CC BY
7
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL SAFETY OF TRAIN CONTROL SYSTEMS
I.B. Shubinsky1;, E.N. Rozenberg2, H. Schabe3
:DsC, prof., NIIAS, Moscow, Russia, Igor-shubinsky@yandex.ru 2DsC, prof., NIIAS, Moscow, Russia, s,lavruhina@vniias.ru 3Doctor of Natural Sciences, TÜV Rheinland InterTraffic, Cologne, Germany, dr.hendrik.schaebe@gmail. com
Abstract
The paper examines the specificity of the modern intelligent control systems. The Big Data technology and Data Science algorithms open up great potential in train traffic management based on hazard prevention. An example is given of high reliability and acceptable accuracy of hazardous railway infrastructure failure prediction using methods based on artificial intelligence. A great deal of attention is given to economical methods of ensuring the required levels of functional safety of train control systems. For that purpose, the efficiency of the digital twin-based method was evaluated. It is shown that, under certain conditions, this method allows significantly reducing the cost of a control system while achieving an acceptably high level of functional safety. The method of virtual second channels is based on the same principle of using information redundancy rather than hardware redundancy. The paper presents and analyses the method of virtual second channels in respect to an axle counter-based train control system. It is established that it is possible to ensure a safety integrity level of an entire control system with a virtual second channel at least as high as SIL3. The above methods ensure, on the one hand, a reduction of the amount of equipment and significantly lower cost of the systems and, on the other hand, requires the creation of additional software and substantiation of the acceptability of the achieved level of functional safety. This matter is within the competence of the developer of the control system.
Keywords: Control system, functional safety, artificial intelligence, safety case, wrong-side failure prediction, digital twin, virtual channels.
1. Introduction
Amid the ongoing digital transformation, the development of modern computer-based control and management systems in railway transportation involves an accelerated deployment of a whole number of innovative solutions and a wide use of off-the-shelf products, which eventually makes systems more complex and opens up a number of opportunities in terms of automation, including automatic train operation, and can affect the functional safety indicators. In order to maintain these parameters at a specified level and to minimize the impact of human factor, the railway community is increasingly using formal methods and automated means of engineering, diagnostics and monitoring at all stages of a system's life cycle. A major factor of safety and dependability is the standardisation of a system's architecture, interfaces, open-source design and testing software, including the standardisation of approaches to remote lab testing of products by different manufacturers to prove the reliability of operation at the boundaries of systems of various
manufacturers [1]. In the railway industry, all of the above caused the development of an intelligent system for adaptive automated train traffic management (IMS). Figure 1 shows the basic structure diagram of the IMS that is designed for the purpose of managing train traffic.
Fig. 1. Structure diagram of the intelligent automated management system
The generic part of the intelligent automated management system (IMS) (in Fig. 1, shown with a dashed line) contains knowledge and data bases, a planner, application software and a dialogue interface. The structure of this part of the system is static, is practically not exposed to external disturbances, operates with algorithms with time-invariant parameters, etc. Automatic train operation is implemented using the IMS that, along with the generic part, contains elaborate machine vision, adaptive measurement, control and cognitive graphics facilities. The machine vision and cognitive graphics are implemented partially through machine learning of neural networks. Artificial intelligence methods play an important role in recognising complex objects or under difficult circumstances. All of that as a whole defines the following specific features of the IMS [2]:
1. Branching system architecture.
2. Availability of machine vision and effect of weather conditions.
3. Close information interaction between the system and the environment via the information communication channels.
4. Presence of a large and not always definite number of vulnerabilities within a system closely connected to the environment.
5. A high probability of evolving environmental effects and resulting changed system behaviour.
6. The random nature of the control algorithm parameters as the result of neural network training using the incoming information flows and accumulated databases.
7. Branching software of both the generic part of the system, and, especially, rolling stock detection and control facilities.
It should be noted that one of the key features of IMS is that, along the branching architecture, the connections within the system change significantly. The latter noticeably reduces the capability to prove the safety of the intelligent system.
