Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The practice of the last decades of the last century suggests that the risks of man-made and natural disasters with the consequences of regional, national and global scale are continuously increasing [1], that is due to various objective and subjective conditions and factors [2]. Analysis of accidents and catastrophes can identify the most important causes and weaknesses of control principles for survivability and safety of complex engineering objects (CEO). One of such reasons is the peculiarities of the functioning of the diagnostic systems aimed to identify failures and malfunctions. This approach to security precludes a possibility of a priori prevention of abnormal modes and as a consequence, there is the possibility of its subsequent transition into an accident and catastrophe. Therefore, it is necessary to develop a new strategy to solve security problems of modern CEO for various purposes. Here we propose a strategy that is based on the conceptual foundations of systems analysis, multicriteria estimation and forecasting of risk [3]. The essence of the proposed concept is the replacement of a standard principle of identifying the transition from operational state of the object into inoperable one on the basis of detection of failures, malfunctions, defects, and forecasting the reliability of an object by a qualitatively new principle. The essence of this principle is the timely detection and elimination of the causes of an eventual transition from operational state of the object into inoperable one on the basis of systems analysis of multifactorial risk of abnormal situations, a reliable estimation of margin of permissible risk of different modes of operation of complex technical objects, and forecast the key indicators of the object survivability in a given period of its operation.

1 Introduction

The processes of CEO functioning and processes of ensuring their safety are principally different. The first is focused on achieving the main production target of CES, so they are focused on all stages of a product’s life cycle. The second is regarded as secondary by the defined category of specialists, because in their view, all the major issues of efficiency and reliability and, consequently, the security of the products are resolved at the stages of its development, refinement, handling, testing. As a result, there are precedents when the developments of goals, objectives and requirements for security and, above all, for a technical diagnostics system have not proper justification. As a consequence, it turns out that the figures and properties of the created security system do not correspond to real necessities of complex objects, which they must satisfy.

Thus, there is a practical necessity to qualitatively change the principles and the structure of operational-capability controls and the safety of modern engineering systems in real conditions of multifactor risk influence. First of all, the control of complex objects should be systemized which means that there should be system coordination of operability control and safety control not merely by the corresponding goals, tasks, resources, and expected results but also, importantly, by the immediacy and effectiveness of interaction in real conditions of abnormal situations. Such coordination should provide immediate and effective interaction between the mentioned control systems. On the one hand, the effectiveness of the safety system should be provided for timely detection of abnormal situations, evaluation of risk degree and level, and the definition of an permissible risk margin during the process of forming recommendations about immediate actions given to the decision maker. On the other hand, the system of operational capability control after receiving a signal about abnormal situations should, in an effective and operative manner, make a complex object ready for an emergency transition to an offline state and should make it possible to effect this transition within the limits of permissible risk. This can be achieved only under the condition when the system of technical diagnostics fully complies with the timeliness and efficiency of personnel actions in case of emergencies. Namely: Diagnosis should provide such level of completeness, accuracy and timeliness of information about the state and changing of technologically hazardous processes, which will allow staff to prevent the transition of abnormal situation to an accident and catastrophe in time.

It must be noted that the requirement of timeliness is a priority, as the most accurate, most reliable information becomes unnecessary when it comes to staff after an accident or catastrophe. So there is a practical need of systemic coherence of diagnostic rates with the pace of work processes in different modes of complex engineering systems operation. Such coherence can be one of the most important conditions for ensuring the guaranteed security for the objects with increasing the risk [4].

Fig. 22.1
figure 1

Structural diagram of information platform for engineering diagnostics

Full size image

2 Information Platform of Engineering Diagnostics of the Complex Object Operation

The strategy of system control of complex objects survivability and safety is realized as an information platform of engineering diagnostics (IPED) of the complex objects The diagnostic unit, which is the basis of a safety control algorithm for complex objects in abnormal situations, is developed as an IPED (Fig. 22.1). Let us detail some of these modules of the IPED.

Data accessing of the Initial Information during CEO operation. By a CEO we mean an engineering object consisting of several multi-type subsystems that are system-consistent in tasks, problems, resources, and expected results. Each subsystem has functionally interdependent parameters, measured with sensors. With this purpose, groups of sensors are connected to each subsystem, which different parameters (time sampling, resolution, etc.), depending on what there nature is.

The engineering diagnostics during the CEO operation requires samples of size \(N_{01} \) and \(N_{02} \), where \(N_{01} (N_{01} >>200)\) is the total sample size during the CEO real-mode operation; \(N_{02} (N_{02} <<N_{01} ;N_{02} =40\div 70)\) is the size of the basic sample required to estimate the functional dependences (FD’s). The initial information is reduced to a standard form, which makes it possible to form FD’s from discrete samples. In view of the proposed methodology, Chebyshev polynomials are taken as basic approximating functions, which normalize all the initial information to the interval \([0,1]\).

