{"title":"最优完整性监控的下界","authors":"J. Blanch, T. Walter","doi":"10.33012/2019.16788","DOIUrl":null,"url":null,"abstract":"The goal of integrity monitoring in positioning algorithms consists in finding a test statistic and an estimator that meets both the integrity requirements and the alert requirements under a set of conditions. The search for such test statistics can be cast as an optimization problem where the goal is to minimize the integrity risk while maintaining the alert requirements. In this work, we provide results that extend previous results in two ways. First, we provide a lower bound on the integrity risk for linear unbiased estimators (but not necessarily optimal). Second we provide a lower on the integrity risk in the case of fault detection and exclusion. The results developed in this work here are general. In particular, they are applicable to both snapshot solutions and Kalman filter solutions, and to any combination of sensors. INTRODUCTION Until recently, integrity monitoring in radio-navigation was mostly limited to aircraft navigation. It is now being expanded to automotive, rail, and maritime applications [1], [2], [3]. Given the increased awareness of GNSS threats (like spoofing), it is likely that integrity monitoring will pervade most navigation systems. There are many different types of integrity monitoring algorithms, each responding to a different design constraint. In all cases, it can be useful to know what the minimum achievable integrity risk is, for at least three reasons. First, these bounds tell us whether it makes sense to continue improving the algorithm; second, the search itself shows us which class of algorithms will likely perform well, third, if the lower limit is too high, then we know that we should be looking somewhere else to achieve the desired performances (like more measurements, additional structure, or more constraints on the fault modes). Finding the optimal integrity monitoring algorithm is in general a very difficult problem. It is however possible to define tractable problems that can be proven to provide a lower bound on the achievable integrity risk in the original problems. Optimality results in the range domain pre-date the development of integrity in GNSS ([4], [5]). These results have been adapted to GNSS in at least [6]. In [7], we proved that in the case of one threat, even multi-dimensional, the optimal detection statistic is the solution separation statistic. This was achieved by casting the search of the optimal detection region as a minimax problem, and using the Neyman-Pearson lemma to limit the search of the detection regions to a class of regions parameterized by a bias. These results allowed us to establish a lower bound on the minimum integrity risk. However, these results were only proven for least squares estimators and for the detection problem only. In this work, we expand and generalize the theoretical results from [7] in two directions. First, we provide lower bounds on the lowest possible achievable integrity risk given a set of measurements and a threat space in the case of linear estimators (but not necessarily least squares); second, we will consider the case of fault detection and exclusion with non-linear estimators. For this case, we will show that, to obtain optimality results, it is useful to generalize the fault detection and exclusion process. After introducing notations, definitions, and previous results, we provide two inequalities that place a lower bound on the optimal integrity given an alert probability. ERROR MODEL AND DEFINITIONS Fault free error model In this paper, we will assume that the linear approximation holds. The fault free error model is given by the state equation: y y Gx (1) where: G is the geometry matrix (n by p) (p is 3 plus the number of clock states) y is the set of measurements (n by 1) εy is the nominal noise (n x 1) x is the position and clock unknowns. The nominal noise follows a zero mean Gaussian distribution with covariance 1 W : 1 0, y N W (2) Fault error model The fault error model is the one adopted in [7] which generalizes the fault modes used in RAIM. In this model, the measurements are determined by one error model, and one only, out of N +1 possible error models. Each of these error models, or hypothesis, has a known probability of occurrence pHi and corresponds to the addition of an unknown state in the measurement equation: i i y y