Applied Computational Intelligence and Soft Computing

Applied Computational Intelligence and Soft Computing / 2017 / Article

Research Article | Open Access

Volume 2017 |Article ID 8304236 | https://doi.org/10.1155/2017/8304236

Rui Li, Zili Zhou, Yansong Cheng, Jianqiang Wang, "Failure Effects Evaluation for ATC Automation System", Applied Computational Intelligence and Soft Computing, vol. 2017, Article ID 8304236, 8 pages, 2017. https://doi.org/10.1155/2017/8304236

Failure Effects Evaluation for ATC Automation System

Academic Editor: Fengxiang Xu
Received16 Feb 2017
Accepted12 Apr 2017
Published02 May 2017

Abstract

ATC (air traffic control) automation system is a complex system, which helps maintain the air traffic order, guarantee the flight interval, and prevent aircraft collision. It is essential to ensure the safety of air traffic. Failure effects evaluation is an important part of ATC automation system reliability engineering. The failure effects evaluation of ATC automation system is aimed at the effects of modules or components which affect the performance and functionality of the system. By analyzing and evaluating the failure modes and their causes and effects, some reasonable improvement measures and preventive maintenance plans can be established. In this paper, the failure effects evaluation framework considering performance and functionality of the system is established on the basis of reliability theory. Some algorithms for the quantitative evaluation of failure effects on performance of ATC automation system are proposed. According to the algorithms, the quantitative evaluation of reliability, availability, maintainability, and other assessment indicators can be calculated.

1. Introduction

ATC (air traffic control) is a service provided by ground-based controllers who direct aircraft on the ground and through controlled airspace and provide advisory services to aircraft in noncontrolled airspace. The main objectives of air traffic control (ATC) are to ensure flights safety and an efficient organization of traffic flows [1, 2]. ATC automation system is a kind of complex electronic system combined with computer and information technology. It is usually used to maintain the air traffic order, guarantee the interval, and prevent aircraft collision [3]. It is essential for regional control and terminal airspace control. The reliability of ATC automation system has direct effects on air traffic safety.

In recent years, the air traffic control efficiency has been improved due to the employment of various types of ATC automation systems. But the majority of imported ATC automation systems have been used for many years. The hardware and software have declined gradually. And because the serve time of homemade systems is relatively short, there is obvious uncertainty in the evaluation of failure and risk. So the collection of failure records and evaluation of the failure effects are especially urgent. Lots of researches are aimed at reliability forecasting of ATC software. Wang and Liu collected the 36-month failure data of ATC automation system, and Markov chain is employed to predict its reliability [4]. Ternov and Akselsson proposed a new method for identifying hazards in a complex system based on DBE (disturbance, effect, and barrier) analysis and applied it to an air traffic control unit in Malmoe, Sweden [5]. Gómez et al. illustrated a recommender framework for assisting flight controllers, which combines argumentation theory and model checking in the evaluation of trade-offs and compromises to be made in the presence of incomplete and potentially inconsistent information [6]. Zhang et al. established the air traffic management system safety evaluating indicator system considering person-equipment-environment-management [7]. Woltjer et al. described the approach taken and results to develop guidance and to include resilience engineering principles in methodology for safety assessment of functional changes, in air traffic management [8]. Mayer developed an integrated aviation and ATC modeling platform for comparing and evaluating proposed aircraft flight operations and ATC procedures [9]. Flavio Vismari and Camargo Junior proposed a methodology for safety assessment of ATC system by combining “absolute” and “relative” safety assessment methods, using Fluid Stochastic Petri Nets (FSPN) as the modeling formalism [10]. Moon et al. had evaluated the relationship between air traffic volume and human error in air traffic control (ATC) on the basis of reviews of existing literature and interviews and surveys of ATC safety experts [11]. Vanderhaegen [12] also considered the effects of human errors on the ATC system.

