Abstract
Purpose
In order to solve the problem of inaccurate calculation of index weights, subjectivity and uncertainty of index assessment in the risk assessment process, this study aims to propose a scientific and reasonable centralized traffic control (CTC) system risk assessment method.
Design/methodology/approach
First, system-theoretic process analysis (STPA) is used to conduct risk analysis on the CTC system and constructs risk assessment indexes based on this analysis. Then, to enhance the accuracy of weight calculation, the fuzzy analytical hierarchy process (FAHP), fuzzy decision-making trial and evaluation laboratory (FDEMATEL) and entropy weight method are employed to calculate the subjective weight, relative weight and objective weight of each index. These three types of weights are combined using game theory to obtain the combined weight for each index. To reduce subjectivity and uncertainty in the assessment process, the backward cloud generator method is utilized to obtain the numerical character (NC) of the cloud model for each index. The NCs of the indexes are then weighted to derive the comprehensive cloud for risk assessment of the CTC system. This cloud model is used to obtain the CTC system's comprehensive risk assessment. The model's similarity measurement method gauges the likeness between the comprehensive risk assessment cloud and the risk standard cloud. Finally, this process yields the risk assessment results for the CTC system.
Findings
The cloud model can handle the subjectivity and fuzziness in the risk assessment process well. The cloud model-based risk assessment method was applied to the CTC system risk assessment of a railway group and achieved good results.
Originality/value
This study provides a cloud model-based method for risk assessment of CTC systems, which accurately calculates the weight of risk indexes and uses cloud models to reduce uncertainty and subjectivity in the assessment, achieving effective risk assessment of CTC systems. It can provide a reference and theoretical basis for risk management of the CTC system.
Keywords
Citation
Sun, Y., Zhang, T., Ding, S., Yuan, Z. and Yang, S. (2024), "Risk assessment of high-speed railway CTC system based on improved game theory and cloud model", Railway Sciences, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/RS-03-2024-0006
Publisher
:Emerald Publishing Limited
Copyright © 2024, Yanhao Sun, Tao Zhang, Shuxin Ding, Zhiming Yuan and Shengliang Yang
License
Published in Railway Sciences. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
With the continuous development of China's economy, High-speed railway (HSR) has become the main body of inter-regional rapid transportation in the comprehensive transportation system (Song, Gao, Li, Liu, & Dong, 2023). The HSR dispatching system is the brain and nerve center of the HSR transportation system and plays a huge role in ensuring the safety, punctuality, and efficient operation of HSR trains (Sun, Zhang, Yuan, Gao, & Ding, 2020). With the continuous advancement of science and technology, China HSR dispatching system is based on the Centralized Traffic Control (CTC), realizing the automation and remote control of dispatching and command centered on train operation plan control. The CTC system is mainly composed of three parts: the railway administration central subsystem, the station subsystem, and the network subsystem (Ding, Zhang, Sheng, Chen, & Yuan, 2023), which are highly coupled. If the risks between these subsystems are not handled properly, it may cause CTC system disorder and affect train operating efficiency. In severe cases, it may even lead to major accidents (Zhang et al., 2022). For example, the 2008 Chatsworth train collision in the United States, the 2012 Buenos Aires rail disaster in Argentina, and the 2020 Livraga derailment in Italy indicate potential risk issues with the CTC systems (Xu et al., 2023). Therefore, it becomes an important issue for CTC system developers to focus on improving the safety of the CTC systems. Risk assessment has a strong guiding role in identifying the risks of the CTC systems and reducing accidents. Therefore, it is necessary to study the risk assessment of the CTC systems.
Safety is the eternal theme and the lifeline of railway transportation (Zhang, Li, Yuan, & Yu, 2018). Therefore, many experts and scholars have conducted risk assessments on the development of railway systems and have achieved certain research results. By collecting various accident reports and holding workshops with railway safety experts, Leitner (2017) identified various hazardous events that may directly lead to casualties. And a risk assessment was conducted on the Slovakian railway system by using safety technologies such as Fault Tree Analysis (FTA) technology and Event Tree Analysis (ETA) technology. Alawad, Kaewunruen, and An (2020) proposed a novel framework that uses computer vision and pattern recognition to perform risk management in railway systems (Hwang & Jo, 2013). first used the Preliminary Hazard Analysis (PHA) method to draw the initial hazard sources at the most fundamental stage, and then used Hazard and Operability Study (HAZOP) to evaluate the risks of the railway signaling system. Szaciłło, Krześniak, Jasiński, and Valis (2022) used the traditional risk matrix assessment method to assess rail freight transport risks. In order to apply it, the causes and consequences of undesirable events during the implementation of rail freight transport were specified. (Zhang, Xu, & Su, 2013) combined Failure Mode, Effects and Criticality Analysis (FMECA) and Fuzzy Analytical Hierarchy Process (FAHP) to construct a new risk assessment method. Finally, a case study on risk assessment of the interval signal control function for the train control center (TCC) is used to illustrate the application of the proposed risk assessment method. Ilczuk and Kycko (2023) used the Failure Mode and Effect Analysis (FMEA) method and the fuzzy set method, as well as various methods of fuzzification and defuzzification. In order to overcome the inherent imprecision and uncertainty of the available data, Jafarian and Rezvani (2012) improved FTA using fuzzy sets and extended the minimal cut-set and the Fussell–Vesely importance measures of the conventional approach into the fuzzy environment. Considering both existing expertise and uncertainties, such as fuzziness and randomness of the evaluation, Wu, Zhen, and Zhang (2020) evaluated urban rail transit operation safety through the Criterion Relevance (CRITIC) method based on the cloud model and improved criterion importance. Cases were used to prove that the modified method can indeed conduct a scientific, systematic, and objective evaluation of the index system.
