Methodological Research in the Field of Civil Aviation Safety

Fei YAN, Changqi YANG, Hua LI

Nanjing University of Aeronautics and Astronautics, Nanjing 210016, China; Civil Aviation Flight University of China, Guanghan 618307, China

Abstract In order to promote the application and development of civil aviation safety (CAS) in the field of safety and enrich the theoretical system of CAS research, the methodology of CAS was studied. The definition of CAS was reconstructed, its connotation was explained from four aspects, and its research object was clarified. This paper discussed the mechanism of CAS, that is, to maintain system security through the establishment of safety prevention and control system (SPCS), and explained the research content of CAS from theory and technology application. Five principles and applicable methods for CAS research were summarized. In addition, it put forward the general procedure of CAS research, explained the specific content and implementation method or basis of each step. The research results show that the methodology of CAS is a systematic theoretical system with certain guiding significance, combined with the mechanism, research content, research principles and methods, and research procedures of CAS.

Key words Civil aviation safety (CAS), Safety Prevention and Control System (SPCS), Methodology

1 Introduction

With the rapid development of safety technology, safety principles and methods are widely accepted in the field of civil aviation safety (CAS). These principles and methods ensure the safety of civil aviation and the rapid development of civil aviation industry. CAS design and application of the developed countries has gradually become mature, but was still in the stage of development in China. There is still a big gap in the basic theory research, advanced technology and standards,etc.with the international level. Especially in terms of theory construction, it still is a blank, it is seriously restricted the safety principle, method, technology application and development in the field of civil aviation in China. Therefore, it is necessary to conduct research and development in the field of CAS from the height of methodology to guide its theoretical system construction, technical application and practical activities.

At present, CAS research has attracted the attention of more and more relevant scholars both at home and abroad, such as the impact of rules and regulations and equipment on CAS, impact of human factors on CAS, impact of SMS on CAS. In summary, current researches on CAS mainly focus on its application and practice, and focus more on specific safety functions and influencing factors, while there are few studies about the basic theories of CAS, which lacks strong theoretical support for its development in the field of safety.

In view of this, based on the domestic and foreign research review and the existing definition of CAS, combined with the safety science theory, we put forward the connotation of CAS and summarized its research objects. Besides, we clarified the mechanism of CAS and discussed its research content in detail, and also discussed the principles and applicable methods that should be followed in CAS research. Finally, we proposed the general procedure of CAS research, in order to provide guidance and reference for CAS research and its practical application in the field of CAS, and improve the theoretical system of CAS.

2 Current status of CAS research methods

CAS research perspective is an important part of CAS methodology and research methods. It can provide a basic entry point and foothold for CAS research. If there is no scientific and correct research perspective, CAS research work cannot start. In this paper, we summarized the current CAS research perspectives.

Mauro Leonardi and Fabrizio Gerardi proposed an intrusion detection mechanism based on radio frequency (RF) fingerprint of transmitters, which is used to distinguish legitimate messages from false messages in flight security system information[1]. Tao Luetal.used HFACS-BN model (HFACS: human Factor analysis and classification system; BN: Bayesian network analysis of human factors in air traffic controllers) which can combine the subjective information of relevant experts with the objective data of accident reports to obtain more accurate evaluation results[2]. Ayesha Sadiqetal.modeled the aircraft arrival process using Petri nets, which have traditionally been used as the rationale for formal specifications and validation of safety-critical systems. Their proposed model ensures how the behavior of behavior objects affects the whole process of arriving at management[5]. Susanti adopted descriptive quantitative method, and then adopted paired sample T-TESF method for analysis, to compare the fatigue status of controllers before and after duty, and to expose and explain in detail on the basis of primary and secondary data compilation and data processing. Youn-chul Choietal.[7]determined the categories and elements of ATC human error (a common method of human factors and evaluation) through literature method and interviews and surveys of ATC security experts. Zhou Xiuting from Beijing University of Posts and Telecommunications used text mining technology to study the risk management of civil aviation batch unsafe time[10]. Kang Binwen from Guangxi University used PI-AHP analysis method to study the safety performance appraisal system of small and medium-sized airports[11]. Yunnan University Management used Bow-Tie model to conduct research on Yunnan civil aviation operation risk supervision[12]. Ni Xiaomeietal., based on X12-ZINB, compared the prediction of civil aviation imbalance accident symptoms with the unimbalance treatment and synthetic oversampling model through the seasonal adjustment optimization algorithm[13]. Zhou Hangetal.studied and analyzed the air traffic control risk warning in SHEL model with the method of neural network[18]. Yao Guangming and Cao Yueqi studied the early warning of air traffic operation safety with the method of big data in 2016[21]. By introducing genetic algorithm to optimize the weights and thresholds of the neural network for the disadvantage that BP neural network algorithm is easy to fall into local minimum, Lu Hantaoetal.studied the air traffic control safety information processing using machine learning method[25]. Li Jianguang used factor analysis to quantitatively evaluate the safety level of air traffic control in small and medium-sized airports[26]. The above studies are from the perspective of CAS application technology.