The aim of this paper is to establish an available framework to evaluate the effects of failures of subsystems or components to the whole ATC system, so common reliability theory is utilized, such as reliability logic diagram and FMECA (Failure Mode, Effects, and Criticality Analysis), rather than the abstruse algorithms. A general structure of ATC automation system is used as the research object. The relationship between structure composition and functions is analyzed. An evaluation framework is established for failure effects appraisement according to performance effects and function effects. Section 2 gives the structure and function corresponding diagram of ATC automation system. In Section 3, evaluation framework of failure effects on performance is discussed and, in Section 4, evaluation framework of failure effects on function is proposed.

2. Basic Concept of ATC Automation System

An ATC automation system can deal with different types of radar data and form the flight path by information fusion. The autorelation of radar target and flight plan can be realized. The subsystems of a general ATC automation system include RFP (radar data front processing subsystem), RDP (radar processing subsystem), FDP (flight data processing subsystem), SDD (situation data display), FDD (flight data processing terminal), DRP (data record play), and CMD (condition monitoring display). The structure and function corresponding diagram is shown in Figure 1.

Among the subsystems of ATC automation system, RFP, RDP, FDP, and DRP have two redundancies. When the main equipment fails, the spare one will be switched as main equipment. SDD and FDD are display terminals; the breakdown of a single SDD or FDD will not affect others. CMD is used to set up system parameters. Failures of each subsystem have effects on the function and performance of the whole ATC automation system.

3. Evaluation of Failure Effects on Performance of ATC Automation System

On the basis of the past records and history data, the reliability, availability, maintainability, system load, and system response time can be quantitatively evaluated using proper mathematical models. The diagram of performance evaluation is shown in Figure 2.

3.1. Evaluation of Failure Effects on Reliability

The redundant configuration of ATC automation has diversity in different manufactures, for example, single-redundancy, two-redundancy, or three-redundancy. The model for evaluating reliability should be established according to the actual redundant configuration. A general reliability based on diagram of ATC automation system is shown in Figure 3.

In Figure 3, the same redundant subsystems are parallel connection. The different redundant subsystems are serial connection. Supposing that there are work points in the whole system, the system reliability can be calculated as follows:where is the reliability of the subsystem .

3.2. Evaluation of Failure Effects on Availability

The indexes of availability of ATC automation system can be estimated on the basis of maintenance records and statistical models. For example, the stable availability of ATC automation can be calculated usingwhere MTBF is mean time between failures and MTTR is mean time to repair. MTBF can be calculated by

3.3. Evaluation of Failure Effects on Maintainability

The indexes of maintainability of ATC automation system (e.g., repair rate, MTTR) can also be estimated on the basis of maintenance records and statistical models. The stable availability of ATC automation can be calculated using

The mean repair rate of ATC automation is

And the maintainability of ATC automation is

3.4. Evaluation of Failure Effects on System Load

When some redundant modules are broken down but at least a redundant module is normal, the ATC system can work normally. But the loading of normal modules must be increased. For example, the occupancy rate of CPU, RAM, and hard disk of server may be increased and so is the network flow. According to historical data, the change of occupancy rate of each subsystem should be considered, and then the load-time curve can be plotted.

The equipment load in time is the weighted sum of its single index (e.g., RAM occupancy rate), as shown inwhere is the load of equipment in time and is the weight of the single index. The load of subsystem and the whole system are calculated as follows:where and are the load of subsystem and the whole system in time , respectively. is the weight of the equipment and is the weight of the subsystem.

3.5. Evaluation of Failure Effects on System Response Time

According to the operating data of ATC automation system, response time of each typical operation is statistically calculated. And then the mean system response time iswhere is the mean response time of system. is the number of typical operations. is the response time of the typical operations.

4. Evaluation of Failure Effects on Function of ATC Automation System

The failure effects on function of ATC automation system are evaluated by using FMECA. FMECA (Failure Mode, Effects, and Criticality Analysis) is generally employed to analyze all the possible failure modes of components in a complex system in its whole lifetime [13]. The reasons of each mode and its effects to every layer are found out. And then improvement measures can be put forward. The procedure of FMECA for ATC automation system is shown in Figure 4.