The above experts and scholars have provided significant insights into risk assessment. For example, how to deal with fuzziness in risk assessment, calculate the weight of risk factors, etc. For the fuzziness of risk assessment, some experts used fuzzy sets to deal with it, and some experts use cloud models to deal with it. Compared with fuzzy sets, cloud models can better handle the conversion of qualitative data into quantitative concepts. Therefore, using cloud models for risk assessment has become a trend (Zhang, Wu, Chen, Skibniewski, & Zhong, 2015). Another issue in risk assessment is obtaining the weights of risk factors or risk indexes. In the aforementioned research regarding the acquisition of weights, some use the FAHP, while others use the CRITIC. However, these two methods can only obtain subjective weights or objective weights separately. There is relatively few research on combining these two types of weights. Even in cases where studies do combine them, it is often a simple linear combination. As belongs to the operation research theory, game theory can better coordinate the conflicts between different weighting methods, maximizes the mutual benefits of various weighting methods, and obtains the most satisfying combined weight (Wu, Lee, Guizani, & Wang, 2014). Therefore, this paper aims to propose a risk assessment model for the HSR CTC systems, which is based on cloud model theory and uses game theory to obtain the combined weight of risk indexes.
The remainder of this paper is displayed as follows. Section 2 briefly introduces the CTC system and conducts risk analysis on the CTC system using System-Theoretic Process Analysis (STPA), laying the foundation for subsequent CTC system risk assessment. Section 3 introduces three methods of calculating weights and a weight combination calculation method based on game theory. In addition, a brief introduction to the cloud model theory was given, and the risk assessment steps based on the cloud model were given. Section 4 is an example of verifying the method in this article and conducts a risk assessment on the CTC system of a railway administration. Section 5 summarizes this paper and points out the direction for next research.
2. CTC system risk analysis
The CTC system is a telecontrol system divided into two levels: the central system and the station system. Dispatchers located in the railway administration's dispatch center complete operations such as plan adjustments, route control, and issuance of dispatch orders through various terminal devices in the CTC center system. The operation instruction information is sent to the train service terminal or station autonomous machine of the corresponding station through the communication machine. The station attendant operates the train service terminal to accept the plan issued by the CTC center and sign for the dispatch order. The station autonomous machine generates instructions according to the adjustment plan and sends them to the computer-based interlocking (CBI) system for execution. The station receipt information for the plan and dispatching commands is back to the dispatch center through the communication machine program. The station operation terminal can also directly send instructions to the station autonomous machine. In addition to the internal information exchange of the CTC system, the CTC system also communicates with external systems such as radio block center (RBC), temporary speed restriction server (TSRS), CBI, and TCC through system interfaces for information transmission and feedback. Obviously, the CTC system is a typical control-feedback system.
Regarding risk analysis of complex systems, the most classic and commonly used models are the system-theoretic accident model and process (STAMP) and the STPA based on STAMP (Leveson, 2004). Different from commonly used linear chain-of-events models, such as hazard and operability analysis, FMEA and FTA, etc. STPA considers the interaction between components or the hazards involving non-failure of components (Sulaman, Beer, Felderer, & Höst, 2019). STPA starts with identifying types of potential losses of the target system, hazards for those losses, and constraints for the hazards. Then, create a STAMP model for the system, that is, a control structure composed of control actions and feedback between the controller and the controlled process. Next, identify the potential unsafe control actions (UCA) for each control action in the control structure that could result in system hazards and losses. Finally, determine how each UCA occurs and how it propagates to system losses (loss scenario). The analysis process of STPA is shown in Figure 1.
The steps for conducting risk analysis on the CTC system using STPA are as follows.
Step 2: Define the CTC system control structure. Based on the functions of the CTC system and the information flow of its interaction with other systems, the control structure of the CTC system is established. The control structure of the CTC system is shown in Figure 2.
