Keywords

1 Introduction

The problem of the security of air transportation systems [1] is very important due to serious consequences of accidents. A unified control of air transportation system does not exist in Russia that is why this research is actual. There are a few articles devoted to the problem [1,2,3,4,5, 9,10,11,12,13,14].

The solution of the problem requires research of large-scale and complicated systems that generally do not have strong mathematical description. The most important step in this case is to use the cause-effect approach [1], and methods for analyzing the interaction of complex systems resources including human factor [5,6,7].

Aircraft accidents and their ground effects consider as the development of negative events’ chains connected by temporal, cause-effect and other relations. In many cases the preconditions of these events chains are the instruction breakings that lead the system to a situation of lack of system resources (time, skills, energy, information) to prevent extreme external influences, or a combination of several subsystems failures. Breaches of the instructions may have a regular disposition, but it becomes the accidents’ cause only in the case of critical events’ combination.

The events’ chain leading to the accident can be interrupted at various stages and each of them requires its own set of tools to use with the corresponding resources. An accident happens when prevention doesn’t occur on any of these stages.

This article proposes an approach to the classification and analysis of the critical events combination as the causes of accidents.

2 The Safety of Air Transportation Systems and the Problem of Critical Events’ Combinations

The elements comprising this system are represented on Fig. 1.

Fig. 1.
figure 1

An air transportation system’s structure

Full size image

Flight safety is defined as an air transportation system’s property that describes the level of danger to people and material objects onboard the aircraft in the process of its functioning.

A model consisting of two interconnected units is proposing for the problem solution: the mathematical models complex of the aircraft dynamics and cause-effect models as a set of conditions describing the normal functioning of the air transportation system, including actions of the crew and air traffic controllers.

Analysis of occurred accidents shows, that they are caused by complex of events’ combinations, each of which occurs due to the certain resources lack.

Negative events may be a result of endogenous factors or external influences, and form a cause-effect chain.

The crew or air traffic controller error also belongs to the subsystems failures category [2, 8,9,10,11]. A lot of attention in various studies paid for preventing single failures and errors [3, 4, 6]. Models and methods of research and prevent combinations of heterogeneous subsystems are less developed. This problem is particularly acute when safety depends on the decisive actions of the crew and the air traffic controller. Emergency situation requires faultless and operational control actions for its prevention. The right decision making resources are limited by psychophysiological characteristics and the crew’s experience. If prevention does not occur, the situation is growing more rapidly, while prevention capabilities reduce.

3 An Approach to Classification of Critical Combination of Events

By the critical combination of events we consider the situation when negative events coming coincide with means of prevention failure.

For increase of the aviation safety classification of the air transportation system’s critical events combination is necessary. The following directions of the events’ combination classification in air transportation systems are offered:

  • by the time of occurrence relatively to the accident: before the crash, during the crash, during the prevention;

  • by timing characteristics of these events combination;

  • by the intensity of the appearance of this type of events combinations at this point in time, by the frequency of occurrence;

  • by objects and elements according to their layering defined by the technical documentation [4]: management personnel; hardware and software control systems; technical part of the air transportation system; the energy part of air transportation system; payload and passengers; environment and further by the elements of the subsystems;

  • by composition and quantity of diverse processes involved in combined events: processes of crews and air traffic controllers actions; control processes; air transportation system’s subsystems and units functioning process; fuel and energy processes; processes of passengers actions, movement of payload, etc.; The interaction with the environment processes;

  • by type of the crew and air traffic controllers errors: organizational errors - negligence, deliberate or accidental misrepresentation; human error in the interaction with the technical subsystem;

  • according to the individual danger degree of failures forming the combination under consideration: a combination of non-critical failures; coupled with critical failures and errors.

  • by the implementation difficulty and resource consumption for preventing and countering the critical situation at the moment. It means that in the initial stages of failures sequence difficulty of prevention can be significantly lower, and efficiency can be higher.

  • The classification lets develop methods for predicting the critical events’ combination.

4 Accidents Description and the Conditions of Their Occurrence

Formal mathematical representation of the critical events combination is needed to make use of computers,

Consider the general scheme of critical events combination. The mathematical logic and set theory can be used to describe the scheme. Through \( P(a_{1} ,t_{1} ) \) and \( \overline{P} (a_{1} ,t_{1} ) \) denote the staffing and harmful events. The last means a breaking of the security conditions and the occurrence of failure at time t1, associated with a subsystem a 1. This event may imply that in case of necessity of the further subsystem functioning:

  • value r 1(t 1) of resource indicator a 1 is less than critical: \( r_{1} (t_{1} ) < \underline{{\underline{r} }}_{1} \);

  • value r 1(t 1) of resource indicator a 1, if the indicator represented as list, doesn’t contains required component: \( \underline{{\underline{r} }}_{1} \not\subset r_{1} (t_{1} ) \), where \( \underline{{\underline{r} }}_{1} \) – is a resource list necessary for the regular operation of the component subsystem a 1.