4.1. Failure Modes Analysis

The purpose of failure mode analysis is to find out the possible failure modes of the ATC system from the requirement of the function and the failure criterion of the system definition.

Common failure modes are determined according to standard for failure classification of ATC equipment. The uncovered failures modes can be found out of maintain log or subjective experience of technicians.

4.2. Failure Reason Analysis

The failure reason is divided into direct causes and indirect reasons. The direct cause is the physical and chemical process of the ATC system itself, which leads to the failure or potential failure of the system, while the indirect failure is caused by the failure of other products, environmental factors, human factors, and so forth.

Failure reason analysis helps to identify the factors of the design, manufacture, usage, and maintenance that cause the failure. And then improvement measures and compensation measures can be taken into account to prevent or reduce the possibility of failure.

Before analysis, firstly the features of the ATC automatic system should be classified, and the relevant description should be determined. Analysts must be able to accurately describe each function and its related modules and failure mode.

The FMEA form of ATC automation system correlation between target trajectories and flight plans is shown in Table 1. Table 1 is established on the basis of the analysis of the anomalies of the track [14] and the causes of wrong correlation between target trajectories and flight plans [15], from the perspective of flight plan track related technology principle [16], radar system, and multiradar data processing system.


NumberProjectFunctionFailure
mode
Failure
cause
Failure
impact

1Radar
data
The basis of generating radar trackRadar track position is not accurateRadar precision is insufficientRadar track position causes the deviation
Air complex environment causes interference
SSR code errorRadar signal interference that can lead to inaccurate SSR codeWrong correlation
The repeated SSR codeDouble SSR code appears to be caused by mountain reflection, radar fault, false target, fusion algorithm, and so onUnable to correlate with each other
The radar flight number error of ADS or S modelADS data or S mode’s radar data transmission and processing is wrongWrong correlation

2Flight
telegraph
The basis of the flight planPoor timeliness of flight telegraphManually send flight telegraph delayATC system did not receive the message within prescribed time. Time deviation is too large, autorelated error, or wrong correlation
Network communication link quality is poor
The sequential variation of flight telegraphNetwork communication link quality is poorThe receiving and dispatched flight telegraph do not match the time order
The format and content of flight telegraph are not accurateHuman errorThe format and content of flight telegraph are wrong. Unable to get the correct route and calculate the flight status. Unable to automatically correlate with each other
Network communication link quality is poor
Lost the flight telegraphNetwork communication link quality is poorUnable to get flight telegraph. Unable to get accurate route and calculate the flight status. Unable to automatically correlate with each other

3Basic dataProvide the information of airport, airlines, aircraft, beacon, and punctuationBasic data is not accurateBasic database did not update the information of routes and beacon adjustedUnable to establish accurate flight route. Unable to calculate accurate 4D track. Autorelated error or wrong correlation
Basic data is not completeNot existing
Code duplication

44D
track
prediction
Establish the precise 4D track model of whole flight processThe calculated time deviation that through each way point is too large4D track prediction algorithm is not accurateState of the flight plan is not correct. The deviation between the planned track position and real target position is large. Unable to automatically correlate with each other or wrong correlation
The calculated planned flight direction is far away from the actual direction4D track prediction algorithm is not accurateUnable to automatically correlate with each other or wrong correlation

4.3. Failure Effect Analysis

Failure effect refers to the effects of each failure mode of the ATC system on its usage, function, and status.

When the failure mode of a module is affected by the failure of the other modules of the system, it is usually carried out according to the predefined system level structure. The structure and function corresponding diagram of ATC automation system is shown in Figure 1. According to the hierarchical structure of ATC automatic system, it can be divided into inverted tree type structure. Through the hierarchical structure diagram and the structure and function corresponding diagram, the modules failure effects on ATC automation system capability can be analyzed.