Step 3: Identify the UCA of the CTC system. Considering the constraints of space, this paper takes the interaction between the dispatcher and the CTC system as an example for illustration, as shown in Table 3.
Step 4: Determine how each UCA occurs. The possible causes of UCA and the loss scenario caused by UCA are shown in Table 4.
3. Methodology
3.1 Combined weight calculation method based on game theory
The acquisition of index weights is crucial for risk assessment, and its accuracy directly impacts the risk evaluation results. The consideration of weights is mostly focused on subjective or objective weights. However, there is relatively less emphasis on correlation weights. From the perspective of information theory, if one index significantly influences another, indicating that the former provides more information than the latter, and it should be assigned a higher weight. Therefore, calculating correlation weights for indexes is also reasonable.
3.1.1 Calculation of subjective weights
Analytical Hierarchy Process (AHP) is a classical method for calculating subjective weights, but in constructing the judgment matrix, it is challenging for experts or decision-makers to make precise pairwise comparisons among indexes. In order to overcome this problem, this paper uses triangular fuzzy numbers (TFN) to improve AHP.
The definition of the TNF is as follows.
If Q is a TNF, then it can be represented as:
As shown in Figure 3, a, b, and c are the lower, median, and upper bounds of the TNF, respectively.
Let
The simple steps are as follows.
Step 1: According to Table 5, use the TNF to compare n indexes pairwise and construct a fuzzy judgment matrix Q.
(4)Step 2: Calculate the fuzzy relative weights of the j-th index with respect to other indexes.
(5)Step 3: According to the calculation degree of possibility in Equation (3), the possibility of the j-th index compared to other indexes is calculated:
(6)Step 4: Normalize
(7)
3.1.2 Calculation of relative weights
The interrelationship between indexes has a significant impact on the weights of the indexes. Therefore, for risk assessment, relative weights also need to be calculated. Decision-making Trial and Evaluation Laboratory (DEMATEL) is a comprehensive method for building and analyzing a structural model involving causal relationships between complex factors. However, it is also subjective. Similar to AHP, DEMATEL can be enhanced by using TNF to calculate the relative weights of indexes. The steps of the Fuzzy Decision-making Trial and Evaluation Laboratory (FDEMATEL) are as follows:
Step 1: According to Table 5, a fuzzy initial direct-relation matrix B is constructed using TNF to represent the degree of mutual influence among n indexes.
Step 2: The Converting Fuzzy data into Crisp Scores (CFCS) method is used to defuzzify P to obtain the direct-relation matrix D (Zhang et al., 2015). Then, calculate the standard direct influence matrix, standardize the direct influence matrix D according to Equation (9), and obtain the standardized direct-relation matrix G.
Step 3: Calculate the total relation matrix T. The calculation equation is as follows.
Step 4: Calculate the relevance of indexes
The greater the relevance of an index, the greater its impact on other indexes. In the context of risk assessment, higher relevance indicates greater risk, and consequently, the weight assigned to it is also higher. Normalize the relevance to obtain the correlation weight of the index.
3.1.3 Calculation of objective weights
The basic steps of the entropy weight method are as follows (Yuan, Li, Xu, Zhao, & Liu, 2019).
Step 1: Establish risk assessment matrix Y composed of m evaluation experts and n evaluation indexes.
Step 2: If the indexes have the benefit index or the cost index, then the benefit index is normalized according to Equation (14), and the cost-type index is normalized according to Equation (15):
Step 3: According to the definition of entropy in the information theory, the information entropy of the j-th evaluation index is:
Step 4: Calculate the weight of the index based on information entropy.
3.1.4 Combined weights based on game theory
Compared with the general linear combined method, the combined weight method based on game theory can better balance the differences between different weight calculation methods, making the acquisition of combined weight more reasonable and accurate (Xie et al., 2022).
Assuming that the index weights
Based on game theory, seek the most satisfied
According to the differential properties of the matrix, the first derivative of Equation (20) is transformed into a system of linear equations.
Normalize
Finally, the optimal combined weight is obtained.
3.2 Cloud model theory
In 1995, Academician Li Deyi proposed the cloud model theory based on probability theory and fuzzy set theory. This model can implement the uncertain transformation between a qualitative concept and its quantitative instantiations quantitative aspects, effectively overcoming uncertainty issues in conventional risk assessments (He & Liu, 2020).
