrate the applicability of the BOM standard for a fictitious air defense scenario. To set the stage, firstly, we give an overview about scenarios in military simulation environments and their place in the simulation environment engineering process. Secondly, the main part of this paper presents the example scenario as a case study for utilizing the BOM standard for specification of conceptual scenarios.
Conference Paper
The competition for market entry in emerging segments such as Urban Air Mobility highlights the need for efficient and flexible development processes. This is accompanied by the trend towards software-intensive avionics systems due to the requirement for complex and computationally expensive algorithms. Considering the successful application of agile developments in the software domain, one might conclude that the agile paradigm would be the perfect fit to address these issues. However, for highly safety-critical domains such as aviation, multiple conflicts with the agile paradigm exist. Especially the constraint to follow rigorous and well documented processes contradicts the ideas of agile. To bridge this gap, a comprehensive and well documented, but still flexible process is necessary. Accordingly, this paper proposes a first step towards such an agile safety-guided design, by combining Model-Based Systems Engineering with the System-Theoretic Process Analysis. Particularly, focus is placed on enabling an iterative safety-guided design by providing functionality to track design changes to the corresponding safety artifacts. This automated functionality is enabled by a formalized execution of the safety analysis. At first glance, formalization sounds like a contradiction to the agile paradigm. However, we argue that formality and agility are not necessarily contradicting each other. Our theory is that moving the focus of formality from the human activities to the assisting functionality even increases overall agility. The iterative safety-guided design and resulting identification of safety improvements is demonstrated with examples of a flight assistance system.
Conference Paper
Urban Air Mobility introduces safety-related challenges for future avionics systems. The associated need for increased autonomy demands novel functions based on highperformance algorithms. To provide such functionality in future air vehicles of all sizes, the trend is towards centralized and powerful computing platforms. That turns avionics into a complex, integrated, and software-intensive aircraft system. Simultaneously, this increases the need for adapted safety analyses. The System-Theoretic Process Analysis is a promising approach to analyze the safety of software-intensive systems. It enables consideration of interaction and specification issues additional to component failures. However, even when using state-of-the-art analyses such as STPA, claiming the sufficiency of the safety analysis efforts is a challenging tasks for systems with everincreasing complexity. To address this issue, this paper extends the coverage analysis concepts known from the software development to safety analyses. This is achieved with the utilization of failure graphs, i.e., formalized analysis summaries that can be automatically created during the safety analysis. Failure graphs have two advantages: they provide the possibility for visual analysis state indication and can be used to calculate various statistical metrics. Thereby, they allow to improve the knowledge about the depth, breadth, and state of the safety analysis. Both visual and statistical consideration complement each other to enhance the safety analysis coverage assessment for future avionic systems. To show all capabilities, the analysis of a flight assistance system serves as demonstrator.
Article
This article presents a new machine learning (ML) development lifecycle which will constitute the core of the new aeronautical standard on ML called AS6983, jointly being developed by working group WG-114/G34 of European Organisation for Civil Aviation Equipment (EUROCAE) and SAE. The article also presents a survey of several existing standards and guidelines related to ML in aeronautics, automotive, and industrial domains by comparing and contrasting their scope, purpose, and results. Standards and guidelines reviewed include the European Union Aviation Safety Agency (EASA) Concept Paper, the DEEL (DEpendable and Explainable Learning) white paper “Machine Learning in Certified Systems”, Aerospace Vehicle System Institute (AVSI) Authorization for Expenditure (AFE) 87 report on Machine Learning, Guidance on the Assurance of Machine Learning for use in Autonomous Systems (AMLAS), Laboratoire National de Metrologie et d’Essais (LNE) Certification Standard of Processes for AI, the Underwriters Laboratories (UL) 4600 Safety Standard for Autonomous Vehicles, and the paper on Assuring the Machine Learning Lifecycle. These standards and guidelines are examined from the perspective of the learning assurance objectives they propose, and the means of evaluation and compliance for achieving these learning objectives. The reference used for comparison is the list of learning assurance objectives defined within the framework of AS6983 development. From this comparative analysis, and based on a coverage criterion defined in this article, only three (3) standards and guidelines exceed 50% coverage of the Machine Learning Development Lifecycle (MLDL) learning assurance objectives baseline. The next steps of this work are to update the AS6983 learning assurance objectives and improve the associated means of compliance to approach a coverage score of 100%, and offer a certification-based process to other domains that could benefit from the AS6983 standard.
