{"title":"Lower Bounds in Optimal Integrity Monitoring","authors":"J. Blanch, T. Walter","doi":"10.33012/2019.16788","DOIUrl":null,"url":null,"abstract":"The goal of integrity monitoring in positioning algorithms consists in finding a test statistic and an estimator that meets both the integrity requirements and the alert requirements under a set of conditions. The search for such test statistics can be cast as an optimization problem where the goal is to minimize the integrity risk while maintaining the alert requirements. In this work, we provide results that extend previous results in two ways. First, we provide a lower bound on the integrity risk for linear unbiased estimators (but not necessarily optimal). Second we provide a lower on the integrity risk in the case of fault detection and exclusion. The results developed in this work here are general. In particular, they are applicable to both snapshot solutions and Kalman filter solutions, and to any combination of sensors. INTRODUCTION Until recently, integrity monitoring in radio-navigation was mostly limited to aircraft navigation. It is now being expanded to automotive, rail, and maritime applications [1], [2], [3]. Given the increased awareness of GNSS threats (like spoofing), it is likely that integrity monitoring will pervade most navigation systems. There are many different types of integrity monitoring algorithms, each responding to a different design constraint. In all cases, it can be useful to know what the minimum achievable integrity risk is, for at least three reasons. First, these bounds tell us whether it makes sense to continue improving the algorithm; second, the search itself shows us which class of algorithms will likely perform well, third, if the lower limit is too high, then we know that we should be looking somewhere else to achieve the desired performances (like more measurements, additional structure, or more constraints on the fault modes). Finding the optimal integrity monitoring algorithm is in general a very difficult problem. It is however possible to define tractable problems that can be proven to provide a lower bound on the achievable integrity risk in the original problems. Optimality results in the range domain pre-date the development of integrity in GNSS ([4], [5]). These results have been adapted to GNSS in at least [6]. In [7], we proved that in the case of one threat, even multi-dimensional, the optimal detection statistic is the solution separation statistic. This was achieved by casting the search of the optimal detection region as a minimax problem, and using the Neyman-Pearson lemma to limit the search of the detection regions to a class of regions parameterized by a bias. These results allowed us to establish a lower bound on the minimum integrity risk. However, these results were only proven for least squares estimators and for the detection problem only. In this work, we expand and generalize the theoretical results from [7] in two directions. First, we provide lower bounds on the lowest possible achievable integrity risk given a set of measurements and a threat space in the case of linear estimators (but not necessarily least squares); second, we will consider the case of fault detection and exclusion with non-linear estimators. For this case, we will show that, to obtain optimality results, it is useful to generalize the fault detection and exclusion process. After introducing notations, definitions, and previous results, we provide two inequalities that place a lower bound on the optimal integrity given an alert probability. ERROR MODEL AND DEFINITIONS Fault free error model In this paper, we will assume that the linear approximation holds. The fault free error model is given by the state equation: y y Gx (1) where: G is the geometry matrix (n by p) (p is 3 plus the number of clock states) y is the set of measurements (n by 1) εy is the nominal noise (n x 1) x is the position and clock unknowns. The nominal noise follows a zero mean Gaussian distribution with covariance 1 W : 1 0, y N W (2) Fault error model The fault error model is the one adopted in [7] which generalizes the fault modes used in RAIM. In this model, the measurements are determined by one error model, and one only, out of N +1 possible error models. Each of these error models, or hypothesis, has a known probability of occurrence pHi and corresponds to the addition of an unknown state in the measurement equation: i i y y Gx A b (3) A and b are an n by mi matrix and a mi by 1 vector respectively. Ai is known, and b is arbitrary. In the rest of the paper, we will assume that the matrix [G Ai ] is full rank and that n>p+mi-1. If there is no change of variable on the nuisance parameters that can make the matrix [G Ai ] full rank, then the fault cannot be monitored (this would happen for example if A = G). Similarly, if the system of equations (3) is underdetermined, which will happen if n<p+mi, then the fault cannot be monitored. The fault free case corresponds to i = 0. OPTIMAL DETECTION REGION The design of the integrity algorithm is therefore equivalent to the determination of a detection region Ω such that: ˆ , k k HMI P x x L y P (4) Where: x̂ is the estimate of x obtained from the measurements y L is the Alert Limit PHMI is the required integrity risk In addition, there is a false alert requirement: under fault free conditions, the probability that the measurements are outside of Ω must not exceed the false alert budget Pfa: 0 | fa P y H P (5) The optimal detection region can be defined as the region that minimizes the integrity risk given a false alarm rate, that is, it is the solution to the optimization problem: Minimize ˆ , k k P x x L y (6) s.t. | 0 fa P y i P PREVIOUS RESULT From the results shown in [7], the most useful one concerned the case with one multidimensional fault mode and where the all-in-view solution is the optimal one under fault free conditions. This result allowed us to compute a lower bound on the achievable integrity in the case with multiple faults: Optimal detection region for one multi-dimensional threat with a least squares all-in-view solution For a fixed false alarm probability, a detection region that minimizes the integrity risk when only one threat is considered (N=1) is given by: * | i T T k k y s s y T (7) where sk is the k-row of the least squares estimator of xk