The use of accumulated knowledge and generation on new knowledge originated as far back as in
the 1980's. The main goal was to generate expert evaluations for the purpose of solving a number of applied problems, primarily those associated with control/management. The development of computer technology allowed using Big Data in railway transportation for the purpose of collecting and processing massive amounts of raw data [3-5], etc. For the purpose of working with such data, mathematical statistics and Data Science-based machine learning methods are used, which allows generating prediction models and eventually optimally solving the tasks at hand.
Activities aimed at increasing the intellectual level of railway transportation facilities condition analytics using Big Data-based methods [6 - 9, 11 - 16], etc. cover a number of tasks, such as predictive maintenance of the Lastochka EMUs, route optimisation, passenger flow management, locomotive operation and repair, prediction of infrastructure facility condition. The accumulated experience of automation of data collection and management, application of Data Science algorithms allows not only predicting objective events, but defining the development strategies of data collection systems. It is the initial data that ultimately define the correctness of the prediction results. Moreover, as of late more often than not the nature, scope and discreteness of initial data define the exact problem that can be solved. For such objects as the Lastochka EMUs and Sapsan high-speed trains that feature a large number of condition monitoring sensors, the uncertainty of an object's condition between the data acquisition periods is minimised. That allows employing a number of data analysis methods, solving various problems from the evaluation of the probability of an event to a train's up time.
The above capabilities allow solving totally new problems as part of functional safety analysis and preparation of safety cases of such innovative systems. This paper provides a number of examples of successful application of modern methods.
2. Predicting wrong-side failures using artificial intelligence
Information on infrastructure facilities of the Russian Railways lacks temporal continuity as the majority of data collection processes is not automated and is performed manually. As regards track facilities, automated systems for diagnostics and remote monitoring of track condition are widely used, which enables predictive analysis with large volumes of initial data. For each of the three Russian railways selected for the research, predictive analysis models were constructed based on the following classification algorithms: XGboost, RForest, SVM, kNN, AdaBoost and Logit. Those algorithms differ in terms of their conceptual approach and mathematical content, which allows matching an optimal algorithm to each data sample. For each model, target hyperparameters were selected for subsequent optimization as part of cross-validation.
Accuracy analysis of each of the above machine learning algorithms, as well as comparison of the accuracy of various binary classification algorithms were conducted based on the following measure:
TP, number of correctly predicted category objects with mark "1".
Note: Mark "1" denotes the onset of a wrong-side failure.
FN, number of objects with true category "1", yet predicted "0".
Note: Mark "0" denotes the operable state (absence of hazardous failure).
FP, number of objects with true category "0", yet predicted "1".
TN, number of correctly predicted categories with mark "0".
The primary quality measures of the binary classification models are:
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76) SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
- Overall accuracy of the algorithm that defines the classifier's general efficiency in terms of its ability to provide correct answers:
TP + TN
AC =--(1)
TP + FP + TN + FN
- False alarm that shows the efficiency of a classifier for the purpose of predicting deviations from the normal state:
FP
FPR =
FP + TN
(2)
- Accuracy of the algorithm that shows the correctly predicted proportion of objects recognized as objects with mark "1":
TP
PR =
TP + FP
(3)
- Completeness of the algorithm that shows the correctly predicted proportion of objects that are effectively marked "1":
TP
RE =-
TP + FN (4)
- The F measure of the algorithm is the harmonic mean of accuracy and completeness:
_ 2PR•RE
= PR + RE (5)
- Area under the ROC curve (AUC) is a global quality characteristic whose values lays between 0 and 1. Value 0.5 corresponds to random guessing, while value 1 corresponds to faultless recognition. AUC is the area under the ROC curve. The ROC curve characterises the ratio between the proportion of false positive classifications (FPR) and the proportion of correct positive classifications (RE). The ROC curve is a sufficiently complex measure of an algorithm's accuracy.
Table 1 shows the results of the comparison of classification methods per key accuracy indicators PR (the more the better) and FPR (the less the better). For the purpose of objective model comparison, the probability threshold for all methods was set to 0.1. The comparison was done for all the railways over the test sample.