Gx A b (3) A and b are an n by mi matrix and a mi by 1 vector respectively. Ai is known, and b is arbitrary. In the rest of the paper, we will assume that the matrix [G Ai ] is full rank and that n>p+mi-1. If there is no change of variable on the nuisance parameters that can make the matrix [G Ai ] full rank, then the fault cannot be monitored (this would happen for example if A = G). Similarly, if the system of equations (3) is underdetermined, which will happen if n<p+mi, then the fault cannot be monitored. The fault free case corresponds to i = 0. OPTIMAL DETECTION REGION The design of the integrity algorithm is therefore equivalent to the determination of a detection region Ω such that: ˆ , k k HMI P x x L y P (4) Where: x̂ is the estimate of x obtained from the measurements y L is the Alert Limit PHMI is the required integrity risk In addition, there is a false alert requirement: under fault free conditions, the probability that the measurements are outside of Ω must not exceed the false alert budget Pfa: 0 | fa P y H P (5) The optimal detection region can be defined as the region that minimizes the integrity risk given a false alarm rate, that is, it is the solution to the optimization problem: Minimize ˆ , k k P x x L y (6) s.t. | 0 fa P y i P PREVIOUS RESULT From the results shown in [7], the most useful one concerned the case with one multidimensional fault mode and where the all-in-view solution is the optimal one under fault free conditions. This result allowed us to compute a lower bound on the achievable integrity in the case with multiple faults: Optimal detection region for one multi-dimensional threat with a least squares all-in-view solution For a fixed false alarm probability, a detection region that minimizes the integrity risk when only one threat is considered (N=1) is given by: * | i T T k k y s s y T (7) where sk is the k-row of the least squares estimator of xk assuming the measurement model fault S(3): 1 T T i i i T i T G G S W G A W A A (8) The threshold T is set to meet the false alarm requirement (Pfa): 1 2 fa i ss P T Q (9) 1 i i T i T T T ss k k k k s s W s s This result means that the optimal detection statistics is the solution separation between the all-in-view solution and the least squares solution that is immune to the fault mode. When A corresponds to the addition of independent biases to a set of satellites, the least squares solution immune to the fault mode is the least squares solution that excludes the satellites affected by the fault mode. One of the goals of this paper is to extend this result when the all-in-view estimator is not necessarily the optimal one for accuracy (but still a linear one). This is important because in some cases, it is useful to offset the all-in-view position solution from the most accurate solution to improve integrity ([8],[9],[10],[11],[12],[13]). LOWER BOUND ON OPTIMAL INTEGRITY FOR LINEAR ESTIMATORS In this section, we provide a lower bound on the optimal integrity when the all-in-view estimator is a linear unbiased estimator (which covers [8],[9],[10],[11],[12],[13]), that is: x̂ Sy (10) where S produces an unbiased estimate [8]:","PeriodicalId":201935,"journal":{"name":"Proceedings of the ION 2019 Pacific PNT Meeting","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Lower Bounds in Optimal Integrity Monitoring\",\"authors\":\"J. Blanch, T. Walter\",\"doi\":\"10.33012/2019.16788\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The goal of integrity monitoring in positioning algorithms consists in finding a test statistic and an estimator that meets both the integrity requirements and the alert requirements under a set of conditions. The search for such test statistics can be cast as an optimization problem where the goal is to minimize the integrity risk while maintaining the alert requirements. In this work, we provide results that extend previous results in two ways. First, we provide a lower bound on the integrity risk for linear unbiased estimators (but not necessarily optimal). Second we provide a lower on the integrity risk in the case of fault detection and exclusion. The results developed in this work here are general. In particular, they are applicable to both snapshot solutions and Kalman filter solutions, and to any combination of sensors. INTRODUCTION Until recently, integrity monitoring in radio-navigation was mostly limited to aircraft navigation. It is now being