The equation of the correct air transportation system’s functioning is

$$ \left( {\forall t \in [t_{1} ,t_{1} + \delta_{p} ]} \right)\,P(a_{1} ,t_{1} ) \wedge P(a_{2} ,t) \wedge \ldots \wedge P(a_{n} ,t) \to \,\ll {\text{correct functioning}}\gg $$

i.e. safety conditions applies for all moments of system’s functioning.

Suppose that in order to avoid the development of a critical situation relating to this harmful event, it should be prevented for time not larger than \( \delta_{p} \). Assume that each of the subsystems a j , j = 2, …, n with interchangeable and sufficient toward a 1 resources can accomplish harmful events’ prevention related to a 1 for time less than \( \delta_{p} \). Condition of other subsystem a j failure occurrence event in moment t denote as \( \overline{P} (a_{j} ,t_{{}} ) \), where j = 2, …, n. In this case, the following condition must be satisfied to prevent the development of an emergency: \( P(a_{2} ,t) \vee \ldots \vee P(a_{n} ,t) \) at \( t \in [t_{1} ,t_{1} + \delta_{p} ] \). That is, at least one of the subsystems a j has sufficient resources to compensate for lack of resources a 1. Then the condition of the emergency functioning is of the form:

$$ \left( {\forall t \in [t_{1} ,t_{1} + \delta_{p} ]} \right)\,\overline{P} (a_{1} ,t_{1} ) \wedge \overline{P} (a_{2} ,t) \wedge \ldots \wedge \overline{P} (a_{n} ,t) \to \,\ll {\text{accident}}\gg $$

This means that subsystem a 1 lack of resources и and simultaneous safety conditions non-compliance for a1 and other subsystems a j , j = 2, …, n on the considered time interval leads to an accident as other subsystems cannot compensate a 1 lack of resources.

It is possible to describe the critical events combination with required level of decomposition in the fairly complicated system using computer, as logical security conditions can be easily programmed.

5 Informational and Logical Diagram for the Air Transportation System Control in a Case of Critical Events’ Combination

According to [1] in order to solve the stated problem, it’s necessary:

  • to work out a list of air transportation system’s events \( \left\{ {D_{1} ,D_{2} , \ldots ,D_{m} } \right\} \) according to the classification;

  • to build an event tree D, which combines trees \( \left\{ {D_{1} ,D_{2} , \ldots ,D_{m} } \right\} \) and allows calculation of critical combinations of events in the air transportation system;

  • to work out a mathematical model allowing numerical calculation of probabilities of different critical combinations.

During the aircraft flights monitoring of appearing events is carried out. The events correspond to various nodes of the D tree, and their combinations cause emergency situations. When event a takes place, which is classified according to the list of accidents and catastrophes as an adverse one, a selection is made of the E(a) set of all the critical combinations of events containing event a, and the probabilities of all these events are calculated. The E1(a) ⊆ E(a) set of critical combinations of events is determined, whose probabilities exceed the known threshold values. The system selects formed in advance lists of actions for preventing adverse events from the database, which allows prevention of critical combination of events.

The normative time for elimination of the malfunction while realizing each list of actions is known, that is, restoration intensities μj(t), \( j = \overline{1,m} \) of functioning of the failed elements of the air transportation system are known.

When it’s impossible for the crew members and flying control officers to fulfil their duties and in the absence in the control system of the list of actions, which would allow the elimination of the situation, the crew and the flying control officer actively form the corresponding lists of actions and estimate the time of their realization, i.e. calculate the μj(t), \( j = \overline{1,m} \) values.

Part of this list of actions is not carried out automatically and is meant for pilots and flying control officers. This part of the list contains several versions of clear and suitable for realization instructions, application of which depends on the decision made by DMP (decision-making person) in the circumstances. The informational and logical diagram of the problem solution is shown on Fig. 2.

Fig. 2.
figure 2

Informational and logical diagram for the air transportation system control in a case of critical events’ combination