Table 1. Precision indicators for various models of predictive analysis on the test sample for all railways
Parameter XGBoost RForest SVM kNN AdaBoost Logit
PR 0.7790 0.7772 0.6510 0.7112 0.7511 0.7037
FPR 0.0800 0.0802 0.0839 0.0909 0.0799 0.0853
As it can be seen from Table 1, the XGBoost, RandomForest and AdaBoost methods are superior to SVM, kNN and Logit in terms of accuracy. The XGBoost decision tree-based gradient boosting model can be considered the most superior in terms of quality. This method ensures the highest probability of correct answer with the lowest probability of false alarm.
In [3] and [14] show the results of a numerical experiment of railway line categorization based on failure prediction.
Table 2. Results of the experiments using the XGBoost model for the selected three Russian railways with the threshold 2 (equal probabilities of error with mark "0" and mark "1") for the control period
Description
Gorky Railway
Northern Railway
Kuybyshev Railway
Prediction-to-fact comparison matrix
"0"
TP FN
"0" FP TN
"0"
413
116
1031
3498
TN, number of correctly predicted "0"
FN, number of incorrectly predicted "0"
FP, number of incorrectly predicted T
TP, number of correctly predicted T
1", failure
"0", operable state
"1
"0
76
23
1808
6174
"1
"0
168
57
1154
3321
1", failure
0", operable state
1~, failure
0~, operable state
AC
0.7732
0.7734
0.7423
TPR
0.2860
0.0403
0.1271
PR
0.7807
0.7677
0.7467
FPR
0.0321
0.0037
0.0169
F measure
0.4187
0.0767
0.2172
1
0
1
0
1
0
1
The developed models of predictive analysis of wrong-side failures of track facilities were tested over 8 months of 2020 and showed good results. The accuracy of prediction was evaluated over the control period. The June prediction used the May data from the test period, while the July prediction used the June data.
The classification problem was solved using a number of machine learning algorithms. Learning samples were generated. The quality of the models was analysed in the context of the conducted research.
Table 2 shows an example of the quality of evaluation of wrong-side failure prediction with threshold 2 for the track services of the three railways over the control period. The control period consists of two months of 2020: June and July.
An analysis of Table 2 shows that, for instance, in the Gorky Railway, the number of correctly predicted category objects with mark "1" is TP = 413, while the number of correctly predicted category objects with mark "0" is TN = 3498. The same table quotes actual data for incorrectly predicted marks "0" and "1". Calculations using formulas (1) - (5) have established that the classifier's efficiency in terms of its ability to give correct answers is AC = 0.77. The probability of false alarm is FPR = 0.03. Similar results were obtained for the other two railways.
Similar research of feasibility of predictive analysis was conducted as regards signalling and power supply assets.
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76) SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
Further improvement of the accuracy of hazardous event prediction is done using data sampling
(retrieval of a subset of observations of interest in terms of analysis out of the massive set of initial
data). The use of Big Data technology and Data Science algorithms, including data sampling
methods, allowed raising the accuracy of prediction of hazardous states within a
control/management system to 93.4% [10].
3. Functional safety of systems with digital twins
In railway transportation, economically-efficient innovative methods of ensuring functional safety are actively developing alongside predictive analytics. That is due to the fact that the key solutions for ensuring functional safety of railway systems consist in the application of multi-channel hardware and multi-version software, which significantly increases the system's cost and often limits its mass deployment. We must note certain difficulties in terms of upgrading and modifying such systems due to the requirement to redesign their redundant components subject to new needs. Those are due to the systems' adaptation to another type of rolling stock, variation of track tonnage, change of line class, etc.
The current problem consists in designing affordable mass-producible train control and protection systems that comply with the stricter requirements for functional safety. In order to achieve the price/safety balance, a number of methods are used, including virtual information processing channels, digital twins, and other methods and their combinations.
This section considers the feasibility of a train control and/or protection system consisting of a SIL1 or SIL2 initial object and an external circuit of digital twins intended for enabling the desired level of functional safety.
A digital twin is understood as an entity containing:
- a mathematical model of the initial object;
- a software implementation of the model that performs all the operating functions of the initial object;
- the results of model verification and proof of its adequacy to the initial system, as well as a list of hazardous and potentially hazardous states defining the allowed duration of wrong-side failures of the initial object;
- operational documentation.
A digital twin is generated as a computer model consisting of three interconnected levels:
• objective containing the computer model of the control/management system hardware components involved in the implementation of the system's operation algorithm, with associated models of executive and measurement devices;
• logical containing the simulation model of the operating algorithm of the train control and/or protection system;
• visual, where data is visualized, user control commands are generated.