3.2.1 Basic concepts of cloud model
Let U be a domain of discourse represented by quantitative values and C be the qualitative concept on U. If the qualitative value is
Then, the distribution of x on the domain U is called a cloud, and each
3.2.2 The numerical character of cloud model
The numerical character (NC) of the cloud is represented by three values: expectation Ex, entropy En, and hyper entropy He, which are recorded as C(Ex, En, He). The expectation Ex represents the distribution expectation of cloud droplets in the domain space, reflecting the points in the domain space that can best represent qualitative concepts. The entropy En represents the degree of determinism of qualitative concepts, reflecting the size of the range of values that the domain space can be accepted by qualitative concepts. The hyper entropy He represents the determinism measure of entropy, reflecting the degree of dispersion of cloud droplets (Wang, Wang, Wang, Au-Yong, & Ali, 2021). Figure 4 is an example of a cloud model with Ex = 0.5, En = 0.2, He = 0.015, and cloud drop number N is set as 4000.
There are two methods for determining the NC of cloud mode: one is the backward cloud generator method, which is mainly used to generate NC for index evaluation. This method is based on statistical principles, transforming data into NC C(Ex, En, He) representing qualitative concepts of clouds, and then forming a normal cloud. The algorithm steps are as follows.
Input: M experts’ assessment of risk indexes
Output: Cloud model NC C(Ex, En, He) of evaluation indexes.
Firstly, Calculate the sample mean, which is the expectation Ex.
Finally, calculate the entropy En and hyper entropy He.
Another NC generation method is mainly used to generate the NC of the assessment standard cloud, that is, the NC that determines the assessment level. Suppose the left boundary of each level scoring interval of the assessment index is
3.2.3 Cloud model similarity measurement
Similarity measurement can be performed between two different cloud models. The traditional method is to use the expectation Ex as the benchmark. Although this method is simple, it does not take into account the two NC of En and He, so the results of the similarity measurement are rough.
In order to calculate the similarity measure of cloud models more accurately, the paper proposes a cloud model similarity measurement method based on the improved expectation curve and Kullback-Leibler (KL) divergence.
If the cloud droplet x satisfies
KL divergence is an asymmetry measure of the difference between two probability density functions (PDF). It is often used to measure the difference between two PDFs. The greater the KL divergence, the greater the difference between the two PDFs (Budka, Gabrys, & Musial, 2011).
This paper uses KL divergence to measure the difference in the modified expectation curves of two cloud models, thereby measuring the similarity of the two cloud models. For continuous random variables P and Q, their PDFs are p(x) and q(x), respectively, and the KL divergence is defined as follows.
There is a symmetrical form of KL divergence, namely
3.3 Risk assessment method based on improved game theory and cloud model
3.3.1 Building the risk assessment indexes for the CTC system
The STPA method was utilized to conduct a risk analysis of the CTC system and establish risk assessment indexes for it. These indexes are divided into two levels: the first level comprises three indexes, while the second level consists of 12 indexes, as illustrated in Figure 5.
3.3.2 Obtain the cloud model NC of risk assessment index and standard
Assume that M experts evaluate the risk indexes of the CTC system, and the expert's evaluation result is
For the assessment standard, use the natural optimal golden section model to determine the score interval and standard cloud model parameters within the scoring interval [0,1], then obtain the NC of the assessment standard cloud according to Equation (28), as depicted in Table 6.
Generating a standard assessment cloud map through the cloud NC of the standard assessment, as shown in Figure 6.
3.3.3 Generate CTC system comprehensive assessment cloud
After obtaining the NC of the risk assessment index, and considering the different weights assigned to each index, it is necessary to perform a weighted aggregation operation on the NC of the index assessment to obtain the final comprehensive assessment cloud.
Assuming there are N assessment indexes, the NC of the index is
Based on the NC of the comprehensive assessment cloud, draw the comprehensive assessment cloud diagram. Next, utilize the cloud model measurement method to measure the similarity between the comprehensive assessment cloud and the standard assessment cloud. Finally, obtain the risk assessment results. See Figure 7.
4. Case study
In order to enhance the safety and reliability of the CTC system and reduce system risks, a railway group invited 10 experts, 10 train dispatchers, and 10 station attendants to conduct a risk assessment on the CTC system of a railway line. The assessment score interval is [0,1]. The larger the score, the higher the risk of the index. According to Equations (24) ∼ (27), use the backward cloud generator method to convert the score data provided by the experts into the NC of the risk index. as shown in Table 7.
According to Equations (4)∼(17), the subjective weight, relative weight and objective weight of the index are calculated respectively. Next, use Equations (18) ∼ (22) to calculate the combined weight of the index. The weights of the first-level index are shown in Table 8, and the weights of the second -level index are shown in Table 9.
After obtaining the index weights, use Equation (33) to perform a weighted calculation on the NC of the second-level index risk assessment cloud model to obtain the NC of the first-level index risk assessment cloud model, as illustrated in Table 10. Subsequently, generate their respective cloud maps based on the NC of the second-level index, which is shown in Figure 8–10. Similarly, the NC of the first-level indexes risk assessment cloud model is obtained. The NC is weighted and calculated to obtain the NC of the CTC system risk assessment cloud model, which is Ex = 0.342, En = 0.072, He = 0.015. Finally, a comprehensive CTC system risk assessment cloud map is generated, shown in Figure 11.