Recovery of Functional Dependences based on Discrete Samples. In the general case, the initial information is specified as a discrete array [5].

$$\begin{aligned}&\,M_{0} =\langle Y_{0} ,X_{1} ,X_{2} ,X_{3}\rangle ,\\ Y_{0} =(Y_{i} | i&=\overline{1,m}), \,\, Y_{i} =(Y_{i}[q_{0}] | q_{0} =\overline{1,k_{0}}),\\ X_{1} =(X_{1j_{1}} | j_{1}&=\overline{1,n_{1}}),\,\, X_{1j_{1}} =(X_{1j_{1}}[q_{1}] | q_{1} = \overline{1,k_{1}}),\\ X_{2}=(X_{2j_{2}} | j_{2}&=\overline{1,n_{2}}), \,\, X_{2j_{2}} =(X_{2j_{2}}[q_{2}] | q_{2} = \overline{1,k_{2}}),\\ X_{3} =(X_{3j_{3}} | j_{3}&=\overline{1,n_{3}}), \,\, X_{3j_{3}} =(X_{3j_{3}} [q_{3}] | q_{3} = \overline{1,k_{3}})\\ \end{aligned}$$

where the set \(Y_{0} \) determines the numerical values

$$\begin{aligned} Y_{i}[q_{0}]\Rightarrow \langle X_{1j_{1} } [q_{1}], X_{2j_{2} } [q_{2}], X_{3j_{3} }[q_{3}]\rangle \end{aligned}$$

of the unknown continuous functions \(y_{i} =f_{i} (x_{1} ,x_{2} ,x_{3} ),\,\, i=\overline{1,m},\,\, x_{1} =(x_{1j_{1} } \; \left| \; j_{1} \right. =\overline{1,n_{1} }),\,\, x_{2} =(x_{2j_{2} } \; \left| \; j_{2} \right. =\overline{1,n_{2} }),\,\, x_{3} =(x_{3j_{3} } \; \left| \; j_{3} \right. =\overline{1,n_{3} })\). To each value of \(q_{0} \in \left[ 1,k_{0} \right] \) corresponds a certain set \(q_{0} \Leftrightarrow (q_{1} ,q_{2} ,q_{3} )\) of values \(q_{1} \in \left[ 1, k_{1} \right] \,, q_{2} \in \left[ 1, k_{2} \right] , q_{3} \in \left[ 1, k_{3} \right] \). The set \(Y_{0} \) consists of \(k_{0} \) different values \(Y_{i} \left[ q_{0} \right] \). In the sets \(X_{1} ,X_{2} ,X_{3} \) a certain part of values \(X_{1j_{1} } \left[ q_{1} \right] ,X_{2j_{2} } \left[ q_{2} \right] ,X_{3j_{3} } \left[ q_{3} \right] \), for some values \(q_{1} =\hat{q}_{1} \in \hat{Q}_{1} \subset [1,k_{1} ],\; q_{2} =\hat{q}_{2} \in \hat{Q}_{2} \subset [1,k_{2} ],\; q_{3} =\hat{q}_{3} \in \hat{Q}_{3}\subset [1,k_{3} ]\), repeats each, but there are no completely coinciding sets \(\left\langle X_{1j_{1} } \left[ q_{1} \right] ,\; X_{2j_{2} } \left[ q_{2} \right] ,\; X_{3j_{3} } \left[ q_{3} \right] \right\rangle \) for different \(q_{0} \in \left[ 1,k_{0} \right] \). We have also \(n_{1} +n_{2} +n_{3} =n_{0} , n_{0} \le k_{0} \). It is known that \(x_{1} \in D_{1},\; x_{2} \in D_{2},\; x_{3} \in D_{3} ,X_{1} \in \hat{D}_{1},\; X_{2} \in \hat{D}_{2} ,X_{3} \in \hat{D}_{3} \), where

$$\begin{aligned} D_{s} =\langle x_{s\, j_{s} } | d_{sj_{s}}^{-} \le x_{sj_{s}} \le d_{sj_{s}}^{+},\; j_{s} =\overline{1,n_{s}}\rangle , \, s=\overline{1,3}; \end{aligned}$$
$$\begin{aligned} \hat{D}_{s} =\langle X_{sj_{s}} | \hat{d}_{sj_{s}}^{-} \le X_{sj_{s}} \le \hat{d}_{sj_{s} }^{+}, \; j_{s}=\overline{1,n_{s}}\rangle , \, s=\overline{1,3}; \end{aligned}$$
$$\begin{aligned} d_{sj_{s}}^{-} \le \hat{d}_{sj_{s}}^{-},\, \; d_{sj_{s}}^{+} \ge \hat{d}_{sj_{s}}^{+}. \end{aligned}$$

It is required to find approximating functions \(\varPhi _{i} (x_{1} ,x_{2} ,x_{3} ),i=\overline{1,m}\), that characterize the true functional dependences \(y_{i} =f_{i} (x_{1} ,x_{2} ,x_{3}),\,\, i=\overline{1,m}\), on the set \(D_{s} \) with a practicable error.