Ensuring the adequacy of the virtual model to the real railway facility is the key element of the design of a train protection system [20].
As an object, let us examine a railway signalling system. An automatic block and power (computer-based) interlocking system in a station contains sensors that acquire information on the performance of track circuits (voltage level at the inputs of the receivers). Describing the operation of such sensors is in itself a complicated task, as the aim is to select an optimum out of track occupancy observation modes, broken rail detection, cab signalling strength.
However, such processes are well-studied and reduced to standard requirements that ensure traffic
safety. Accordingly, for the purpose of virtual modelling, their mathematical description may be used as part of predictive diagnostics of the events that constitute the continuous process of their operation. For the next level of the virtual model that represents the discrete-event operation of the simulated object, it suffices to only have the value of the process parameters exceeding the norms of operability and safety.
The discrete-event operation in the virtual model is well-represented with a discrete automaton, for which safety criteria have also been developed that are based on the monotonicity of the control functions. Similarly, the virtual model of the operation of individual rolling stock systems can be constructed. Thus, the operation of the brake line of a train in the braking mode comes down to valve opening, which causes the loss of pressure in the line and brake operation. The process itself is described by complex differential equations of airflow propagation throughout the length of the train. Estimating the consequences in terms of safety only requires to have the criteria of pressure drop in the tail car within the specified time. Given that the braking mode itself may be classified as service, full service and emergency, in the virtual model, the respective variants must be generated. It should be noted that the mechanical action of brake blocks against the wheels due to the discharging of the brake line can be described by limiting temporal characteristics that affect the length of braking.
For the next level of the virtual model, i.e., the level of train protection system description, it suffices to have the time marks of the beginning of brake valve opening and end of the train deceleration or its stopping. Thus, the virtual model of a digital twin combines simplified continuous mathematical models of continuous processes in transformation of information and the associated discrete-event models. The external circuit of the train control and/or protection system under consideration is formed by two same-type digital twins in a dual-channel configuration with independent channel inputs and outputs and a secure comparator [19]. The methods of designing the dual-channel configuration for the purpose of ensuring functional safety are described in the above standards.
The external circuit is connected to the initial single-channel object of the interference-immune and intrusion-protected communication channel (Fig. 2). The system whose diagram is shown in Fig. 2 falls into the category of vital technical systems (e.g., train control and/or protection system) that are to meet stricter requirements in terms of functional safety. This diagram applies to trackside systems. In mobile systems, digital twins can be connected via a radio channel.
Fig. 2. Summarized structure diagram of a technical system with a digital twin
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76) SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
The introduction of digital twins into a vital technical system raises concerns and requires a more substantial safety case of such a system. The same is true in case of artificial intelligence elements [18, 20].
Criteria of right-side failure of a system with digital twins:
1. Non-matching performance of the initial object and digital twins caused by an undetected failure of the initial object or one of the digital twins. System restoration
2. Failure of one of the digital twins. System restoration
Criteria of wrong-side failure of a system with digital twins:
object failure and error in the delivery of the control command to involve the digital twins or failure of the initial object and digital twins
The adopted assumptions, safety model of the system with digital twins, and findings of the analytical research are reported in [19]. This paper established that, with an error not exceeding the first order of smallness, the wrong-side failure rate of a system with digital twins is defined by the following expression:
AF=1/TWF=2A2 v
where A2 is the failure rate of the digital twin, v is the probability of erroneous transmission of a control command by digital twins.
It must be taken into account that in order to ensure an important assumption, i.e., "the failure rate of a digital twin is 2 or 3 orders of magnitude lower than that of the initial object", it is important that the software was designed using methods that comply with higher safety integrity levels, for instance, 2 of 3 safety integrity levels higher. Alternatively, the failure rate is to be proven statistically (see, for instance, Braband et al. [20]).
