The increasing use of Machine Learning (ML) components embedded in autonomous systems -- so-called Learning-Enabled Systems (LESs) -- has resulted in the pressing need to assure their functional safety. As for traditional functional safety, the emerging consensus within both, industry and academia, is to use assurance cases for this purpose. Typically assurance cases support claims of reliability in support of safety, and can be viewed as a structured way of organising arguments and evidence generated from safety analysis and reliability modelling activities. While such assurance activities are traditionally guided by consensus-based standards developed from vast engineering experience, LESs pose new challenges in safety-critical application due to the characteristics and design of ML models. In this article, we first present an overall assurance framework for LESs with an emphasis on quantitative aspects, e.g., breaking down system-level safety targets to component-level requirements and supporting claims stated in reliability metrics. We then introduce a novel model-agnostic Reliability Assessment Model (RAM) for ML classifiers that utilises the operational profile and robustness verification evidence. We discuss the model assumptions and the inherent challenges of assessing ML reliability uncovered by our RAM and propose solutions to practical use. Probabilistic safety argument templates at the lower ML component-level are also developed based on the RAM. Finally, to evaluate and demonstrate our methods, we not only conduct experiments on synthetic/benchmark datasets but also scope our methods with case studies on simulated Autonomous Underwater Vehicles and physical Unmanned Ground Vehicles.
翻译:越来越多地使用自主系统中嵌入的机器学习(ML)组成部分 -- -- 所谓的学习-强化系统(LES) -- -- 已经导致迫切需要确保其功能安全;关于传统功能安全,行业和学术界正在形成的共识是为此目的使用保证案例。典型的保证案例支持为支持安全而提出的可靠性主张,可被视为组织从安全分析和可靠性建模活动中产生的论点和证据的一种结构化方式。虽然这种保证活动传统上以广泛工程经验所形成的基于共识的标准为指导,但由于ML模型的特性和设计,LES在安全适用方面构成新的挑战。在本条中,我们首先为LES提出了一个总体保证框架,重点是数量方面,例如,将系统一级的安全目标打破到组成部分一级的要求,并支持可靠性指标中阐明的主张。我们随后为ML分类分类者引入一个新的模型-敏感性可靠性评估模型(RAM)模型,利用广泛的工程经验以及可靠的核查证据。我们讨论了模型假设以及评估ML可靠性的内在挑战,但因为ML模型和ML模型是我们公司在地面上所发现的,我们关于SARM和SL的模拟模型模型的模型性研究,我们最后的模型上也用我们基于实验室的模型的模型的模型的模型和模型的模型的方法来展示我们的安全方法。