It is obvious that although the cloud maps in Figure 8–11 are between the risk level Ⅲ and risk level IV, they are more inclined to the risk level IV. In order to make the results more convincing, the similarity measurement between the evaluation cloud and the standard cloud was calculated according to Equations (30) ∼ (32), and the results are shown in Table 11.
Through the calculation of the similarity measurement, it can be seen that both the three first-level indexes and the final CTC system risk assessment results are more biased toward risk level IV, that is, the CTC system is running well, risks in the system can be dealt with in a timely manner, and the system is the main functions can be realized. Comparing the assessment results of the risk assessment method based on fuzzy evidential reasoning proposed by Wei, Xu, and Zhang (2020) and the results based on the causative Bayesian network proposed by (Chen, Li, Wang, Wang, & Qiu, 2023), all three methods show risk assessment results at level IV. This suggests that the risk assessment method proposed in this paper is effective.
5. Conclusion
The HSR CTC system is crucial to ensuring the driving safety of high-speed railway trains, and risk assessment is an important means of safety management. Considering the fuzziness and difficulty of quantifying risks, this paper proposes a cloud model-based risk assessment method for CTC systems. Furthermore, this method was used to conduct a risk assessment on the CTC system of a certain railway administration, achieving good application results and providing relatively actual system risk assessment results. The main conclusions are:
STPA was used to conduct risk analysis on the CTC system, and a two-level risk index system was constructed for the CTC system. The proposed index system can cover the risk attributes of the CTC system effectively and lays the foundation for the risk assessment of the CTC system.
The weight of the risk index is significant for the calculation of risk assessment. The combined weight calculation method based on game theory overcomes the shortcomings of the low accuracy of a single weight calculation method.
The cloud model can overcome shortcomings such as fuzziness and difficulty in quantification in the risk assessment process. Compared with a single numerical assessment, the assessment results are more intuitive. The effectiveness of the method was verified by conducting a risk assessment on the CTC system of a certain railway administration, which can provide theoretical and methodological support for risk assessment of the CTC system.
The backward cloud generator method in this paper exhibits some errors in hyper-entropy estimation when the sample size is small. Therefore, future research will focus on enhancing the reverse cloud algorithm to improve the accuracy of the evaluation results.
Figures
Losses of the CTC system
| Loss ID | Description |
|---|---|
| L-1 | Train reception and departure accidents |
| L-2 | Shunting operation accident |
| L-3 | Railway external casualty accident |
Source(s): Authors’ own work
Hazards of the CTC system
| Hazard-ID | Description |
|---|---|
| H-1 | The train departing without proper handling or incorrect handling of blocking procedures resulted in the occurrence of L-1 |
| H-2 | Receiving or departing without preparing the receiving or departing route resulted in the occurrence of L-1 |
| H-3 | Incorrectly handling the train departure voucher before departure or delaying the train resulted in the occurrence of L-1 |
| H-4 | Shunting conflict resulted in the occurrence of L-2 |
| H-5 | Shunting derailment resulted in the occurrence of L-2 |
| H-6 | Switch misalignment resulted in the occurrence of L-2 |
| H-7 | Locomotives and Vehicles slip into the section or station resulted in the occurrence of L-2 |
| H-8 | Train colliding with pedestrians resulted in the occurrence of L-3 |
Source(s): Authors’ own work
UCA between the dispatcher and CTC system
| Control action | UCA | |||
|---|---|---|---|---|
| Uncontrol | Control | Control at the wrong time | Stop too soon/Applying too long | |
| Dispatcher modifies instructions | The dispatcher did not modify the instructions, causing hazards H-1 and H-2 | The dispatcher modified the instruction, causing hazard H3 | The dispatcher modified the instructions at the wrong time, causing hazards H1, H2, and H3 | N/A |
| Dispatcher executes instructions | The dispatcher failed to execute the instructions, causing hazards H-1 and H-2 | The dispatcher executed the instruction, causing hazard H3 | The dispatcher executed the instructions at the wrong time, causing hazards H1, H2, and H3 | N/A |
