1. Introduction
With the development of science and technology, the space launch technology of many countries has become increasingly mature, and the risk of space launches has thus been gradually maintained under strict control [
1]. However, in recent years, several major accidents in space launch missions have occurred worldwide and these critical launch accidents show that considerable risks pertaining to the SLS still exists, which also means that further research on the risk analysis of the SLS needs to be performed [
2,
3]. The statistics in China show that a launch centre has successfully completed 47 launch missions in a certain past decade, which included nearly 200 potential launch risks. The causes of these potential launch risks include design defects, improper operation, software defects, organisation and command issues, and system interference. The above space launch accidents and statistical analyses show that even if a launch mission is successfully completed, there still exist many potential risks in the launch processes. It is thus crucial to assess the risk of the SLS before launch.
At present, the PRA is mainly used to quantitatively analyse the system risks in high-risk engineering fields. In general, PRA refers to a new class of system risk analyses and accident evaluation methods developed by the U.S. in the field of nuclear power after the 1960s. This approach mainly adopts system reliability evaluation technologies, such as fault tree analysis and event tree analysis to comprehensively analyse the occurrence and process of possible accidents in complex systems and take into account the occurrence probability and consequences of such accidents [
4]. The main purpose of these methods in the system risk analysis is to analyse and evaluate the probability of dangerous events, accidents, or failures [
5,
6]. At present, a large number of PRA methods have been developed for the fields of nuclear power, aerospace, and maritime transportation, etc. [
7].
Based on the above PRA methods, many scholars have analysed the risk of in space launch. A risk analysis method based on the information fusion is proposed to assess the mean collective risk to the general public after a rocket launch, which provides a reference for the risk aversion after a rocket launch [
8]. The impact of environmental factors on the safety risk of a space launch is studied through the time series analysis of a large amount of space launch data [
9]. The systems-theoretic process analysis is applied to an SLS to improve the safety of rocket launch events [
10]. It is proposed to strengthen the safety risk assessment of the rocket launch and re-entry events and construct a framework for the risk assessment [
11]. The safety risks of space launch events in Australia are researched and a method to avoid the risks and improve the system safety is proposed [
12]. A risk management model is proposed to attempt to establish risk management standards to standardise the space launch missions of various countries [
13]. All the studies mentioned extend the application of PRA to the risk assessment of rocket launch processes. However, there are still some limitations. Some studies assign precise probabilities to the basic risk events, which will inevitably introduce uncertainty to a certain extent due to the scarcity of data and lack of knowledge, as this does not satisfy the law of large numbers in probability theory [
14].
Fuzzy set theory, which can also be called fuzzy method, was proposed by Zadeh in 1965 [
15]. It is an extension of the classical set theory. In fuzzy sets, the relationship between elements and sets is no longer an absolute state of belonging and not belonging, instead, it is represented by a membership function with the interval between [0, 1]. It is regarded as an effective tool to deal with the cognitive uncertainty brought by small sample data [
16]. Some researchers apply fuzzy theory to QRA by combining it with event tree analysis (ETA) and fault tree (FTA) analysis [
17,
18]. A new approach combining fuzzy theory and the HAZOP technique is proposed with application in the risk analysis of gas wellhead facilities [
19]. Nevertheless, the traditional PRA method has great challenges in handling fuzzy data under uncertainty conditions [
20]. For instance, most of the existing studies only assessed the impact of the risk factors on the whole system and only a few of them considered the causal relationship among the risk factors, and the tree-based model uses Boolean logic, which limits the validity of the causal probability of the model.
A Bayesian network, also known as belief network, is a directed acyclic graph. It combines graph theory and probability theory and can be expressed as <V, E>, where V denotes the nodes and E denotes the directed edges between nodes. In a BN, nodes represent random variables, and directed edges between nodes represent the causal relations between nodes (from the parent node to its children), expressing the strength of the relations with conditional probability tables (CPTs), and prior probabilities are used to present those without parents [
21]. A BN is suitable for the expression and analyses of uncertainties or probabilistic events since it can generate reasoning from uncertain knowledge or information [
22]. It is considered as a robust risk analysis technique since it can represent causal relationships among events and perform inference of risk events with new evidence under uncertainty. Therefore, this approach is widely used in the reliability assessments [
23], fault diagnoses [
24], and failure probability upgrades of safety systems [
25]. The BN graphically shows the causal relationship among the variables and uses the probability to quantitatively clarify the development of these causal relationships; subsequently, the network diagnoses the problems, calculates the posterior probability of the variables after obtaining new information (evidence), and updates the model. This approach can support forward reasoning, sensitivity analysis, and backward reasoning, which enables it to realise the risk management of the entire process that includes prior prediction, construction control, and subsequent diagnosis. A prior research combined the interpretive structural model (ISM) and BN to quantitatively analyse the relationships and interaction strengths between risk factors in the railroad hazardous goods transportation system [
26]. Yin and Li applied BN to quantitative risk analysis of offshore well blowout accidents [
27]. An approach mapping fault tree to BN is proposed to analyse the risk of ship grounding accidents. Although BN is used in many fields, based on the high-risk nature of space launches, it is necessary to combine fuzzy theory and applying expert experience and historical statistics to perform risk analysis of space engineering.