Japanese scholars Takeshi Matsuoka and Osamu Amai developed a system for air traffic control hazard human error data evaluation and quantification of safety indicators by using hybrid approach procedure[3]. Sergio Alejandro Gomezetal.used demonstration and model (mixed Kripke model) to verify and ensure the security of air traffic control system[4]. Peter Brooker introduced UAV system into high reliability ATC system[6]. Salehetal.used two models based on system theory to propose a system view for understanding the air traffic control system (ATC) from the perspective of human reliability and ATC system security[9]. Dai Meize, from Nanjing University of Aeronautics and Astronautics, used machine learning to transform qualitative safety evaluation problems into quantitative probability estimation problems by using historical operation data, so as to form a set of objective safety evaluation system[14]. Wang Jiining and Yu Rui completed ontology Bayesian network (BN) model transformation for BNTab and Netica J under onto-BN framework, and then analyzed the error coupling of ATC task[15]. Yao Dengkaietal.improved the fuzzy Petri net and applied it in air traffic control security risk assessment[16]. Zhang Yuxiangetal.used fuzzy ANALYTIC hierarchy Process and cloud model to evaluate the operation risk of ATC by unconventional improvement in 2016[17]. Zhao Yifei and Wan Junqiang used the set pair analysis theory to determine the connection degree between the evaluation sample and the index based on the SHEL model, and conducted the set pair analysis of "same", "different" and "opposite" to determine the risk level of the evaluation sample to evaluate the operation risk of air traffic control[19]. Wu Qike and Yao Dengkai established the method of flight conflict fault tree during approach and departure based on HAZOP method in 2017[20]. Zhao Yifeietal., taking the process of air traffic conflict as the research object, calculated the three-dimensional conflict probability according to the track error subject to gaussian distribution. Combining with the severity of conflict, they calculated the conflict risk and conduct a method calculation in 2016[22]. Yuan Xiaoetal.adopted linear regression, neural network nonlinear regression and neural network-based support vector machine to establish a real-time calculation model for controller workload based on sector complexity factors to calculate controller workload[23]. Zhou Hang and Wang Ying established a hybrid algorithm in 2014[24]. Chai Aiping proposed a coevolution strategy for ATC estimation based on particle swarm optimization (PSO) and artificial fish swarm algorithm (AFSA), and improved the PSO and AFSA respectively to improve efficiency in 2013. The above scholars conducted studies from the perspective of CAS theory innovation. In summary, the research literature is integrated from the subject height, the perspective of grand civil aviation, the perspective of safety management, the perspective of cross synthesis, the perspective of system (whole) and the perspective of local. In practical CAS research, we should pay attention to the comprehensive application of the above research perspectives.

3 Definition and connotation of CAS

3.1 Definition of CASIn the narrow sense, CAS refers to the prevention of casualties and damage of civil aircraft related to the operation of civil aircraft. Obviously, this definition only gives the result and purpose of CAS, namely, Safety Prevention and Control System (SPCS), and lacks the definition of the focus, implementation measures, implementation process and subject attributes of CAS. In view of this, combined with relevant literature and safety science theory, we defined the CAS as focusing on system safety and aiming at improving the safety of civil aircraft, SPCS is taken as the main method to ensure the safety of aircraft, and advanced technology and management measures such as risk assessment, determination of safety integrity level and CAS Management System (SMS) are used to ensure the effective implementation of the safety function of SPCS, in order to control the overall risk of security system within an acceptable range of a new security engineering discipline. The following is a further explanation of its connotation:

(i) CAS research should be carried out from a systematic and global perspective. It should not only examine the safety system as a whole, but also decompose the safety system into various subsystems to ensure local safety. The ultimate purpose of CAS research is to apply the new concept and advanced technology of aircraft safety and aircraft operation safety to civil aviation system safety in civil aviation related fields, ensure the effective implementation of the safety function of CAS products, so as to improve the safety of civil aviation related fields.