| Dispatcher handles the train route | The dispatcher failed to handle the approach, causing hazards H1 and H2 | The dispatcher handled the train route, causing danger H3 | The dispatcher handled the train route at the wrong time, causing hazards H1, H2, and H3 | N/A |
| Dispatcher sends dispatch orders | The dispatcher did not send dispatching orders, causing dangers H1 and H2 | The dispatcher sends a dispatch command, causing danger H3 | The dispatcher sends dispatching commands at the wrong time, causing hazards H1, H2, and H3 | N/A |
| Dispatcher issues train operation adjustment plans | The dispatcher did not issue the train operation adjustment plan, causing hazards H1 and H2 | The dispatcher issues the train operation adjustment plan, causing hazard H3 | The dispatcher issues the train operation adjustment plan at the wrong time, causing hazards H1, H2, and H3 | N/A |
| Dispatcher sends train operation voucher | The dispatcher failed to send the train operation voucher, causing hazards H1 and H2 | The dispatcher sends the train operation voucher, causing hazards H3 | The dispatcher sends the train operation voucher at the wrong time, causing hazards H1, H2, and H3 | N/A |
Source(s): Authors’ own work
The causes and consequences of UCA
| UCA | Possible cause | Loss scenario |
|---|---|---|
| The dispatcher did not modify the instructions | The shunting work order issued to the locomotive did not receive a receipt in time | H-1 or H-2 |
| The wireless shunting route arrangement application information sent by the driver to the autonomous machine was not received | ||
| The train operation adjustment plan is being implemented, but the adjustment time calculated by the autonomous calculation has not yet started | ||
| The dispatcher modified the instructions | Received wrong receipt information | H-3 |
| The wireless shunting route arrangement application information received from the driver to the autonomous machine is incorrect | ||
| Dispatchers modify instructions when they make mistakes | The shunting work order sent to the locomotive has not received a receipt | H-1 or H-2 or H-3 |
| The wireless shunting application information sent by the driver to the autonomous machine was not received in time | ||
| During the execution of the train operation adjustment plan, the shunting time calculated by the autonomous machine was wrong | ||
| The successive route resulted in the operating time of various trains not being implemented according to the standard time | ||
| … | … | … |
Note(s): “...” indicates that the table is not fully displayed. Due to the space limit of the paper, only a part of the table has been intercepted
Source(s): Authors’ own work
The correspondence between TNF and importance & influence
| Importance | Influence | TNF(a, b, c) |
|---|---|---|
| Equally important | No influence | (0, 0.1, 0.3) |
| Slightly important | Low influence | (0.1, 0.3, 0.5) |
| important | Medium influence | (0.3, 0.5, 0.7) |
| Very important | High influence | (0.5, 0.7, 0.9) |
| Extremely important | Very high influence | (0.7, 0.9, 1) |
Source(s): Authors’ own work
The NC of the assessment standard cloud
| Risk level | Score interval | NC | Risk description |
|---|---|---|---|
| I High Risk | [0.691, 1] | (1,0.103,0.0131) | The CTC system has basically lost all its functions and is extremely prone to major accidents and casualties |
| II Slightly High Risk | [0.499,0.883] | (0.691,0.064,0.0081) | The CTC system risk has reached a critical level, and certain improvement measures must be implemented for the risk |
| III Medium Risk | [0.407,0.593] | (0.500,0.031,0.0050) | The CTC system has the risk of reduced system performance and reduced transportation efficiency |
| IV Slightly Low Risk | [0.117,0.501] | (0.309,0.064,0.0081) | The CTC system operates well, risks in the system can be dealt with in a timely manner, and the main functions of the system can be realized |
Source(s): Authors’ own work
The NC of the second-level index
| Second level index | NC | ||
|---|---|---|---|
| Ex | En | He | |
| Alarm information of CTC system | 0.356 | 0.058 | 0.009 |
| The usability of CTC system | 0.391 | 0.140 | 0.017 |
| The interface display of CTC system | 0.293 | 0.097 | 0.013 |
| Interface information exchange between the CTC system and RBC | 0.317 | 0.054 | 0.009 |
| Interface information exchange between the CTC system and TSRS | 0.350 | 0.050 | 0.012 |
| Interface information exchange between the CTC system and CBI | 0.361 | 0.067 | 0.008 |
| Interface information exchange between the CTC system and TCC | 0.320 | 0.035 | 0.005 |
| Interface information exchange between the CTC system and GSM-R | 0.247 | 0.081 | 0.031 |
| Maintenance and updates of the CTC system | 0.337 | 0.036 | 0.017 |
| Reliability of CTC system equipment | 0.349 | 0.032 | 0.023 |
| CTC system software reliability | 0.203 | 0.037 | 0.015 |