Ensuring the compliance with the EN 50159 requirements for the communication channel safety, implies that the probability of timely and faultless communication of the command to involve the
digital twins tends to one. Therefore, a probability v of incorrect delivery of digital twin control command close to 0 can be achieved. Subsequently, by using digital twins, the safety of the initial object in terms of wrong-side failure rate may be improved by several orders of magnitude. Indeed,
An = h
let us examine the relation of the wrong-side failure rates of the initial object ( u 1) to the
wrong-side failure rate of the system: Э=AF / AWF = A1 / 2A2 v . As h >> and v ^ 0, our assertion is correct.
Thus, the transformation of the initial object into a system with digital twins allows significantly reducing the wrong-side failure rate. The introduction of digital twins into the system is a new, not yet tested way of ensuring system safety. Naturally, it requires a substantial safety case. That is associated with significant additional expenditures. The decision on the benefits of additional costs is taken by the customer and system developer together. At the same time, it must be taken into consideration that in case of mass production of technical systems, the effect of additional costs is reduced and the effect of significantly improved safety is maintained.
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76) SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
4. Ensuring the functional safety of locomotive control system using a virtual
information processing channel
The structure of the computer-based train separation system is based on the principle of multichannel information processing. Subsequently, if we examine information communication from the source to the receiver, the device that generates the information and the one that receives it must have at least two channels.
The experience in the design of such systems accumulated in the railway industry is sufficient for confirming the requirement for a train protection system with a dual-channel architecture. By way of example let us point out the experience of operation of a dual-channel train protection system in Russia's railways. They operate over 30 000 onboard train protection systems (KLUB-U), more than 300 stations with computer-based interlocking systems, more than 1000 km of computer-based automatic block systems. All of those systems follow the dual-channel principle. Over more than 30 years of those systems' operation not a single case of wrong-side failure has occurred.
Meanwhile, the matter of information redundancy is as obvious as that of the hardware redundancy.
[21] examines the principle of software duality in the context of vital information processing, whereas a specific task involves the development of at least two different algorithms and design of different software codes. The best-known examples of the technology's application include onboard and trackside devices by Bombardier, while, in case of more vital systems, the company uses a combination of dual-channel hardware and and dual-version programming. The implementation of this safety principle causes additional expenditures that grow exponentially along with the number of computer-based interlocking systems.
Let us examine the applicability of the new approach to ensuring safe train control using singlechannel axle counters that involves comparing current axle counter data with the information embedded in the receiver. The information comparison procedures perform the function of the second axle counter channel thus enabling the creation of a system with dual-version programming rather than one with a dual-channel onboard train control system, but, to an extent, with dualchannel axle counters.
Let us imagine that within an onboard system that complies with all functional safety requirements there is certain unique information. Such information, for instance, may represent the number of axles in the train that travels along a line. The safety condition consists in the fact that, ahead of the train, there are k axle-counting stations that, having counted the number of axles that crossed the station, transmit this information to the locomotive for comparison with the information recorded in the vital onboard device. In case the measured number of the train's axles matches the predefined information with respect to the coordinate of the i-th (i = 1,2,...,k) axle-counting station, a decision with a given level of safety regarding the vacancy of the line behind the train's tail is taken. Each ith axle-counting station out of a series of vacant line sections has its own geographical coordinate and, consecutively, the summation of the distances between such coordinates defines the distance between the head of the next train and the last axle-counting station behind the tail of the preceding train. If the information does not match, then the section occupied by the first train is extended to the next axle-counting station.
Hereinafter the common matter of information communication between trains over a digital channel for vital information communication is not considered, as compliance with the safety level is assumed (coding, encryption etc.).
That poses the question of the necessity of the conventional solution that is the redundant source of information in the form of an axle counter. Indeed, out of the variety of axle counter failures there is only one hazardous situation when an error in the count of a train's axles is concealed by such an
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76)
SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
axle counter failure that will eventually cause matching information onboard the train. Obviously, a whole number of conditions are at play, including the different number of axles in trains, the complete variety of axle counter failures, out of which the one concealing event is to manifest itself.
While calculating the failure probabilities it may additionally be taken into consideration that the time interval, within which an axle counter is to fail, is defined only by the moment in time when a train crosses it, while the rest of the time the axle counter may be disconnected from the power source and, accordingly, not susceptible to internal failures.