Conference Paper
View Video Presentation: https://doi.org/10.2514/6.2022-2103.vid Developing safety-critical AI-based systems is an emerging challenge in aviation. Amongst others, the recent concept paper of the European Union Aviation Safety Agency (EASA), "First usable guidance for Level 1 machine learning applications", provides invaluable insights to tackle this challenge. It particularly highlights the importance of synthetic data for training, validation and testing as a means of complementing real-world data for completeness and representatives. The primary source of synthetic data is simulations. The literature recognizes simulation not only as a crucial data source but an effective method for verification. This paper uses EASA guidance as a baseline to propose a simulation-based data generation process for AI-based airborne systems.
Conference Paper
Emerging segments such as Urban Air Mobility require new safety-critical avionic systems. The complexity of these avionic systems has ever been increasing, but even more rapidly in the last two decades in form of the number of components, functions, and interactions. At the same time, demanding time-to-market requirements have to be adhered to by development companies. To cope with these challenges, agile development approaches are required that guarantee safety-by-construction. This paper presents an endeavor to tackle these challenges by holistic utilization of Model-based Systems Engineering, System-Theoretic Process Analysis, and formal methods. The approach is demonstrated in a use-case that analyzes a simplified Collision Avoidance System architecture. Results show that the presented approach is able to improve the development by automating and validating error-prone tasks of the safety assessment.
Conference Paper
Emerging segments such as autonomous driving require new by-wire system architectures for steering and braking. These system architectures are highly safety-critical and currently not commonly used in the automotive industry. This results in challenges for traditional development approaches. One issue is that a well-thought-out architecture selection is already required in early phases of development. Within this paper, a concept is proposed to help consideration of safety in this timely architecture selection, using a safety trade-off concept. An early consideration of system architecture safety is achieved by utilization of a formalized System-Theoretic Process Analysis on a Systems Modeling Language model. This underlying system model was developed with a Model-based System Engineering approach. Additionally, it is explained how classical safety considerations and safety principles can be integrated into this safety trade-off. Finally, the approach is demonstrated in an architecture comparison for a simplified Steer-by-Wire architecture. Results show that it is possible to find relevant safety requirements and use them to compare solution architecture candidates.
Article
One approach to designing decision-making logic for an aircraft collision avoidance system frames the problem as a Markov decision process and optimizes the system using dynamic programming. The resulting collision avoidance strategy can be represented as a numeric table. This methodology has been used in the development of the Airborne Collision Avoidance System X family of collision avoidance systems for manned and unmanned aircraft, but the high-dimensionality of the state space leads to very large tables. To improve storage efficiency, a deep neural network is used to approximate the table. With the use of an asymmetric loss function and a gradient descent algorithm, the parameters for this network can be trained to provide accurate estimates of table values while preserving the relative preferences of the possible advisories for each state. By training multiple networks to represent subtables, the network also decreases the required runtime for computing the collision avoidance advisory. Simulation studies show that the network improves the safety and efficiency of the collision avoidance system. Because only the network parameters need to be stored, the required storage space is reduced by a factor of 1000, enabling the collision avoidance system to operate using current avionics systems.
Article
Advances in artificial intelligence (AI) will transform modern life by reshaping transportation, health, science, finance, and the military. To adapt public policy, we need to better anticipate these advances. Here we report the results from a large survey of machine learning researchers on their beliefs about progress in AI. Researchers predict AI will outperform humans in many activities in the next ten years, such as translating languages (by 2024), writing high-school essays (by 2026), driving a truck (by 2027), working in retail (by 2031), writing a bestselling book (by 2049), and working as a surgeon (by 2053). Researchers believe there is a 50% chance of AI outperforming humans in all tasks in 45 years and of automating all human jobs in 120 years, with Asian respondents expecting these dates much sooner than North Americans. These results will inform discussion amongst researchers and policymakers about anticipating and managing trends in AI. This article is part of the special track on AI and Society.
Conference Paper
System complexity is a key characteristic in aviation industry which leads to broad utilization of modeling and simulation in in this global business. Scenario development is an important aspect of a simulation study. It starts at the very first steps when the operational scenarios are defined with the stakeholders and ends with a successful simulation execution. Although the importance of simulation scenarios has long been well-known, there still exists a lack of common understanding and standardized practices which lead to degraded interoperability and shareability. There is a recent effort coordinated by the American Institute of Aeronautics and Astronautics (AIAA) Modeling and Simulation Technical Committee (MSTC) towards development of a standard scenario definition language for aviation. This effort is being challenged by the same system complexity. Ontologies provide means to tackle complexity in domain modelling. This paper presents two distinct ontology based approaches to develop simulation scenario definition language for aviation. They both provide formal bases towards a standard domain specific language for scenario development.