In view of the current limitations of the process risk analysis in space launches, this paper proposes a risk analysis framework suitable for the process of SLSs based on BNs, which uses the fuzzy theory to reduce the uncertainties of insufficient statistics expert evaluation. The rest of this paper is organized as follows.
Section 2 introduces the methodology including the mathematical basis, modelling process, and the fuzzy method of BNs.
Section 3 shows a case study of the process risk analysis for SLSs including case background, causal structure, and probabilities of the BN.
Section 4 gives the risks pertaining to the SLS including forward reasoning, reverse reasoning, and sensitivity. Some issues are also discussed in this section.
Section 5 summarises the paper.
4. Results and Discussion
4.1. Reasoning Results
According to the abovementioned fuzzy method, combined with the expert evaluation, the authors can obtain the probability of the leaf nodes in the BNs and the conditional probability between the child nodes and parent nodes to obtain the CPTs for the whole network. The CPTs are combined with causal networks to construct the BNs for the space launch risk, as shown in
Figure 6.
The results of the Bayesian reasoning showed that the probability of the SLS in the high, medium, and low risk states is 0.00004, 0.52683, and 0.47313, respectively, as shown in
Figure 6. Finally, the risk probabilities of each node are obtained, as presented in
Table 8. The results showed that the total risk probability of the SLS is 0.0306, and the risk in the launch zone is higher than that in the technical zone and ground measure-control system; therefore, the relevant personnel should focus on reducing the risk in the launch zone. In addition, compared with other nodes at the same level, the risk probability of the process control is excessively high; therefore, the control of the rocket launch process should be made stricter. Furthermore, the risk of the rocket stability is also high, and the rocket stability should thus be further enhanced. Although the casualty risk probability is low, it should be strictly controlled due to its high severity. The rocket delay risk can be considered after optimising the other risk events.
The fuzzy posterior probabilities are also obtained in the posterior reasoning. According to the different states of the root node “Launch site risk” as “No evidence”, “High risk”, “Medium risk”, and “Low risk”, respectively, the fuzzy posterior probabilities of each node can be obtained, as shown in
Figure 7. The posterior probabilities indicate that the probability states with “No evidence” is between the “Low risk” state and the “Medium risk” state, which not only reflects the relatively high success rate of space launch tasks, but also reflects the non-negligible risk in the process of space launch. Moreover, as the parent nodes of “Risk in launch zone”, the node “Process control risk” and the node “Rocket stability risk” are most affected by “Launch is high risk” = “High risk”, which further proves that “Process control risk” should be paid enough attention in the risk management of space launch system.
4.2. Risk Path Analysis
Assuming that the SLS is in a high-risk state, that is, by setting the probability of the node “Risk in space launch system” in the high-risk state as 100%, the reverse reasoning based on the BN is used to determine the main reasons leading to the high risk pertaining to the SLS and to analyse the risk conduction path. The results of the reverse reasoning are shown in
Figure 8. These results indicated that if the SLS is in a high-risk state, its parent node “Risk in launch zone” is most likely to be in a high-risk state with a probability of 98%; the parent node “Risk in technical zone” is most likely to be in a medium-risk state with a probability of 57%, and parent node “Risk in measure-control system” is most likely to be in a low-risk state with a probability of 66%. Therefore, the high risk of the SLS is mainly caused by the risk in the launch zone, followed by the impact of the risk in the technical zone.
Using this method, the risk causes are further traced. For the node “Risk in launch zone”, the risk probability of node “Process control risk” is the highest in the parent node; when traced back to the parent node of “Process control risk”, the risk probability of the nodes “5 Pre-computer” and “7 Commander’s command” is the highest in the parent node. Therefore, to effectively reduce the risk pertaining to the SLS, the relevant personnel should focus on the risk events “5 Thrust utilization computer” and “7 Commander’s instruction”, and strive to reduce the risk probability by optimising the launch process or strengthening the personnel supervision.