Since the initial information is heterogeneous as well as the properties of the groups of factors under study, which are determined, respectively, by the vectors \(x_{1}, x_{2}, x_{3} \), the degree of the influence of each group of factors on the properties of approximating functions should be evaluated independently. With this purpose, the approximating functions are formed as a hierarchical multilevel system of models. At the upper level, the model of determination of the approximating functions dependence on the variables \(x_{1}, x_{2}, x_{3} \) is realized. Such a model in the class of additive functions, where the vectors \(x_{1}, x_{2}, x_{3} \) are independent, is represented as the superposition of functions of the variables \(x_{1}, x_{2}, x_{3} \):

$$\begin{aligned} \varPhi _{i} (x_{1} ,x_{2} ,x_{3} )=c_{i1} \varPhi _{i1} (x_{1} )+c_{i2} \varPhi _{i2} (x_{2} )+c_{i3} \varPhi _{i3} (x_{3} ),i=\overline{1,m}. \end{aligned}$$
(22.1)

At the second hierarchical level, models that determine the dependence \(\varPhi _{is} (s=1,2,3)\) on the components of the variables \(x_{1}, x_{2}, x_{3} \), respectively, and represented as

$$\begin{aligned} \begin{array}{l} {\varPhi _{i1} (x_{1} )=\sum \nolimits _{j_{1} =1}^{n_{1} }a_{ij_{1} }^{(1)} \varPsi _{1j_{1} } (x_{1j_{1} } ),\; \varPhi _{i2} (x_{2} )=\sum \nolimits _{j_{2} =1}^{n_{2} }a_{ij_{2} }^{(2)} \varPsi _{2j_{2} } (x_{2j_{2} } ),} \\ {\mathrm{\; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; }\varPhi _{i3} (x_{3} )=\sum \nolimits _{j_{3} =1}^{n_{3} }a_{ij_{3} }^{(3)} \varPsi _{3j_{3} } (x_{3j_{3} } ).} \end{array} \end{aligned}$$
(22.2)

are formed.

At the third hierarchical level, models that determine the functions \(\varPsi _{1j_{1} } ,\varPsi _{2j_{2} } ,\varPsi _{3j_{3} } \) are formed, choosing the structure and components of the functions \(\varPsi _{1j_{1} } ,\varPsi _{2j_{2} } ,\varPsi _{3j_{3} } \) being the major problem. The structures of these functions are similar to (22.2) and can be represented as the following generalized polynomials:

$$\begin{aligned} \varPsi _{sj_{s} } (x_{j_{s} } )=\sum _{p=0}^{P_{j_{s} } }\lambda _{j_{s} p} \varphi _{j_{s} p} (x_{sj_{s} } ),\quad s=1,2,3 . \end{aligned}$$
(22.3)

In some cases, forming the structure of the models, it should be taken into account that the properties of the unknown functions \(\varPhi _{i} (x_{1}, x_{2}, x_{3}), i=\overline{1,m}\), are influenced not only by a group of components of each vector \(x_{1}, x_{2}, x_{3} \) but also by the interaction of their components. In such a case, it is expedient to form the dependence of the approximating functions on the variables \(x_{1}, x_{2}, x_{3} \) in a class of multiplicative functions, where the approximating functions are formed by analogy with (22.1)–(22.3) as a hierarchical multilevel system of models

$$\begin{aligned} \begin{array}{l} {[1+\varPhi _{i} (x)]=\prod _{s=1}^{S_{0} }[1+\varPhi _{is} (x_{s} )]^{c_{is} };\;\; [1+\varPhi _{is} (x_{s} )]=\prod _{j_{s} =1}^{n_{s} }[1+\varPsi _{sj_{s} } (x_{sj_{s} } )]^{a_{ij_{s} }^{s} }; } \\ {\mathrm{\; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; \; }[1+\varPsi _{sj_{s} } (x_{sj_{s} } )]=\prod _{p=1}^{P_{j_{s} } }[1+\varphi _{j_{s} p} (x_{sj_{s} } )]^{\lambda _{j_{s} p} }.} \end{array} \end{aligned}$$
(22.4)