expanded to automotive, rail, and maritime applications [1], [2], [3]. Given the increased awareness of GNSS threats (like spoofing), it is likely that integrity monitoring will pervade most navigation systems. There are many different types of integrity monitoring algorithms, each responding to a different design constraint. In all cases, it can be useful to know what the minimum achievable integrity risk is, for at least three reasons. First, these bounds tell us whether it makes sense to continue improving the algorithm; second, the search itself shows us which class of algorithms will likely perform well, third, if the lower limit is too high, then we know that we should be looking somewhere else to achieve the desired performances (like more measurements, additional structure, or more constraints on the fault modes). Finding the optimal integrity monitoring algorithm is in general a very difficult problem. It is however possible to define tractable problems that can be proven to provide a lower bound on the achievable integrity risk in the original problems. Optimality results in the range domain pre-date the development of integrity in GNSS ([4], [5]). These results have been adapted to GNSS in at least [6]. In [7], we proved that in the case of one threat, even multi-dimensional, the optimal detection statistic is the solution separation statistic. This was achieved by casting the search of the optimal detection region as a minimax problem, and using the Neyman-Pearson lemma to limit the search of the detection regions to a class of regions parameterized by a bias. These results allowed us to establish a lower bound on the minimum integrity risk. However, these results were only proven for least squares estimators and for the detection problem only. In this work, we expand and generalize the theoretical results from [7] in two directions. First, we provide lower bounds on the lowest possible achievable integrity risk given a set of measurements and a threat space in the case of linear estimators (but not necessarily least squares); second, we will consider the case of fault detection and exclusion with non-linear estimators. For this case, we will show that, to obtain optimality results, it is useful to generalize the fault detection and exclusion process. After introducing notations, definitions, and previous results, we provide two inequalities that place a lower bound on the optimal integrity given an alert probability. ERROR MODEL AND DEFINITIONS Fault free error model In this paper, we will assume that the linear approximation holds. The fault free error model is given by the state equation: y y Gx (1) where: G is the geometry matrix (n by p) (p is 3 plus the number of clock states) y is the set of measurements (n by 1) εy is the nominal noise (n x 1) x is the position and clock unknowns. The nominal noise follows a zero mean Gaussian distribution with covariance 1 W : 1 0, y N W (2) Fault error model The fault error model is the one adopted in [7] which generalizes the fault modes used in RAIM. In this model, the measurements are determined by one error model, and one only, out of N +1 possible error models. Each of these error models, or hypothesis, has a known probability of occurrence pHi and corresponds to the addition of an unknown state in the measurement equation: i i y y Gx A b (3) A and b are an n by mi matrix and a mi by 1 vector respectively. Ai is known, and b is arbitrary. In the rest of the paper, we will assume that the matrix [G Ai ] is full rank and that n>p+mi-1. If there is no change of variable on the nuisance parameters that can make the matrix [G Ai ] full rank, then the fault cannot be monitored (this would happen for example if A = G). Similarly, if the system of equations (3) is underdetermined, which will happen if n<p+mi, then the fault cannot be monitored. The fault free case corresponds to i = 0. OPTIMAL DETECTION REGION The design of the integrity algorithm is therefore equivalent to the determination of a detection region Ω such that: ˆ , k k HMI P x x L y P (4) Where: x̂ is the estimate of x obtained from the measurements y L is the Alert Limit PHMI is the required integrity risk In addition, there is a false alert requirement: under fault free conditions, the probability that the measurements are outside of Ω must not exceed the false alert budget Pfa: 0 | fa P y H P (5) The optimal detection region can be defined as