Therefore, a legitimate question is whether single-channel sources of information (in this case, axle counters) can be used instead of dual-channel ones, thus significantly reducing the cost of hardware, while having a dual-channel receiver (in this case, an information receiver onboard the train) as the reference device. In order to answer that question, [22] examines two safety models. The first model considers a SIL4 onboard control system, a dual-channel, dual-version system. All k axle counters have a dual-channel architecture, which enables SIL 3 safety. The second model involves the onboard control system also being SIL4, a dual-channel, dual-version system. However, all k axle counters have a single-channel architecture, which allows significantly reducing their cost. At the same time, there are concerns regarding the sufficiency of the safety integrity of the axle counters and the entire system. In order to ensure the safety integrity level of the axle counters of at least SIL 3, as it is the case with the dual-channel architecture, it is required to ensure the corresponding high level of correct detection of axle counter failure. This problem is solved by comparing the current railway coordinates of a locomotive and axle counter, the moment in time when the train crosses the respective axle counter, by calculating the current axle counter number and the number of axles of the passing train. The results are constantly compared. This action aims to enable coordinate identification by a device with an appropriate safety integrity level. Such devices are part of today's train equipment.
The above actions allow endowing axle counters with virtual second information processing channels.
Mathematical descriptions of the models, the adopted assumptions and obtained analytic expressions for the functional safety indicators of the locomotive control system represented by the first and the second models are given in [22]. The second model is different from the first one in that the axle counters have a second, virtual channel. Therefore, for a comparative evaluation of the safety of a control system with an actual or a virtual second channel in the axle counters it suffices evaluating the dependence of the system safety indicator on the failure detection parameters in the first and second cases. An obvious safety indicator could be mean time to wrong-side system failure (Tws ). In [22], it is shown that the probability of correct axle counter failure detection a is the most significant parameter of failure detection in a system with an actual second channel in the axle counter. In a control system with a virtual second channel in the axle counters, the probability of the absence of faulse coinsidence of calculation results of the locomotive onboard system and the axle counters v. Fig. 3 and 4 show the dependences of the safety indicator on the parameters of detection of axle counter failures a and v respectively.
Fig. 3. Graph of the system's mean time to wrong-side failure Tws against the probability of correct detection of axle counter failures a if the axle counter failure rate Aac= 10-6 1/h
Fig. 4. Graph of the system's mean time to wrong-side failure Tws against the probability of absence of false coincidence between the locomotive's onboard system data and axle counter data v if the axle counter failure rate Aac= 10-6 1/h
The comparison of the graphs in Fig. 3 and 4 shows that the maximum value of mean time to wrong-side system failure Tws (model 1) equal to 1.7*108 hours is also achievable for a system represented by model 2 if v = 0.9999. Such probability of the absence of false coincidence between the locomotive's onboard system data and axle counter data can be made possible [22] by increasing the depth of background testing, improving the algorithms for calculating dynamic data for a better efficiency of comparison of the output data of the locomotive onboard system and the axle counters, as well as through extended safety codes.
5. Conclusion
A high level of functional safety of railway systems can be achieved even as part of a single-channel architecture as long as such economically efficient innovative methods as digital twins or virtual information processing channels are used. The above methods ensure, on the one hand, a reduction of the amount of equipment and significantly lower cost of the systems and, on the other hand, requires the creation of additional software and substantiation of the acceptability of the achieved level of functional safety. There is still a concern that the cost of additional activities is comparable to the obtained economic effect of migration towards single-channel architectures. This matter requires further research.
The innovative methods of ensuring functional safety are efficient both at the design stage, and in the course of system operation. Artificial intelligence-based methods might well allow achieving high accuracy and reliability of hazard prediction, thus enabling their anticipation and prevention. A combination of innovative methods will cause an accumulated effect in ensuring functional safety of railway facilities.
References:
1. Ozerov A.V. Towards safer rail control, command and signalling in the context of digitization. Dependability 2020;2:54-64.
2. Shubinsky I.B., Rozenberg E.N. General provisions of the substantiation of functional safety of intelligent systems in railway transportation. Dependability 2023;23(3):38-45.
3. Thaduri A., Galar D., Kumar U. Railway assets: a potential domain for big data analytics. Proc. Comput. Sci. 2015;53:457-467.