Book
This unique text/reference provides a comprehensive review of distributed simulation (DS) from the perspective of Model Driven Engineering (MDE), illustrating how MDE affects the overall lifecycle of the simulation development process. Numerous practical case studies are included to demonstrate the utility and applicability of the methodology, many of which are developed from tools available to download from the public domain. Topics and features: • Provides a thorough introduction to the fundamental concepts, principles and processes of modeling and simulation, MDE and high-level architecture • Describes a road map for building a DS system in accordance with the MDE perspective, and a technical framework for the development of conceptual models • Presents a focus on federate (simulation environment) architectures, detailing a practical approach to the design of federations (i.e., simulation member design) • Discusses the main activities related to scenario management in DS, and explores the process of MDE-based implementation, integration and testing • Reviews approaches to simulation evolution and modernization, including architecturedriven modernization for simulation modernization • Examines the potential synergies between the agent, DS, and MDE methodologies, suggesting avenues for future research at the intersection of these three fields Distributed Simulation – A Model Driven Engineering Approach is an important resource for all researchers and practitioners involved in modeling and simulation, and software engineering, who may be interested in adopting MDE principles when developing complex DS systems.
Conference Paper
The open source flight simulator FlightGear is developed from contributions by many talented people around the world. The main focus is a desire to 'do things right' and to minimize short cuts. FlightGear has become more configurable and flexible in recent years making for a huge improvement in the user's overall experience. This overview discusses the project, recent advances, some of the new opportunities and newer applications.
Identifying challenges to the certification of machine learning for safety critical systems
  • E Jenn
  • A Albore
  • F Mamalet
  • G Flandin
  • C Gabreau
  • H Delseny
  • A Gauffriau
  • H Bonnin
  • L Alecu
  • J Pirard
Jenn, E., Albore, A., Mamalet, F., Flandin, G., Gabreau, C., Delseny, H., Gauffriau, A., Bonnin, H., Alecu, L., Pirard, J., et al., "Identifying challenges to the certification of machine learning for safety critical systems," European Congress on Embedded Real Time Systems (ERTS 2020), 2020.
Artificial Intelligence Roadmap: A human-centric approach to AI in Aviation
EASA, "Artificial Intelligence Roadmap: A human-centric approach to AI in Aviation," Tech. rep., Feb. 2020. URL https://www.easa.europa.eu/en/downloads/109668/en.
Recent Trends and Advances in Model Based Systems Engineering
  • A M Madni
  • B Boehm
  • D Erwin
  • M Moghaddam
  • M Sievers
  • M Wheaton
Madni, A. M., Boehm, B., Erwin, D., Moghaddam, M., Sievers, M., and Wheaton, M., Recent Trends and Advances in Model Based Systems Engineering, Springer International Publishing, 2022. https://doi.org/10.1007/978-3-030-82083-1.
Concepts of Design Assurance for Neural Networks (CoDANN) II
  • Daedalean Easa
  • Ag
EASA and Daedalean AG, "Concepts of Design Assurance for Neural Networks (CoDANN) II," Tech. rep., May 2021. URL https://www.easa.europa.eu/en/downloads/128161/en.
  • Workgroup Deel Certification
DEEL Certification Workgroup, "Machine Learning in Certified Systems,", 2021. https://doi.org/10.48550/arXiv.2103.10529.
MagicGrid ® Book of Knowledge, A Practical Guide to System Modeling using MagicGrid from No Magic
  • A Aleksandraviciene
  • A Morkevicius
Aleksandraviciene, A., and Morkevicius, A., MagicGrid ® Book of Knowledge, A Practical Guide to System Modeling using MagicGrid from No Magic, 2 nd ed., Vitae Litera: Kaunas, Lithuania, 2021.
Risk Analysis and Assessment Modeling Language (RAAML) Libraries and Profiles
  • Object Management Group
Object Management Group, "Risk Analysis and Assessment Modeling Language (RAAML) Libraries and Profiles,", accessed 25.10.2022. URL https://www.omg.org/spec/RAAML/1.0/Beta1/PDF.
YOLOv7: Trainable bag-of-freebies sets new state-of-the-art for real-time object detectors
  • C.-Y Wang
  • A Bochkovskiy
  • H.-Y M Liao
Wang, C.-Y., Bochkovskiy, A., and Liao, H.-Y. M., "YOLOv7: Trainable bag-of-freebies sets new state-of-the-art for real-time object detectors," arXiv preprint arXiv:2207.02696, 2022. https://doi.org/10.48550/arXiv.2207.02696.
J3016_202104 -Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles
  • Sae
SAE, "J3016_202104 -Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles," https://www.sae.org/standards/content/j3016_202104/, 2021.