The Chebyshev criterion will be used and for the functions \(\varphi _{j_{s} p} \), biased Chebyshev polynomials \(T_{j_{s} p} (x_{j_{s} p} )\in [0,1]\) will be used. Then the approximating functions based on the sequence \(\varPsi _{1} ,\varPsi _{2} ,\varPsi _{3} \rightarrow \varPhi _{i1} ,\varPhi _{i2} ,\varPhi _{i3} \rightarrow \varPhi _{i} \) which will allow obtaining the final result by aggregating the corresponding solutions are found. Such an approach reduces the procedure of forming the approximating functions to a sequence of Chebyshev approximation problems for inconsistent systems of linear equations.

Due to the properties of Chebyshev polynomials, the approach to forming the functional dependences makes it possible to extrapolate the approximating functions set up for the intervals \([\hat{d}_{j_{s} }^{-} ,\hat{d}_{j_{s} }^{+} ]\) to wider intervals \([\hat{d}_{j_{s} }^{-} ,\hat{d}_{j_{s} }^{+} ]\), which allow forecasting the analyzed properties of a product outside the test intervals.

Quantization of Discrete Numerical Values. The quantization is applied in order to reduce the influence of the measurement error of various parameters on the reliability of the formed solution. The procedure of quantization of discrete numerical values is implemented as follows.

Fig. 22.2
figure 2

Sample at \(t=t_{0} \) and \(t=t_{0} +\varDelta t\)

Full size image

As the base reference statistic for each variable \(x_{1} ,\ldots ,x_{n} ,y_{1} ,\ldots ,y_{m} \), the statistic of random samples in these variables of size \(N_{01} \ge 200\) is taken.

As the base dynamic statistic in the same variables, the statistic of the sample of the dynamics of the object for the last \(N_{02} \) measurements is taken. Therefore, the very first measurement of the original sample should be rejected and measurements should be renumbered in the next measurement \(N_{02} +N_{2} \). Figure 22.2 schematizes the sample for the instant of time \(t=t_{0},\,\, N_{02} =40\) and \(t=t_{0} +\varDelta t(t=1,2,3,\ldots ,t_{k} ,\ldots ,T)\).

For the current dynamic parameters, we take the statistics of samples of size \(N_{02} +N_{2} \) biased by \(N_{2} \) with respect to the statistics of samples of size \(N_{02} \).

Forecasting Nonstationary Processes. The models for forecasting nonstationary processes are based on the original sample of the time series for the initial interval \(D_{0} \) and base dynamic model of processes (22.1)–(22.3). To this end, we will use the well-known property of Chebyshev polynomials that functions are uniformly approximated on the interval \([0,1]\). The essence of the approach is as follows. The initial data are normalized for the interval \(D=\{ t|t_{0}^{-} \le t\le t^{+} \},\,\, D=D_{0} \cup D_{0}^{+} \), which includes the initial observation interval \(D_{0} =\{ t|t_{0}^{-} \le t\le t^{+} \} \) and the prediction interval \(D_{0}^{+} =\{ t|t_{0}^{+} <t\le t^{+} \} \). Then, to determine the dynamic model of the processes as the estimated approximating functions (22.1) or (22.4), based on the initial data, the system of equations is formed for the interval \(D_{0} \). The dynamic forecasting model is based on the extrapolation of approximating functions for the interval \(D_{0} \) to the interval \(D_{0}^{+}\) [5].

Setting up the Process of Engineering Diagnostics. We will use the system of CES operation models to describe the normal operation mode of the object under the following assumptions and statements.

  • Each stage of CEO operation is characterized by the duration and by the initial and final values of each parameter \(y_{i} \) determined at the beginning and the end of the stage, respectively. The variations of \(y_{i} \) within the stage are determined by the corresponding model.

  • All the parameters \(y_{i} \) are dynamically synchronous and in phase in the sense that they simultaneously (without a time delay) increase or decrease under risk factors.

  • The control \(U=(U_{j} |j=\overline{1,m})\) is inertialless, i.e., there is no time delay between the control action and the object’s response.

  • The risk factors \(\rho _{q_{k} }^{\tau } | q_{k} =\overline{1,n_{k}^{\tau } }\) change the effect on the object in time; the risk increases or decreases with time.

  • The control can slow down the influences of risk factors or stop their negative influence on the controlled object if the rate of control exceeds the rate of increase in the influence of risk factors. The negative influence of risk factors is terminated provides the decision making prior implementation to the critical time \(T_{cr} \). At this moment the risk factors cause negative consequences such as an accident or a catastrophe.