(ii) CAS is a research based on the safety theory of risk (taking system risk control as the main line). SPCS is used to reduce the risk or serious consequences of accidents and achieve system safety. The specific techniques and methods applied in this system include hazard identification, hazard analysis, risk assessment, safety life cycle management, reliability modeling, safety integrity Level (SIL), quantitative calculation of system fault margin, and improvement of system diagnosis coverage.

(iii) The occurrence of accidents in CAS system can be attributed to the failure or incorrect implementation of the safety functions of SPCS. For example, the safety problems caused by human factors can be regarded as the "failure" of the safety consciousness, safety knowledge and safety skills of "human" elements, that is, they do not reach the required level. Safety accidents caused by equipment can be regarded as the failure of its preset safety functions, such as air traffic accidents caused by the failure of aircraft engine system, flight accidents caused by the failure of aircraft landing gear, flight accidents caused by the failure of navigation equipment function,etc.The accident of flight safety system caused by environment can be regarded as the failure of "function" such as suitability and safety of surrounding environment.

(iv) In CAS research, safety is defined as "risk management", which is also widely accepted by the academic community at present. In other words, CAS system has a certain capacity of risk and cannot accept the disturbance of risk without limit. The principles and methods of CAS can be used to prevent accidents and control the overall risk of the safety system. When a danger occurs, all elements of the system can correctly perform their functions to reduce the consequences of the accident or inhibit the occurrence of the accident, so that the overall safety state of the system can reach the optimal level and ensure the safety of the system.

3.2 CAS research objectAccording to the definition of CAS, SPCS is the main research object and method of CAS, and also an important measure to ensure CAS. The academic definition of SPCS is generally accepted: a research system that implements a security function. When detecting that the risk exceeds the tolerance of the system, the system takes immediate response actions, and the security-related control system or security-related protection system performs its security functions to ensure that the protected object is in safe running state. It can be seen that SPCS is the implementation body of CAS and a system containing all elements with functions (or functions) of preventing accidents and mitigating the consequences of accidents. It should be pointed out that in addition to technology-related systems and equipment, human factors (designer, producer, installer, operator, evaluator, maintainer, pilot, controller,etc.), units, enterprises and production environment all have the function of accident prevention and risk reduction, and former persons can be regarded as part of SPCS. The safety culture, safety management, civil aviation regulations and flight operation environment of units and enterprises can all be regarded as the components of SPCS. In order to further clarify SPCS, the research contents of SPCS are decomposed as follows: Safety integrity, safety function and fail-safe principle are the three pillars of SPCS, which not only ensure that SPCS can effectively perform its own functions when it is normal, but also ensure that the protected object can reach a safe state according to the fail-safe principle when SPCS fails. SPCS has the function of preventing damage and casualties of civil aircraft; the main method of CAS management is safety life cycle management, so SPCS management method is life cycle management; SPCS is generally divided into safety-related control system and safety-related protection system, and can be specifically divided into E/E/PES related system, other technical safety-related system, external risk reduction facilities, human factors, units and enterprises and environment,etc.The content breakdown of SPCS is shown in Fig.1.

Fig.1 Content breakdown of SPCS

4 Action mechanism and research contents of CAS

4.1 Action mechanism of CASCAS system accident prevention is usually achieved through the establishment of protective layer, such as the use of protective layer to monitor the system production process state, perform the function of reducing or eliminating accident risk, to ensure the purpose of system safety. The design of system, however, is not to prevent accidents and reduce the risk of all functions such as focused on a protective layer, but the major hazards or accident arrangement more high-risk areas (damage), it will be assigned to different security features by the method of technology protection layer, system in detect that cause unacceptable risk events, The SPCS directs one or more layers of protection to perform event prevention or consequence mitigation functions, layer by layer to reduce the amount of risk or reduce the energy that triggers an accident.