| Internal information exchange within CTC system | 0.339 | 0.053 | 0.015 |
Source(s): Authors’ own work
Weights of the first-level index
| First level index | Subjective weigh | Relative weight | Objective weight | Combined weight |
|---|---|---|---|---|
| The human-machine interface of CTC system | 0.336 | 0.458 | 0.408 | 0.44 |
| Information exchange between CTC system and external systems | 0.243 | 0.321 | 0.279 | 0.258 |
| Reliability of CTC system | 0.421 | 0.221 | 0.313 | 0.302 |
Source(s): Authors’ own work
The weights of the second -level index
| Second level index | Subjective weigh | Relative weight | Objective weight | Combined weight |
|---|---|---|---|---|
| Alarm information of CTC system | 0.292 | 0.221 | 0.295 | 0.270 |
| The usability of CTC system | 0.335 | 0.438 | 0.495 | 0.432 |
| The interface display of CTC system | 0.373 | 0.341 | 0.210 | 0.298 |
| Interface information exchange between the CTC system and RBC | 0.225 | 0.227 | 0.143 | 0.197 |
| Interface information exchange between the CTC system and TSRS | 0.126 | 0.260 | 0.119 | 0.175 |
| Interface information exchange between the CTC system and CBI | 0.359 | 0.282 | 0.244 | 0.288 |
| Interface information exchange between the CTC system and TCC | 0.176 | 0.141 | 0.256 | 0.191 |
| Interface information exchange between the CTC system and GSM-R | 0.114 | 0.09 | 0.238 | 0.149 |
| Maintenance and updates of the CTC system | 0.169 | 0.120 | 0.168 | 0.153 |
| Reliability of CTC system equipment | 0.267 | 0.376 | 0.294 | 0.313 |
| CTC system software reliability | 0.326 | 0.193 | 0.310 | 0.277 |
| Internal information exchange within CTC system | 0.238 | 0.311 | 0.228 | 0.257 |
Source(s): Authors’ own work
The NC of the first-level index
| First level index | NC | ||
|---|---|---|---|
| Ex | En | He | |
| Alarm information of CTC system | 0.358 | 0.105 | 0.015 |
| The usability of CTC system | 0.322 | 0.057 | 0.013 |
| The interface display of CTC system | 0.306 | 0.039 | 0.017 |
Source(s): Authors’ own work
The NC of the first-level index
| Risk assessment | Similarity measurement | Risk assessment results | |
|---|---|---|---|
| III | IV | ||
| The cloud map of the human-machine interface of CTC system | 0.002 | 0.926 | IV |
| The cloud map of information exchange between CTC system and external systems | 0.001 | 0.963 | IV |
| The cloud map of reliability of CTC system | 0.001 | 0.997 | IV |
| The comprehensive cloud map of CTC system risk assessment | 0.001 | 0.958 | IV |
Source(s): Authors’ own work
References
Alawad, H., Kaewunruen, S., & An, M. (2020). A deep learning approach towards railway safety risk assessment. IEEE Access, 8, 102811–102832. doi: 10.1109/access.2020.2997946.
Budka, M., Gabrys, B., & Musial, K. (2011). On accuracy of pdf divergence estimators and their applicability to representative data sampling. Entropy, 13(7), 1229–1266. doi: 10.3390/e13071229.
Chen, Y., Li, X., Wang, J., Wang, W., & Qiu, S. (2023). Research on risk assessment model of catenary based on causative Bayesian network. Journal of Railway Science and Engineering, 20(8), 3067–3071.
Ding, S., Zhang, T., Sheng, K., Chen, Y., & Yuan, Z. (2023). Key technologies and applications of intelligent dispatching command for high-speed railway in China. Railway Sciences, 2(3), 336–346. doi: 10.1108/rs-06-2023-0023.
Gong, Y., Jiang, Y., & Liang, X. (2015). Similarity measurement for normal cloud models based on fuzzy similarity measure. Systems Engineering, 33(9), 133–137.
He, Y., & Liu, J. (2020). Electric Internet of Things security risk assessment based on combined weighting-cloud model. Power System Technology, 44(11), 4302–4309.
Hwang, J., & Jo, H. (2013). Hazard Identification of railway signaling system using PHA and HAZOP methods. International Journal of Automation and Power Engineering, 2(2), 32–39.
Ilczuk, P., & Kycko, M. (2023). Risk assessment in the design of railroad control command and signaling devices using fuzzy sets. Applied Sciences, 13(22), 12460. doi: 10.3390/app132212460.
Jafarian, E., & Rezvani, M. A. (2012). Application of fuzzy fault tree analysis for evaluation of railway safety risks: An evaluation of root causes for passenger train derailment. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, 226(1), 14–25. doi: 10.1177/0954409711403678.
Leitner, B. (2017). A general model for railway systems risk assessment with the use of railway accident scenarios analysis. Procedia Engineering, 187, 150–159. doi: 10.1016/j.proeng.2017.04.361.
Leveson, N. (2004). A new accident model for engineering safer systems. Safety Science, 42(4), 14–25. doi: 10.1016/s0925-7535(03)00047-x.
Song, H., Gao, S., Li, Y., Liu, L., & Dong, H. (2023). Train-centric communication based autonomous train control system. IEEE Transactions on Intelligent Vehicles, 8(1), 721–731. doi: 10.1109/tiv.2022.3192476.