To analyze an abnormal mode, let us introduce additional assumptions according to the formation of the model and conditions of recognition of an abnormal situation.

  • The risk factors \(\rho _{q_{k} }^{\tau } |q_{k} =\overline{1,n_{k}^{\tau } }\) are independent and randomly vary in time with a priori unknown distribution.

  • The risk factors can influence on several or all of the parameters \(y_{i} \) simultaneously. A situation of the influence of risk factors is abnormal if at least two parameters \(y_{i} \) are simultaneously changed, without a control, their values are synchronous and are in phase during several measurements (in time).

  • The influence of risk factors will be described as a relative change of the level of control. The values of each risk factor are varied discretely and randomly.

Based on acceptable assumptions, let us present additional models and conditions to detect an abnormal situation. Denote by \(\tilde{y}_{i} \) the value of the parameter \(y_{i} \) is influenced by the risk factors; \(F_{i} (\rho _{q_{k} } )\) is the function that takes into account the level of influence of the risk factors on the \(i\) parameter \(y_{i};\,\, \rho _{q_{k} } \) is the value of the \(q\) risk factor at the instant of time \(t_{k} \).

According to item 8, it is assumed that the value of \(\tilde{y}_{i} [t_{k} ]\) at the instant of time \(t_{k} \) is determined by

$$\begin{aligned} \tilde{y}_{i} [t_{k} ]=\frac{1}{m} \sum _{j=1}^{m}\tilde{b}_{ij} \sum _{r=0}^{R_{j} }a_{jr} T_{r}^{*} (U_{j} );\;\; \tilde{b}_{ij} =b_{ij} \cdot F_{i} (\rho _{q_{k} } ), \end{aligned}$$
(22.5)

where the function \(F_{i} (\rho _{q_{k} } )\) should correspond to the condition where \(\tilde{y}_{i} =y_{i} \) in the absence of the influence of risk factors (i.e., for \(\rho _{q_{k} } =0\)). Therefore, one of the elementary forms of the function \(F_{i} (\rho _{q_{k} } )\) is

$$\begin{aligned} F_{i} (\rho _{q_{k} } )=1-\prod _{q_{k} =1}^{n_{q_{k} } }(1-c_{iq_{k} } \rho _{q_{k} } ) . \end{aligned}$$

Note that risk factors can vary in time continuously (for example, pressure continuously changes as an aircraft lifts) or abruptly (for example, during cruise flight at a certain height, pressure may be changed abruptly at the cyclone-anticyclone interface). The most complex is the case where one risk factor varies continuously and others vary abruptly.

We will recognize risk situations by successively comparing \(\tilde{y}_{i} [t_{k} ]\) for \(\tilde{y}_{i} [t_{k} ]\) several successive values of \(t_{k}, k=\overline{1,k_{0} }\), where \(k_{0} =3\div 7\). As follows from item 2 of the assumptions, the condition of a normal situation is synchronous and in phase changes of \(\tilde{y}_{i} \) for several (in the general case, for all) parameters, whence follows a formula for different instants of time \(t_{k} \) for all of the values of \(i\) and for the same instants of time \(t_{k} \) for different values of \(i\) (different parameters):

$$\begin{aligned}&\qquad \qquad \mathrm{sign}\varDelta \tilde{y}_{i} [t_{1}, t_{2} ]=\ldots =\mathrm{sign}\varDelta \tilde{y}_{i} [t_{k}, t_{k+1} ]=\ldots =\mathrm{sign}\varDelta \tilde{y}_{i} [t_{k_{0} -1}, t_{k_{0} } ],\end{aligned}$$
(22.6)
$$\begin{aligned}&\mathrm{sign}\varDelta \tilde{y}_{1} [t_{k}, t_{k+1} ]=\ldots =\mathrm{sign}\varDelta \tilde{y}_{i} [t_{k}, t_{k+1} ]=\ldots =\mathrm{sign}\varDelta \tilde{y}_{n} [t_{k}, t_{k+1} ], i=\overline{1, n}. \end{aligned}$$
(22.7)

As follows from (22.6) and (22.7), given an abnormal situation on the interval \([t_{1}, t_{k_{0} } ]\), the following inequalities hold simultaneously:

  • the inequality of the signs of increment \(\varDelta \tilde{y}_{i} \) for all the adjacent intervals \([t_{k}, t_{k+1} ]\) for \(k=\overline{1, k_{0} }\) for each parameter \(\tilde{y}_{i}, i=\overline{1,n}\);

  • the inequality of the signs of increment \(\tilde{y}_{i}, i=\overline{1,n}\), for all of the parameters \(\tilde{y}_{i} \) for each interval \([t_{k},t _{k+1} ]\), \(k=\overline{1, k_{0} }\).