Common protective layers in CAS systems include basic process control system, safety instrumented system (SIS), working personnel intervention, mechanical integrity, physical release device, external risk reduction device, ignition rate, explosion rate, occupancy rate,etc.In addition, the working personnel’s safety literacy is the premise for the equipment to perform its functions. Bad behavior, poor safety awareness and low safety skill level will directly increase the risk of accidents. For production safety, production environment, safety culture and safety management of units and enterprises are hidden protection layers. Safe production environment, good safety culture construction and effective safety management system are the basic requirements to ensure the safety of civil aviation. In other words, people, units, enterprises and production environment are also important protective layers. The action mechanism of flight operation safety in the field of CAS is shown in Fig.2.

Fig.2 Action mechanism of CAS

4.2 Research content of CAS

4.2.1Theoretical part. The theory and practice of safety science always adhere to the principle of people-oriented, therefore, the most basic research content of CAS is the analysis and study of human security system. The working personnel is the first protective layer to ensure the safety of the system. The working personnel with high quality can find and eliminate risks or dangerous events in time. In other words, system safety first depends on the safety knowledge, safety skills, safety awareness, safety attitude, behavior and other functions of the correct implementation, any link error or "function failure" may lead to safety accidents. The main research content of CAS is CAS management system. The research shows that the safety management system and safety culture of organizations influence and even determine individual behavior, which is the root cause of accidents. Therefore, CAS management system is an important factor to realize CAS, clear the objects and methods of CAS management (safety lifecycle management is the main method of the CAS management), will all participate in the system analysis, design, operation, evaluation and maintenance activities such as individuals or organizations include all management scope, clear the responsibility and quality requirements, Establish a sound and effective CAS management system.

In addition, the structure and surrounding environment of the safety system are also the contents to be studied. First of all, the structure determines the function. Whether the safety system structure design is reasonable is the premise of whether the safety related system can correctly and effectively perform its protection or control function. Secondly, the environment around the system will affect the safety function of the equipment (such as aviation weather, terrain,etc.). Therefore, it is necessary to create a working environment suitable for flight and improve the safety of the environment. Meanwhile, measures should be taken to improve the ability of the equipment to resist external damage (such as earthquake, thunderstorm, high temperature, freezing weather,etc.).

4.2.2Technical application. The application of CAS technology refers to the decomposition of SIL of CAS into the safety level requirements of various elements, safety products, equipment and subsystems of the safety system through technical methods, and the fragmentation and segmentation of risks so as to reduce risks at multiple levels, so as to prevent safety accidents and ensure system safety. Its contents include: risk identification, risk analysis, risk assessment, risk-based SIL technology, reliability model technology, sensor, PLC system and actuator hardware failure pattern recognition, application software, tool software and embedded software program development,etc.Among them, risk identification, risk analysis and risk assessment are the premise of CAS management, which can determine the major hazard source problems and scientifically reduce the system risk. SIL is an expression of CAS technology, which is divided into four levels according to the acceptability of risk and corresponds to the average failure probability of performing its own functions when required by the system. The purpose of SIL is to reduce the risk of accidents quantitatively.

5 Methodological basis of CAS

5.1 Research principles of CASThe principle of methodology is an important content of the basis of methodology. According to the definition of CAS, CAS research should follow at least five principles, namely standardization, integrity, scientific nature, comprehensiveness and relativity. The specific explanations are shown in Table 1.

Table 1 Research principles of CAS

5.2 Research methods of CASCompared with other safety subjects, CAS has similarities and differences. The similarity lies in that the ultimate purpose of all safety disciplines is to promote the emergence of safety systems, reduce system risks, prevent accidents, and reduce the loss of safety system accidents. The difference is that compared with other safety disciplines, CAS is a new and unique industry discipline, with its own unique technology and management measures.

5.2.1Similarities and differences determine that CAS research has general research methods, and general research methods refer to the research methods adopted by various disciplines or most disciplines. It is a generalized research method with generality and cross-sectional character formed according to the commonness of research methods of various subjects. CAS general research method can be from philosophy (including dialectical materialism and historical materialism), cross sectional scientific method, such as mathematical method, method of system theory, information theory and collaborative theory method,etc.), experience scientific methods (such as the method of literature investigation and study, simulation, test method and case method,etc.) and scientific thinking methods (such as abstract method, thinking method, inductive and deductive method, analysis and synthesis method,etc.). For example, comparative method is a general research method, and it is a main research method of CAS, as shown in Table 2. The application of general research methods in CAS research will make the behavior process of CAS research more standardized and scientific, and help promote the recognition, understanding and acceptance of CAS research results.