I.B. Shubinsky, E.N. Rozenberg, H. Schabe
INNOVATIVE METHODS OF ENSURING THE FUNCTIONAL RT&A, No 4 (76) SAFETY OF TRAIN CONTROL SYSTEMS_Volume 18, December 2023
4. Shubinsky I.B., Zamyshliaev A.M. [Managing technical assets in railway transportation]. Moscow: VNIITI RAN; 2021. (in Russ.)
5. Shubinsky I.B., Zamychlaev A.M. Technical Asset Management for Railway Transport (Using the URRAN Approach). Springer: International Series in Operations Research & Management Science, 10.1007/978-3-030-90029;2022.
6. Lasisi A., Attoh-Okine N. Principal components analysis and track quality index: a machine learning approach. Transp. Res. Part C Emerg. Technol. 2018;91:230-248.
7. Santur Y., Karakose M., Akin E. Random forest based diagnosis approach for rail fault inspection in railways. National Conference on Electrical, Electronics and Biomedical Engineering 2016:714-719.
8. Nakhaee M.C., Hiemstra D., Stoelinga M., van Noort M. The Recent Applications of Machine Learning in Rail Track Maintenance: A Survey. Lecture Notes in Computer Science 2019:91-105.
9. Famurewa S.M., Zhang L., Asplund M. Maintenance analytics for railway infrastructure decision support. Journal Qual. Maint. Eng. 2017;23:310-325.
10. Pronevich O.B., Zaitsev M.V. [Intelligent methods of improving the prediction accuracy of rare, hazardous events in railway transportation]. Zheleznodorozhny transport 2012;3:54-65.
11. Ozerov A.V., Olshansky A.M., Kuropteva A.P. Predictive analytics using data science in railway transport. Nauka i teknologii zheleznykh dorog 2020;4:63-76. (in Russ.)
12. [Big Data helps RZD prevent rolling stock malfunctions]. (accessed 15.06.2023). Available at: https://ru-bezh.ru. (in Russ.)
13. Baranov L.A., Balakina E.P., Zhang Y. Prediction error analysis for intelligent management and predictive diagnostics systems. Dependability 2023;23(2):12-18.
14. [RZD to use Big Data to analyse passenger behaviour]. (accessed 15.06.2023). Available at: https://news.myseldon.com. (in Russ.)
15. Zabolotskaya E.A., Izimov D.V., Drivolskaya N.A. [Development of an algorithm for automated Big Data processing as part of railway station parameter prediction]. In: [Development of economics in transportation: new vectors in the post-pandemic period. Proceedings of the international science and practise conference]. Saint Petersburg; 2020. P. 112120. (in Russ.)
16. Rozenberg E.N., Olshansky A.M., Ozerov A.V., Safronov R.A. Big Data-based methods for functional safety case preparation. Dependability 2022;22(2):38-46.
17. Shubinsky I.B., Zamyshliaev A.M., Pronevich O.B., Ignatov A.N., Platonov E.N. Application of machine learning methods for predicting hazardous failures of railway track assets. Dependability 2020;2(73):43-53.
18. Braband J. A practical guide to safety analysis methods. Railway Signalling + Telecommunication 2001;9:41-45.
19. Shubinsky I.B., Schabe H., Rozenberg E.N. On the functional safety of a complex technical control system with digital twins. Dependability 2021;1:38-44.
20. Braband J., Gall H., Schabe H. Proven in use for software: assigning an SIL based on statistics. In: Mahboob Q., Zio E., editors. Handbook of RAMS in Railway systems - Theory and Practice. Boca Raton, Taylor and Francis; 2018. P. 337-350.
21. Iyudu K.A. [Dependability, supervision and diagnostics of computer systems]. Moscow: Vysshaya Shkola; 1989. (in Russ.)
22. Shubinsky I.B., Rozenberg E.N., Korovin A.S., Penkova N.G. On a method for ensuring functional safety of a system with single-channel information processing. Dependability 2022;22(3):44-52.
23. Braband, J.; Schabe, H. Propagation of uncertainty in railway signaling risk analysis. In: Podofillini et al., editors. Safety and Reliability of Complex Engineered Systems. Proc. ESREL 2015, Taylor & Francis Group (London); 2015. P. 2623-2626.