Conditions (22.6) and (22.7) are rigid; for practical purposes, it will enough to satisfy the conditions for the representative number (22.3)–(22.5), which determine the parameters \(\tilde{y}_{i} \) but not for all parameters \(i\). The corresponding quantities in (22.6) and (22.7) are defined by

$$\begin{aligned} \varDelta \tilde{y}_{i} [t_{k} ,t_{k+1} ]=\tilde{y}_{i} [t_{k+1} ]-\tilde{y}_{i} [t_{k} ], \end{aligned}$$
(22.8)

where \(\tilde{y}_{i} [t_{k} ]\) are defined by (22.5); it is assumed that \(\rho _{q_{k} } [t_{k+1} ]>\rho _{q_{k} } [t_{k} ]\) i.e., the dependence of each risk factor is a function of time, which increases, or \(\rho _{q_{k} } [t_{k+1} ]<\rho _{q_{k} } [t_{k} ]\) i.e., the dependence is a decreasing function.

The practical importance of recognizing an abnormal situation based on (22.6) and (22.7) is in the minor alteration of \(\tilde{y}_{i} [t_{k} ]\) subject to risk factors since the “indicator” of the change is the sign of the difference in (22.6) and (22.7) rather than the value defined by (22.8). In other words, such an approach is much more sensitive than typical approaches used in diagnostics. Moreover, it allows “filtering” random changes and random measurement errors \(\tilde{y}_{i} \) for separate \(i\) according to (22.8) or for individual \([t_{k} ,t_{k+1} ]\) according to (22.7).

3 Diagnostic of Reanimobile’s Functioning

Contensive statement of a problem. The work of reanimobile, which moves in the operational mode, i.e. with the patient on board, is considered. Patient’s life is provided with medical equipment, which is powered from the reanimobile’s onboard electrical [6].

Basic equipment includes:

  • ICE1—basic internal combustion engine (ICE), which causes the car to move and rotate the main generator of G1;

  • G1—the main generator, with the capacity of 1.1 kW that generates electricity when the angular velocity of crankshaft rotation is above 220 rad/s (when the speed is above 220 rad/s generator is switched on, when falls down 210 rad/s is off);

  • TGB—transmission—gearbox (gear ratio: 1—4.05; 2—2.34; 3—1.39; 4—1; 5—0.85; main transmission—5.125);

  • ICE2 and T2—auxiliary engine with a generator power of 1.1 kW, which is used in emergency situations to provide power (standby ICE2 consumes fuel ICE2 0.5 l/h);

  • RB—rechargeable battery that provides power to the equipment when the generators do not generate electricity;

  • PD—power distribution unit, which provides: battery charge, users’ power from one of the generators, or from the battery, or the combination mode.

Tension in the on-board network depends on the generators and the level of battery charge. In the normal mode all equipment power is provided from the main generator and RB.

The main consumers, which are considered during the simulation:

  • medical equipment, which consumes about 500 W;

  • illumination of the main cabin—120 W;

  • outdoor lighting (lights)—110 W;

  • car’s own needs—100 W.

Charge current is limited at the level that corresponds to the power extracted from the generator, equal to 200 W. Reanimobile must travel a distance of 70 km with a specific schedule of speed, which is formed by road situation.

It is required to ensure electric power for medical equipment, which is located in the main cabin. Since the motion is carried out at night, it is needed to provide additional coverage of the inner and outer. Kinematics parameters approximately correspond to the ambulances, based on GAZ.

Depending on the speed transmission, ratio is changed, therefore, the frequency of crankshaft rotation of the main internal combustion engine is changed (ICE1). At the beginning of the way there are 47 l of fuel in the tank. Nutrition ICE1 and ICE2 are from the same tank. In normal situation, the car safely drives patient for 11,700 s (3 h and 15 min). In this case, the battery voltage does not decrease less than 11.85 V. At the end of the way there are 4.1 l of fuel in the tank.

Transition into abnormal mode is caused by malfunction of the charger, voltage sensor RB. It is assumed that the sensor gives out false information that the battery is fully charged. Since recharging RB is not done, then with the lapse of time the battery is discharged, and, consequently, the voltage on-board network on the intervals of generator outages (while switching gears, ICE1 is idling) will also be decreased. Due to deep discharge the mode is occurred when the output voltage RB is not enough to maintain the medical equipment operability and this is an emergency situation.

The recognition of an abnormal situation. The recognition of an abnormal situation occurs in accordance with prescribed critical values.