The effects of failure are clarified into four levels based on different incidence of single equipment to control unit, as shown in Table 2.


ClassificationClassification basisExamples

AControl unit cannot provide air control service() Backbone of communication networks of control unit failure.
() Internal phone communication system (very high frequency system) failure.
() Main and backup functional automation device overall paralysis

BFailures decline the control capability of air control service and greatly reduce the flight capacity() The whole or part of the automation system cannot be recovered in a short time.
() Failure of automatic transfer system.
() Partial control seats at the same time failure or other equipment failure which leads to air to ground communication failure.

CFailures cause the degradation of service quality on monitoring communication and navigation and reduce the control efficiency() Short time main device or automatic transfer system performance degradation leading to failure of flight plan processing function.
() Control coordination/transfer of telephone failure due to various causes.

DFailures have no effects on flight and traffic control() Single machine or single network of redundant system fault.
() Transient control over telephone or other equipment performance degradation and rapid recovery does not affect the control operation.

4.4. Criticality Analysis

A failure assessment follows the failure analysis, and RPN (Risk Priority Number) number is generally used. RPN is the product of , , and . With the RPN, a ranking of the identified failure causes and their failure connection to the failure effect can be done.

, which indicates occurrence, estimates how probable the occurrence of the failure cause is. According to Table 3, the scoring criteria for the occurrence probability grade are given. The value of failure probability is corresponding to the rating of expected number of failures in the product life cycle.


ScoreThe possibility of failureReference value of failure probability

1RareLow possibility of failure mode1/106

2LowPossibility of failure mode is relatively low1/20000
1/4000
3

4MiddleMiddle possibility of failure mode1/1000
51/400
61/80

7HighHigh possibility of failure mode1/40
81/20

9Extremely
high
Extremely high possibility of failure mode1/2
1/8
10

, which indicates severity, describes the severity of a failure effect. It used in the evaluation of the eventual impact on the failure mode of the analysis. Usually, the description of failure mode to the users should be visible. According to Table 4, the scoring methods of the severity are given.


ScoreThe influence degree of the failure

1SlightNo impact on the performance of the system.

2LowA slight effect on system performance.
3

4MiddleGeneral failure: the system performance is affected; it can be settled through the implementation of the corresponding treatment.
5
6

7HighSerious failure: the system performance is seriously affected.
8

9Extremely
high
Critical failure: system failure.
10

, which indicates detection, determines how successful the detection of the failure cause is.

According to Table 5, is the probability of the failure mode and cause.


ScoreThe difficulty of fault is detected

1Can completely find failure mode and causes
2May find failure mode and causes
3May find failure mode and causes
4May find failure mode and causes
5May find failure mode and causes
6May find failure mode and causes
7May find failure mode and causes
8May find failure mode and causes
9May find failure mode and causes
10May find failure mode and causes or may be unable to detect them

After completing the above steps, the number of RPN could be calculated. For the high harmful failure mode, we should put forward improvement measures.

5. Conclusion

In order to evaluate the effects of subsystem failures to ATC automation system, a framework considering effects on performance and function is established. On the basis of the framework, failure effects on system performance are calculated considering reliability, maintainability, availability, system load, and response time. The mathematical models for each index are given according to the reliability theory. The failure effects on function of ATC automation system are evaluated using FMECA. The procedure of FMECA of ATC automation system is proposed. The framework can be used to guide the reliability analysis procedures of ATC.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