the region that minimizes the integrity risk given a false alarm rate, that is, it is the solution to the optimization problem: Minimize ˆ , k k P x x L y (6) s.t. | 0 fa P y i P PREVIOUS RESULT From the results shown in [7], the most useful one concerned the case with one multidimensional fault mode and where the all-in-view solution is the optimal one under fault free conditions. This result allowed us to compute a lower bound on the achievable integrity in the case with multiple faults: Optimal detection region for one multi-dimensional threat with a least squares all-in-view solution For a fixed false alarm probability, a detection region that minimizes the integrity risk when only one threat is considered (N=1) is given by: * | i T T k k y s s y T (7) where sk is the k-row of the least squares estimator of xk assuming the measurement model fault S(3): 1 T T i i i T i T G G S W G A W A A (8) The threshold T is set to meet the false alarm requirement (Pfa): 1 2 fa i ss P T Q (9) 1 i i T i T T T ss k k k k s s W s s This result means that the optimal detection statistics is the solution separation between the all-in-view solution and the least squares solution that is immune to the fault mode. When A corresponds to the addition of independent biases to a set of satellites, the least squares solution immune to the fault mode is the least squares solution that excludes the satellites affected by the fault mode. One of the goals of this paper is to extend this result when the all-in-view estimator is not necessarily the optimal one for accuracy (but still a linear one). This is important because in some cases, it is useful to offset the all-in-view position solution from the most accurate solution to improve integrity ([8],[9],[10],[11],[12],[13]). LOWER BOUND ON OPTIMAL INTEGRITY FOR LINEAR ESTIMATORS In this section, we provide a lower bound on the optimal integrity when the all-in-view estimator is a linear unbiased estimator (which covers [8],[9],[10],[11],[12],[13]), that is: x̂ Sy (10) where S produces an unbiased estimate [8]:\",\"PeriodicalId\":201935,\"journal\":{\"name\":\"Proceedings of the ION 2019 Pacific PNT Meeting\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ION 2019 Pacific PNT Meeting\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.33012/2019.16788\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ION 2019 Pacific PNT Meeting","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33012/2019.16788","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
摘要
定位算法中完整性监测的目标在于找到在一定条件下既满足完整性要求又满足警报要求的测试统计量和估计量。搜索这样的测试统计信息可以看作是一个优化问题,其目标是在保持警报需求的同时最小化完整性风险。在这项工作中,我们以两种方式提供了扩展先前结果的结果。首先,我们提供了线性无偏估计的完整性风险的下界(但不一定是最优的)。其次,在故障检测和排除的情况下,我们提供了较低的完整性风险。在此工作中得出的结果是一般性的。特别是,它们既适用于快照解决方案,也适用于卡尔曼滤波解决方案,也适用于任何传感器组合。直到最近,无线电导航中的完整性监测主要局限于飞机导航。它现在正在扩展到汽车,铁路和海事应用[1],[2],[3]。鉴于对GNSS威胁(如欺骗)的认识不断提高,完整性监测很可能会渗透到大多数导航系统中。有许多不同类型的完整性监控算法,每一种都响应不同的设计约束。在所有情况下,了解可实现的最小完整性风险是什么是有用的,原因至少有三个。首先,这些界限告诉我们继续改进算法是否有意义;第二,搜索本身向我们展示了哪一类算法可能会表现良好,第三,如果下限太高,那么我们知道我们应该寻找其他地方来实现期望的性能(比如更多的测量,额外的结构,或者对故障模式的更多约束)。寻找最优的完整性监控算法通常是一个非常困难的问题。然而,可以定义可处理的问题,这些问题可以证明在原始问题中提供可实现的完整性风险的下界。距离域的最优性结果早于GNSS完整性的发展([4],[5])。这些结果至少在[6]中被用于GNSS。在[7]中,我们证明了在一个威胁甚至多维的情况下,最优检测统计量是解分离统计量。这是通过将最优检测区域的搜索转换为极小极大问题,并使用Neyman-Pearson引理将检测区域的搜索限制为一类由偏差参数化的区域来实现的。这些结果使我们能够建立最小完整性风险的下限。然而,这些结果只证明了最小二乘估计和检测问题。在这项工作中,我们从两个方向对[7]的理论结果进行了扩展和推广。首先,在线性估计(但不一定是最小二乘)的情况下,我们给出了给定一组测量值和威胁空间的最低可能实现完整性风险的下界;其次,我们将考虑使用非线性估计器进行故障检测和排除的情况。对于这种情况,我们将证明,为了获得最优结果,对故障检测和排除过程进行推广是有用的。在介绍了符号、定义和以前的结果之后,我们提供了两个不等式,在给定警报概率的情况下,对最优完整性给出了下界。误差模型与定义无故障误差模型在本文中,我们假设线性近似成立。无故障误差模型由状态方程y y Gx(1)给出,其中G为几何矩阵(n × p) (p = 3 +时钟状态数)y为测量集合(n × 1) εy为标称噪声(n × 1) x为位置和时钟未知数。标称噪声服从零均值高斯分布,协方差为1 W * *:1 0,y N W * * * *(2)故障误差模型故障误差模型是[7]中采用的模型,它概括了ram中使用的故障模式。在这个模型中,测量结果由一个误差模型决定,并且只有一个,在N +1个可能的误差模型中。这些误差模型或假设中的每一个都具有已知的发生概率pHi,并对应于在测量方程中添加未知状态:i i y y Gx ab <s:1>(3)a和b分别是一个n × mi矩阵和一个mi × 1向量。Ai是已知的,b是任意的。在本文的其余部分,我们将假设矩阵[gai]是满秩的,并且n>p+mi-1。如果干扰参数上没有变量的变化使矩阵[G Ai]满秩,则故障无法监测(例如,当A = G时)。同样,如果方程组(3)是待定的,当n<p+mi时将发生待定,则故障无法监测。无故障情况对应于i = 0。