  1. 1)

    For stress in the on-board network: abnormal is 11.7 V, emergency is 10.5 V

  2. 2)

    For the amount of fuel: abnormal is 21, and emergency is 11.

  3. 3)

    For the voltage at the rechargeable battery: an abnormal situation \(-11.5\,\mathrm{{V}}\). Thus, while reducing the value of the function below one of the set values, the operation of reanomobile goes to an abnormal mode of functioning.

In other words, if \(Y_{t} \) \(<\) H critical exists, at the moment of time t CES functioning goes to an abnormal mode. Where \(Y_{t} \) is a predicted value for the recovered functional dependence. On the diagrams, this process can be observed in the form of decreasing a prediction level (pink curve) below the threshold of the abnormal mode (blue line).

Critical variables:

  • Board voltage (depending on the parameters of the RB, the generators condition, the load current). This option could lead directly to an emergency, if the board voltage drops below trip level of medical equipment

  • Fuel level depends on the power, which is taken off from the main engine (made in proportion to rotation speed). Decline below a certain point can lead to abnormal (when you can call another car or refueling, and catering equipment from RB) or emergency mode (when the car made a stop for a long time without charging).

  • Voltage RB (depending on the generators condition, the total electricity consumption).

Real-time monitoring of the technical diagnostics is conducted in the reanimobile operation process with the purpose of timely exposure of potentially possible abnormal situations and guaranteeing the survivability of the system’s functioning. In compliance with the developed methodology of the guaranteed CTO functioning safety at the starting phase \(t=t_{0} \), functional recovery \(y_{i} =f_{i} (x_{1} ,\ldots ,x_{j} ,\ldots )\) is performed using \(N_{02} = 50\) given discrete samples of values \(y_{1}, y_{2}, y_{3} \) and their arguments. Here \(y_{1} =Y_{1} (x_{11}, x_{12}, x_{13}, x_{14} )\), \(y_{2} =Y_{2} (x_{21}, x_{22} )\), and \(y_{3} =Y_{3} (x_{31}, x_{32}, x_{33} )\), where \(x_{11} \) is the measured voltage RB; \(x_{12} \) is the velocity of crankshaft rotation; \(x_{13} \) is power, which is provided by auxiliary generator; \(x_{14} \) is the total power consumption; \(x_{21} \) is the velocity of crankshaft rotation; \(x_{22} \) is power, which is provided by auxiliary generator; \(x_{31} \) is the velocity of crankshaft rotation; \(x_{32} \) is power, which is provided by auxiliary generator; \(x_{33} \) is the total power consumption. All data on the variables \(Y_{i},\, i=1,2,3\) and their arguments \(x_{i},\, i=1,2,3\) are given as samples during the reanimobile’s motion within 50,000 s.

In this case, the voltage sensor gives false information about the voltage RB. When the voltage drops below 11.7 V the diagnostic system provides a driver with the signal about an abnormal situation which can be developed into an emergency. The driver stops the car (\(t=7{,}323\) s), switches on a standby generator (\(t=7{,}414\) s) and eliminates the failure (\(t=7{,}863\) s). Having recharged the battery from a standby generator when \(t=8{,}533\) s, the driver turns off the standby generator and resumes the motion (\(t=8{,}623\) s). Due to low battery, voltage at its terminals starts to decrease rapidly. The diagnostic system warns about abnormal situation again, to solve the problem the driver forcefully supports ICE1 speed at 250 rad/s, thus ensuring continued operation of the main generator.

As a result, fuel consumption is increased, which leads to the abnormal situation (\(t=13{,}000\) s) when the amount of fuel is reduced to 1 l. At this moment of time the car is forcibly stopped by the signal of the diagnostics system (before reaching their destination) and a standby generator is switched on to provide the electric power supply (one liter of fuel is enough for 2 h operation of standby generator that allows refuel the car or call for help).

The Risk Detection Procedure. Taking into account the specifics of operation of the system, following risk detection procedures were constructed.

When reanimobile is functioning, possibility of abnormal situation is calculated with the formula

$$ F(\rho _{k} )=1-(1-\rho _{G{\textit{v}}} )(1-\rho _{A{\textit{v}}} )(1-\rho _{F} ), $$

where \(\rho _{G{\textit{v}}} \) is the probability that the board voltage drops below the emergency level; \(\rho _{A{\textit{v}}} \) is the probability that the battery voltage drops below the emergency level; \(\rho _{F} \) is a probability that the fuel level drops below the emergency level. \(\rho _{G{\textit{v}}} \), \(\rho _{A{\textit{v}}} \) and \(\rho _{F} \) are calculated in the following way:

$$\begin{array}{l} \rho _{G{\textit{v}}} =1-\left| (H_{1es} -y_{1pr} )\right| /\left| 1,75*(H_{1es} -H_{1a} )\right| ;H_{1es} \ne H_{1a}; \\ \rho _{A{\textit{v}}} =1-\left| (H_{3es} -y_{3pr} )\right| /\left| 1,75*(H_{3es} -H_{3a} )\right| ;H_{3es} \ne H_{3a}; \\ \rho _{F} =1-\left| (H_{2es} -y_{2pr} )\right| /\left| 1,75*(H_{2es} -H_{2a} )\right| ;H_{2es} \ne H_{2a} , \end{array}$$

where \(H_{1es} \) is board voltage in emergency situations (\(Y_{1r} \Leftarrow 11.7\) V); \(y_{1pr} \) is the current board voltage (recovery functional dependence using forecast); \(H_{1a} \) is board voltage in an emergency (\(Y_{1r} \Leftarrow 10.5\) V); \(H_{2es} \) is the level of fuel in emergency situations (\(Y_{2r} \Leftarrow 1\) L); \(y_{2pr} \) is the current value of the fuel (recovery functional dependence using forecast); \(H_{2a} \) is the level of fuel in an emergency (\(Y_{2r} =0\)); \(H_{3es} \) is a battery voltage in the abnormal mode (\(Y_{3r} \Leftarrow 11.7\) B); \(y_{3pr} \) is the current battery voltage ((recovery functional dependence using forecast); \(H_{3a} \) is a board voltage in an emergency (\(Y_{3r} \Leftarrow 10.5\) V).

This structure of risk was taken on the basis of the normalization behavior of the process in the interval (0,1). Create the formula repelled by conditions: the risk during the emergency must be equal to 1, the risk at the border of abnormal mode should be equal to 0.4. In the result, the risks on all fronts are taken into account. The overall risk is 1 during the damage 0.5–0.6 at the border of the abnormal mode.

Fig. 22.3
figure 3figure 3

Distribution of the on-board network, the amount of fuel in the tank, the rechargeable battery voltage in accordance of time t

Full size image

Some results of reanimobile’s functioning during the first 7,000 s. are shown in Fig. 22.3 as the diagrams of stress distribution of the on-board network, the amount of fuel in the tank, the rechargeable battery voltage. The transition into abnormal mode happens due to failure of the sensor battery voltage. So far as the battery recharging is not conducted, the battery is discharged with the lapse of time and, consequently, the voltage in the on-board network in the period of 6,500–7,400 s is also decreased and transits into abnormal mode. The fuel level, which depends on the capacity of the ICE, is also reduced.

At any time of the program operation user has the ability to look at the operator scoreboard (Fig. 22.4), which displays a series of indicators that reflects the character of the state of CEO of the reanimobile functioning. These are such indicators as: indicators of sensors accumulator battery voltage, fuel quantity in the tank, the voltage on-board network, the state of the system, the risk of the damage, the causes of the abnormal or emergency mode, as well as the indicator of the danger level of the system operation and possible failure of sensors.

Fig. 22.4
figure 4

Scoreboard of diagnostic process

Full size image

4 Conclusion

System coordination of survivability and safety control on the goals, objectives, resources and expected results, as well as by efficiency and effectiveness of interaction in the real conditions of abnormal situations allows to provide the effective and efficient interaction of these control systems. On the one hand, it is ensured the efficiency and effectiveness of security systems according to timely detection of abnormal situations, estimation of its degree and level of risk, definition of the margin of permissible risk in the process of forming the recommendations for the prompt actions of the DM. On the other hand, the survivability control system must effectively and efficiently operate after receiving a signal about the abnormal situation to ensure the availability of a complex object for the emergency transition into abnormal mode and provide its realization within a margin of permissible risk.

The proposed strategy of system coordination of survivability and safety engineering objects operation, implemented as a tool of information platform of engineering diagnostics of the complex objects, ensures the prevention of inoperability and the danger of object’s functioning. By force of systematic and continuous evaluation of critical parameters of object’s functioning in the real time mode, the reasons, which could potentially cause the object’ tolerance failure of the functioning in the normal mode, are timely revealed. For situations, development of which leads to possible deviations of parameters from the normal mode of the object’s functioning, it is possible to make a timely decision about the change of the operation mode of the object, or an artificial correction of the parameters to prevent the transition from the normal mode into the abnormal one, accident and catastrophe.

The principles, which are included in the implementation of the guaranteed safety of CES operation strategy, provide a flexible approach to timely detection, identification, forecasting and system diagnosis of factors and risk situations, formation and implementation of sustainable solutions during the acceptable time within the fatal time limit.