Sulaman, S. M., Beer, A., Felderer, M., & Höst, M. (2019). Comparison of the FMEA and STPA safety analysis methods–a case study. Software Quality Journal, 27(1), 349–387. doi: 10.1007/s11219-017-9396-0.
Sun, Y., Zhang, Q., Yuan, Z., Gao, Y., & Ding, S. (2020). Quantitative analysis of human error probability in high-speed railway dispatching tasks. IEEE Access, 8, 56253–56266. doi: 10.1109/access.2020.2981763.
Szaciłło, L., Krześniak, M., Jasiński, D., & Valis, D. (2022). The use of the risk matrix method for assessing the risk of implementing rail freight services. Archives of Transport, 64(4), 89–106. doi: 10.5604/01.3001.0016.1185.
Wang, T., Wang, X., Wang, L., Au-Yong, C. P., & Ali, A. S. (2021). Assessment of the development level of regional industrialized building based on cloud model: A case study in guangzhou, China. Journal of Building Engineering, 44, 102547. doi: 10.1016/j.jobe.2021.102547.
Wei, D., Xu, D., & Zhang, Y. (2020). A fuzzy evidential reasoning-based approach for risk assessment of deep foundation pit. Tunnelling and Underground Space Technology, 97, 103232. doi: 10.1016/j.tust.2019.103232.
Wu, T., Lee, W., Guizani, N., & Wang, T. (2014). Incentive mechanism for P2P file sharing based on social network and game theory. Journal of Network and Computer Applications, 41, 47–55. doi: 10.1016/j.jnca.2013.10.006.
Wu, H. W., Zhen, J., & Zhang, J. (2020). Urban rail transit operation safety evaluation based on an improved CRITIC method and cloud model. Journal of Rail Transport Planning and Management, 16, 100206. doi: 10.1016/j.jrtpm.2020.100206.
Xie, X., Zhang, J., Lian, Y., Lin, K., Gao, X., Lan, T., … Song, F. (2022). Cloud model combined with multiple weighting methods to evaluate hydrological alteration and its contributing factors. Journal of Hydrology, 610, 127794. doi: 10.1016/j.jhydrol.2022.127794.
Xu, C., & Wang, G. (2014). Excursive measurement and analysis of normal cloud concept. Computer Science, 41(7), 9–14, 51.
Xu, W., Dai, X., Zhao, C., Tang, Y., Cheng, J., Qu, Z., … Lv, Y. (2023). Parallel testing for centralized traffic control systems of intelligent railways. IEEE Transactions on Intelligent Vehicles, 8(9), 4249–4262. doi: 10.1109/tiv.2023.3305543.
Yang, L., Qin, H., & Su, H. (2022). Research on security risk assessment of SCADA system based on the cloud model and Combined Weighting. CAAI Transactions on Intelligent Systems, 17(5), 969–979.
Yuan, J., Li, X., Xu, C., Zhao, C., & Liu, Y. (2019). Investment risk assessment of coal-fired power plants in countries along the Belt and Road initiative based on ANP-Entropy-TODIM method. Energy, 176, 623–640. doi: 10.1016/j.energy.2019.04.038.
Zhang, L., Wu, X., Chen, Q., Skibniewski, M. J., & Zhong, J. (2015). Developing a cloud model based risk assessment methodology for tunnel-induced damage to existing pipelines. Stochastic Environmental Research and Risk Assessment, 29(2), 513–526. doi: 10.1007/s00477-014-0878-3.
Zhang, Z., Li, K., Yuan, L., & Yu, G. (2018). Mutation model-based test case generation of Chinese train control system with automatic train operation function. 2018 International Conference on Intelligent Rail Transportation (ICIRT) (pp. 1–5). doi: 10.1109/icirt.2018.8641582.
Zhang, T., Li, X., Wu, D., Wang, H., Liu, J., & Zhang, D. (2022). Evaluating the safety control scheme of railway centralized traffic control (CTC) system with coloured Petri nets. Sustainability, 14(18), 11669. doi: 10.3390/su141811669.
Zhang, Y., Xu, Z., & Su, H. (2013). Risk assessment on railway signal system based on Fuzzy-FMECA method. Sensors and Transducers, 156(9), 203–210.
Zhou, J., Zhang, S., Guo, S., & Zhao, J. (2020). Identification approach of pedestrian crowd in metro station based on improved cloud model. Journal of the China Railway Society, 42(3), 104–113.
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China under Grant 62203468, in part by the Technological Research and Development Program of China State Railway Group Co., Ltd. under Grant J2023G007, in part by the Young Elite Scientist Sponsorship Program by China Association for Science and Technology (CAST) under Grant 2022QNRC001, in part by the Youth Talent Program Supported by China Railway Society, and in part by the Research Program of Beijing Hua-Tie Information Technology Corporation Limited under Grant 2023HT02.