The goal of integrity monitoring in positioning algorithms consists in finding a test statistic and an estimator that meets both the integrity requirements and the alert requirements under a set of conditions. The search for such test statistics can be cast as an optimization problem where the goal is to minimize the integrity risk while maintaining the alert requirements. In this work, we provide results that extend previous results in two ways. First, we provide a lower bound on the integrity risk for linear unbiased estimators (but not necessarily optimal). Second we provide a lower on the integrity risk in the case of fault detection and exclusion. The results developed in this work here are general. In particular, they are applicable to both snapshot solutions and Kalman filter solutions, and to any combination of sensors. INTRODUCTION Until recently, integrity monitoring in radio-navigation was mostly limited to aircraft navigation. It is now being expanded to automotive, rail, and maritime applications [1], [2], [3]. Given the increased awareness of GNSS threats (like spoofing), it is likely that integrity monitoring will pervade most navigation systems. There are many different types of integrity monitoring algorithms, each responding to a different design constraint. In all cases, it can be useful to know what the minimum achievable integrity risk is, for at least three reasons. First, these bounds tell us whether it makes sense to continue improving the algorithm; second, the search itself shows us which class of algorithms will likely perform well, third, if the lower limit is too high, then we know that we should be looking somewhere else to achieve the desired performances (like more measurements, additional structure, or more constraints on the fault modes). Finding the optimal integrity monitoring algorithm is in general a very difficult problem. It is however possible to define tractable problems that can be proven to provide a lower bound on the achievable integrity risk in the original problems. Optimality results in the range domain pre-date the development of integrity in GNSS ([4], [5]). These results have been adapted to GNSS in at least [6]. In [7], we proved that in the case of one threat, even multi-dimensional, the optimal detection statistic is the solution separation statistic. This was achieved by casting the search of the optimal detection region as a minimax problem, and using the Neyman-Pearson lemma to limit the search of the detection regions to a class of regions parameterized by a bias. These results allowed us to establish a lower bound on the minimum integrity risk. However, these results were only proven for least squares estimators and for the detection problem only. In this work, we expand and generalize the theoretical results from [7] in two directions. First, we provide lower bounds on the lowest possible achievable integrity risk given a set of measurements and a threat space in the case of linear estimators (but not necessarily least squares); second, we will consider the case of fault detection and exclusion with non-linear estimators. For this case, we will show that, to obtain optimality results, it is useful to generalize the fault detection and exclusion process. After introducing notations, definitions, and previous results, we provide two inequalities that place a lower bound on the optimal integrity given an alert probability. ERROR MODEL AND DEFINITIONS Fault free error model In this paper, we will assume that the linear approximation holds. The fault free error model is given by the state equation: y y Gx (1) where: G is the geometry matrix (n by p) (p is 3 plus the number of clock states) y is the set of measurements (n by 1) εy is the nominal noise (n x 1) x is the position and clock unknowns. The nominal noise follows a zero mean Gaussian distribution with covariance 1 W : 1 0, y N W (2) Fault error model The fault error model is the one adopted in [7] which generalizes the fault modes used in RAIM. In this model, the measurements are determined by one error model, and one only, out of N +1 possible error models. Each of these error models, or hypothesis, has a known probability of occurrence pHi and corresponds to the addition of an unknown state in the measurement equation: i i y y Gx A b (3) A and b are an n by mi matrix and a mi by 1 vector respectively. Ai is known, and b is arbitrary. In the rest of the paper, we will assume that the matrix [G Ai ] is full rank and that n>p+mi-1. If there is no change of variable on the nuisance parameters that can make the matrix [G Ai ] full rank, then the fault cannot be monitored (this would happen for example if A = G). Similarly, if the system of equations (3) is underdetermined, which will happen if n
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