On the basis of the above methods, the main and secondary risk conduction paths could be determined by retrospective analysis of the risk causes of the SLS. The main conduction path is as follows: “5 Thrust utilization computer” or “7 Commander’s instruction” → “Process control risk” → “Risk in launch zone” → “Risk in space launch”. The secondary conduction path is as follows: “4 Control cable socket” → “Risk in technical zone” → “Risk in space launch”, as shown in
Figure 8 (the bold red arrows indicate the main conduction path, and the bold black arrows indicate the secondary conduction path).
4.3. Sensitivity Analysis
The sensitivity analysis of the system risk by using the BN can help the analysts determine the risk events that have the greatest impact on the system risk, to provide a more accurate event probability or conditional probability of these risk events when optimising the SLS. The sensitivity analysis result of the risk in the SLS is shown in
Figure 9, the depth of the red colour indicates the sensitivity of the node to the node “risk in space launch system”, which means the redder the node is, the more sensitive the node is to “risk in space launch. As shown in
Figure 9, the probabilistic changes in the nodes “Rocket stability risk” and “13 Hard hose plug for filling” have the greatest impact on the risk of the total system. The sensitivity ranking of each node to the risks in the SLS is as shown in
Figure 10, which indicates that the change in the risk in the technology zone, launch zone, and measure-control system has the greatest impact on the total system risk. The colour of the bar shows the direction of the change in the state of “risk in space launch system”, red expresses negative and green positive change. In addition, the probabilistic changes in the key risk events 13, 14, and 15 have a greater impact on the total system risk. Considering the above analysis results, in the future risk assessment of SLS, the probability acquisition accuracy of the key risk events 13, 14, and 15 should be improved to reduce the impact of the probability estimation accuracy on the system risk assessment.
4.4. Discussion
In the above case, the fuzzy theory and expert experience are used to evaluate the risk of SLS comprehensively, and historical statistics are used reasonably, which reduces the impact of uncertainty. Some discussion is provided concerning the methods used in this paper.
- (1)
Fuzzy method
The fuzzy membership function is used for probability transformation, and the fuzzy score for risk level is used to determine the CPT. The proposed method is more accurate and reasonable than direct fuzzy evaluation of CPT. Furthermore, as the main uncertainty source of the BN, the CPTs are constructed with the aid of fuzzification in this paper. To reduce the uncertainties, the traditional CPT construction method exerts certain requirements on the workload of the expert evaluation, and thus, a one-sidedness problem exists when the experts evaluate a large number of conditional probabilities, which makes the construction of the CPTs time-consuming, laborious, and inaccurate. In view of the shortcomings of the traditional CPTs construction method, this paper appropriately fuzzified the risk probability of nodes and fully considered the influence weight of each parent node on the child node to obtain more objective CPTs.
- (2)
Case of SLS
Through the field investigation and data collection, the authors sorted out some krisk events that may lead to accidents, and obtained 15 key risk events and their frequency. After establishing the application framework and BN method, domain experts are invited to evaluate, and a complete BN model is finally obtained. Through Bayesian analysis, these results guide the engineering practice to reduce the occurrence of risk events and the probabilities of rare events are also fully considered. Due to the limitations of the proposed method, the accuracy of expert evaluation, and the size of data samples, the results obtained cannot fully reflect the actual situation. To solve this problem, in addition to optimising the method and improving the status of data acquisition, BN can be updated by using the posterior reasoning of BN to be more in line with the actual situation.
Generally speaking, the application framework and the method of building CPT are well used in the case of SLS. This framework makes the construction process and effect of BN clear, while the construction method of CPT can reasonably obtain CPT by using expert experience and fuzzy method.
5. Conclusions
The launch process of aerospace engineering is a stage in which equipment failures and human errors occur frequently, and many catastrophic risk events occur in this stage. PRA plays an important role in analysing and reducing risk. BN is a powerful risk assessment tool, and fuzzy method helps to reduce the uncertainty caused by the subjective evaluation of experts. This paper establishes a PRA framework for SLS using BNs with fuzzy theory and discusses the uncertainties in BNs. The framework summarises the BN application method from three layers of principle, model, and result. The framework clearly reflects the principles used in the construction of the BN model, and also show the effect and relationship of various BN analysis results.
Compared with previous studies, and based on the BN model, the contribution of this paper can be summarised as follows: (1) fifteen key risk events during the rocket launch were analysed and divided into risk in technical zone, risk in launch zone, and risk in ground measure-control system by experts, with the structure of BN constructed based on this; (2) a quantitative risk assessment analysis model was constructed for the rocket launch process, an improved CPT construction method was proposed based on the fuzzy theory, which can solve the problem of excessive reliance of the traditional CPT construction method on the expert evaluation; (3) risk path inference and sensitivity analysis of SLS were conducted. Our approach is well demonstrated in the case study, which help decision makers to make optimal resource allocations with limited resources.