References

  1. T. Kistan, A. Gardi, R. Sabatini, S. Ramasamy, and E. Batuwangala, “An evolutionary outlook of air traffic flow management techniques,” Progress in Aerospace Sciences, vol. 88, pp. 15–42, 2017. View at: Publisher Site | Google Scholar
  2. T. Jiang, J. Geller, D. Ni, and J. Collura, “Unmanned Aircraft System traffic management: concept of operation and system architecture,” International Journal of Transportation Science and Technology, vol. 5, no. 3, pp. 123–135, 2016. View at: Publisher Site | Google Scholar
  3. T. Lehouillier, F. Soumis, J. Omer, and C. Allignol, “Measuring the interactions between air traffic control and flow management using a simulation-based framework,” Computers and Industrial Engineering, vol. 99, no. 9, pp. 269–279, 2016. View at: Publisher Site | Google Scholar
  4. X. L. Wang and W. X. Liu, “research on air traffic control automatic system software reliability based on markov chain,” Physics Procedia, vol. 24, pp. 1601–1606, 2012. View at: Publisher Site | Google Scholar
  5. S. Ternov and R. Akselsson, “A method, DEB analysis, for proactive risk analysis applied to air traffic control,” Safety Science, vol. 42, no. 7, pp. 657–673, 2004. View at: Publisher Site | Google Scholar
  6. S. A. Gómez, A. Goron, A. Groza, and I. A. Letia, “Assuring safety in air traffic control systems with argumentation and model checking,” Expert Systems with Applications, vol. 44, pp. 367–385, 2016. View at: Publisher Site | Google Scholar
  7. Z. N. Zhang, N. Meng, and P. Zhou, “Based on the fuzzy set-valued statistics and the fuzzy mathematics theory in air traffic control system safety appraisal application,” Physics Procedia, vol. 33, pp. 511–521, 2012. View at: Publisher Site | Google Scholar
  8. R. Woltjer, E. Pinska-Chauvin, T. Laursen, and B. Josefsson, “Towards understanding work-as-done in air traffic management safety assessment and design,” Reliability Engineering and System Safety, vol. 141, pp. 115–130, 2015. View at: Publisher Site | Google Scholar
  9. R. H. Mayer, “Estimating operational benefits of aircraft navigation and air traffic control procedures using an integrated aviation modeling and evaluation platform,” in Proceedings of the Winter Simulation Conference (WSC '06), vol. 8, pp. 1569–1577, IEEE, December 2006. View at: Publisher Site | Google Scholar
  10. L. Flavio Vismari and J. B. Camargo Junior, “A safety assessment methodology applied to CNS/ATM-based air traffic control system,” Reliability Engineering and System Safety, vol. 96, no. 7, pp. 727–738, 2011. View at: Publisher Site | Google Scholar
  11. W. C. Moon, K. E. Yoo, and Y. C. Choi, “Air traffic volume and air traffic control human errors,” Journal of Transportation Technologies, vol. 1, no. 3, pp. 47–53, 2011. View at: Publisher Site | Google Scholar
  12. F. Vanderhaegen, “mirror effect based learning systems to predict human errors—application to the air traffic control,” IFAC-Papers on Line, vol. 49, no. 19, pp. 295–300, 2016. View at: Publisher Site | Google Scholar
  13. B. Bertsche, A. Schauz, and K. Pickard, Reliability in Automotive and Mechanical Engineering, Springer, Berlin, Germany, 2008. View at: Publisher Site
  14. X. J. Jiang, “The abnormal phenomenon analysis about the tack of ATC automation system,” Information Security and Technology, vol. 4, no. 9, pp. 86–87, 2013. View at: Google Scholar
  15. G. Y. Tian and C. H. Shi, “Analysis of reasons for no correlation between target trajectories and flight plans,” Air Traffic Management, no. 4, pp. 17–21, 2011. View at: Google Scholar
  16. W. Guo, “Research on problems of correlation between target trajectories and flight plans,” Silicon Valley, no. 3, pp. 8–25, 2015. View at: Google Scholar

Copyright © 2017 Rui Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


More related articles

 PDF Download Citation Citation
 Download other formatsMore
 Order printed copiesOrder
Views2288
Downloads585
Citations

Related articles

We are committed to sharing findings related to COVID-19 as quickly as possible. We will be providing unlimited waivers of publication charges for accepted research articles as well as case reports and case series related to COVID-19. Review articles are excluded from this waiver policy. Sign up here as a reviewer to help fast-track new submissions.