assuming the measurement model fault S(3): 1 T T i i i T i T G G S W G A W A A (8) The threshold T is set to meet the false alarm requirement (Pfa): 1 2 fa i ss P T Q (9) 1 i i T i T T T ss k k k k s s W s s This result means that the optimal detection statistics is the solution separation between the all-in-view solution and the least squares solution that is immune to the fault mode. When A corresponds to the addition of independent biases to a set of satellites, the least squares solution immune to the fault mode is the least squares solution that excludes the satellites affected by the fault mode. One of the goals of this paper is to extend this result when the all-in-view estimator is not necessarily the optimal one for accuracy (but still a linear one). This is important because in some cases, it is useful to offset the all-in-view position solution from the most accurate solution to improve integrity ([8],[9],[10],[11],[12],[13]). LOWER BOUND ON OPTIMAL INTEGRITY FOR LINEAR ESTIMATORS In this section, we provide a lower bound on the optimal integrity when the all-in-view estimator is a linear unbiased estimator (which covers [8],[9],[10],[11],[12],[13]), that is: x̂ Sy (10) where S produces an unbiased estimate [8]:","PeriodicalId":201935,"journal":{"name":"Proceedings of the ION 2019 Pacific PNT Meeting","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ION 2019 Pacific PNT Meeting","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33012/2019.16788","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The goal of integrity monitoring in positioning algorithms consists in finding a test statistic and an estimator that meets both the integrity requirements and the alert requirements under a set of conditions. The search for such test statistics can be cast as an optimization problem where the goal is to minimize the integrity risk while maintaining the alert requirements. In this work, we provide results that extend previous results in two ways. First, we provide a lower bound on the integrity risk for linear unbiased estimators (but not necessarily optimal). Second we provide a lower on the integrity risk in the case of fault detection and exclusion. The results developed in this work here are general. In particular, they are applicable to both snapshot solutions and Kalman filter solutions, and to any combination of sensors. INTRODUCTION Until recently, integrity monitoring in radio-navigation was mostly limited to aircraft navigation. It is now being expanded to automotive, rail, and maritime applications [1], [2], [3]. Given the increased awareness of GNSS threats (like spoofing), it is likely that integrity monitoring will pervade most navigation systems. There are many different types of integrity monitoring algorithms, each responding to a different design constraint. In all cases, it can be useful to know what the minimum achievable integrity risk is, for at least three reasons. First, these bounds tell us whether it makes sense to continue improving the algorithm; second, the search itself shows us which class of algorithms will likely perform well, third, if the lower limit is too high, then we know that we should be looking somewhere else to achieve the desired performances (like more measurements, additional structure, or more constraints on the fault modes). Finding the optimal integrity monitoring algorithm is in general a very difficult problem. It is however possible to define tractable problems that can be proven to provide a lower bound on the achievable integrity risk in the original problems. Optimality results in the range domain pre-date the development of integrity in GNSS ([4], [5]). These results have been adapted to GNSS in at least [6]. In [7], we proved that in the case of one threat, even multi-dimensional, the optimal detection statistic is the solution separation statistic. This was achieved by casting the search of the optimal detection region as a minimax problem, and using the Neyman-Pearson lemma to limit the search of the detection regions to a class of regions parameterized by a bias. These results allowed us to establish a lower bound on the minimum integrity risk. However, these results were only proven for least squares estimators and for the detection problem only. In this work, we expand and generalize the theoretical results from [7] in two directions. First, we provide lower bounds on the lowest possible achievable integrity risk given a set of measurements and a threat space in the case of linear estimators (but not necessarily least squares); second, we will consider the case of fault detection and exclusion with non-linear estimators. For this case, we will show that, to obtain optimality results, it is useful to generalize the fault detection and exclusion process. After introducing notations, definitions, and previous results, we provide two inequalities that place a lower bound on the optimal integrity given an alert probability. ERROR MODEL AND DEFINITIONS Fault free error model In this paper, we will assume that the linear approximation holds. The fault free error model is given by the state equation: y y Gx (1) where: G is the geometry matrix (n by p) (p is 3 plus the number of clock states) y is the set of measurements (n by 1) εy is the nominal noise (n x 1) x is the position and clock unknowns. The nominal noise follows a zero mean Gaussian distribution with covariance 1 W : 1 0, y N W (2) Fault error model The fault error model is the one adopted in [7] which generalizes the fault modes used in RAIM. In this model, the measurements are determined by one error model, and one only, out of N +1 possible error models. Each of these error models, or hypothesis, has a known probability of occurrence pHi and corresponds to the addition of an unknown state in the measurement equation: i i y y Gx A b (3) A and b are an n by mi matrix and a mi by 1 vector respectively. Ai is known, and b is arbitrary. In the rest of the paper, we will assume that the matrix [G Ai ] is full rank and that n>p+mi-1. If there is no change of variable on the nuisance parameters that can make the matrix [G Ai ] full rank, then the fault cannot be monitored (this would happen for example if A = G). Similarly, if the system of equations (3) is underdetermined, which will happen if n
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