Full size image

The following designations are assumed for Fig. 2: 1, 2 – parameters describing the process of the aircraft’s functioning and the state of the crew, respectively; 3, 4 – parameters of the air transportation system, defined by the air transportation control and flight preparation personnel, respectively; 5 – collection of information about the process of the air transportation system’s functioning, coming from sensors and local automated devices; 6 – entering information into a database or into a knowledge base; 7 – estimation of the situation when parameters of the process of the air transportation system’s functioning deviate significantly from the preset values; 8 – identification of the current events affecting the safety of the functioning air transportation system; 9 – determining the list of the minimal sections including events from item 8; 10 – calculation of the probability of critical combinations of events from item 9; 11 – do probabilities of some critical combination of events exceed acceptable thresholds?; 12 – the message about the fact that the probabilities of the considered combinations of events do not exceed the acceptable thresholds; 13 – entering information about non-dangerous event combinations to the server of the air transportation control service; 14 – the message about the fact that the probabilities of the considered combinations of events exceed the acceptable thresholds; 15 – building a radar chart reflecting probabilities of emergency situation when different event combinations take place; 16 – determining of the vector of the optimum values µ i (t)\( ,\;i = \overline{1,n} \) and corresponding actions aimed at eliminating reasons for critical combinations of events; 17 – accepting and realizing solutions for eliminating critical combinations of events, which can cause emergencies; 18 – entering information about an emergency and measures taken for its elimination to the server of the air transportation control service; 19 – collecting information about the current state of the air transportation system’s subsystems; 21 – selection of a controlled list of the critical combinations of events; 22 – displaying a message about the danger of a critical combination of events in the process of functioning of the i-th subsystem of the air transportation system; 23 – issuing a recommendation on actions aimed at eliminating the reasons of a probable emergency situation; 24 – entering information into the database; 25 – launching the simulators; 26 – calling an event tree D*, used for training crews and flying control officers to act when emergency situations arise because of critical combinations of events, from the database; 27 – determining minimal sections of the tree D* corresponding to various combinations of events; 28 – working out algorithms for various minimal sections; 29 – forming a block of test problems; 30 – building a radar chart reflecting probabilities of emergency situation when different event combinations take place; 31 – determining a list of actions aimed at eliminating of the critical combination of events, which are optimal according to safety criterion; 32 – questioning a trainee on which critical situations, in his opinion, it is necessary to take into account while making a decision (pick from a list); 33 – ranging the critical combinations of events that have appeared by the level of danger and estimating the danger of their appearance; 34 – forming by the trainee of the list of actions necessary to eliminate the reasons of the critical combination of events that has taken place; 35 – comparing the list of actions created by the trainee with the test list; 36 – estimation of the level of the trainee’s preparedness to making adequate decisions when various critical combinations of events arise; 37 – was the test passed successfully?; 38 – reward; 39 – entering information into the database about successful completion of training; 40 – analysis of errors; 41 – entering information into the database; 42 – launching the procedure of collecting and analyzing statistical data about the emergencies that happened during the last month due to critical combination of events; 43 – determining repeatable emergencies; 44 – elimination of the reasons of repeatable critical combinations of events; 45 – was it successful?; 46 – issuing recommendations on eliminating the critical combination of events; 47 - entering information into the database; 48 – issuing recommendations on the air transportation system’s structure changes; 49 – changing the air transportation system’s structure; 50 – accumulating information about control modifications applied during the last year; 51 – expert estimation of the size of the economical effect from the application of the control modifications; 52 – was the expected economical effect of the problem solution reached or exceeded? 53 – analysis of reasons; 54 – correction of the plan of actions aimed at minimizing the damage from the emergencies caused by the critical combination of events; 55 – getting approval for the corrected plan of actions; 56 – entering information into the database.

For the minimal period of time (seconds, minutes, or hours), the problem of control is solved, and the work of the system is directed at supporting the decision making for crews and flying control officers during the flight. Information about critical combinations of defects and errors collected at this stage is systematized in data banks, processed and analyzed.

For the medium time period (day, month, or quarter), training of pilots and flying control officers on the basis of the collected information takes place, which allows avoiding emergency situations in the future. Information about training results and of the possibility of avoiding critical combinations of events is systematized and analyzed in the corresponding databases.

For long time periods accumulation of information and knowledge of known emergency situations takes place, and the problem of renovating of air transportation systems gets solved: alterations of the normative documents, improving the design of the aircraft. The solution of such problems is necessary to help managers at various levels, system architects, aircraft designers, etc.… When necessary, correction of parameters of the mathematical model is carried out to use for controlling an air transportation system with safety as the criterion. This correction can be especially important when the same failures are repeated often. The problem can be solved by means of correcting regulations, laws and rules, constant adaptation of the control system and accumulating information in data banks.

6 Conclusion

The main purposes of improving the air transportation systems safety are creating models of all parts of the air transportation system, the development of technology-based requirements for fail-safety, including crew’s errors.

The approaches to the cause-effect description of the critical events combination that cause accidents in the air transportation system are developed. The proposed methods can be used to investigate and forecast the causes of accidents and catastrophes in air transportation systems.

The logical conditions for description of the most important causes of accidents difficult to prevent, as well as the further critical events combination classification development put on the basis of the proposed approach.

The proposed language for describing and formalizing is simple to use by engineers for programming and description of the big number of known accidents in the world, presenting them in a compact and convenient form for the formation and collecting in data bases.

The proposed approaches and research results could be used for simulators and decision-making systems and in air transportation systems. These developments are used to improve the model reliability and safety of air transportation systems created by Open Joint Stock Company «Ilyushin Aviation Complex».