5.2.2Similarity and difference determine that CAS has transplantation research method, which refers to the research method of absorption and transplantation of other disciplines. Absorbing and transplanting research methods of other disciplines is a common means for the development of methodology of various disciplines, so is CAS. The basic idea of absorbing and transplanting the research methods of other disciplines into the methodology system of CAS is to combine the universality of the research methods of other disciplines with the particularity of CAS research, and gradually achieve integration and assimilation. First of all, safety science as the parent discipline of CAS, absorbing and transplanting the research methods of safety science (such as "+ safety" research methodology) is the key to establish the methodology of CAS. Secondly, information science (security informatics), management (safety management), statistics (safety statistics), behavior (safety behavior), psychology (safety psychology) data of CAS related subjects such as science and intelligence science research method can also be through the absorption and migration into the CAS research methods. Two comprehensive transplantation methods are exemplified here: qualitative and quantitative method combined, macroscopic and microscopic combined method, as shown in Table 2.

5.2.3Similarities and differences determine that there are proprietary research methods for CAS. The proprietary research method refers to the proprietary research methods with the characteristics of CAS, which are relatively unique research methods for CAS. Compared with the research methods of other disciplines, the proprietary research methods of CAS have relatively high uniqueness and difference. In this study, according to the connotation and characteristics of CAS, four typical proprietary research methods of CAS are listed, such as dimension reduction decomposition method, overall consideration method, security risk assessment method, and security incident analysis method, as shown in Table 2.

Table 2 Research methods of CAS

6 General procedures for CAS research

CAS research must be carried out orderly according to certain procedures. For example, the overall safety life cycle research process, since the safety life cycle management process corresponds to different stages of CAS research, it can provide reference for CAS research steps to a certain extent. Based on this, CAS research procedures can be divided into safety system analysis stage, system risk analysis stage, SPCS design and development stage and CAS management stage. The general procedures of CAS research are shown in Fig.3.

Fig.3 General procedure for CAS research

(i) Safety system analysis stage: Different safety systems have different characteristics, structures and properties, and the risk of casualties and property losses is also different. Therefore, the requirements for CAS cannot be generalized and should be determined according to the actual situation. Before designing CAS system, it is necessary to analyze the type and nature of safety system (such as electronic and electrical system, mechanical system, ATC system, management system,etc.), the quality level of relevant personnel in the system, operation environment, production process,etc.

(ii) System risk analysis stage: risk analysis is an important stage, the CAS research can determine hazard position, grasp the key control object, recognizing system risk and identify the degree of risk, and then reasonable protective layer design, optimizing the resources distribution of the CAS, to the overall amount of risk control in the system within the acceptable range.

(iii) SPCS design and development stage: SPCS covers all elements with safety functions, the four aspects including people, units and enterprises, production environment and equipment (including hardware and software) should be considered when designing SPCS. First of all, working personnel with appropriate quality requirements should be selected according to the type of aircraft or system, so as to avoid the failure of SPCS safety function caused by human error and ensure the safety of the first line of defense. Secondly, it is necessary to ensure the standardization and effectiveness of safety education, safety management, safety training and other work of units and enterprises, to build a reliable invisible protection layer. Thirdly, according to the operating environment factors of aircraft equipment, targeted measures are taken to improve its ability to resist natural or non-natural disasters. Finally, the number of protective layers is set according to the potential risk of hazard sources and the degree of accident hazard. The more protective layers are, the lower the probability of accident occurs. However, the design cost also should be considered and the resources should be rationally allocated.

(iv) CAS management stage: CAS management is the guarantee of the effective operation of CAS system, and is an important measure for prevention in advance, emergency response in the event, and accountability after the event. CAS management runs through the whole process of system design, development, operation, maintenance and deactivation, implementing the whole life cycle management of the system, constantly revising and improving the process design, trying to be "impregnable" at each stage, so as to avoid risks or hazards "thousands of miles away".

7 Conclusions

(i) CAS is a main method to ensure CAS with SPCS, focusing on system safety and aiming at improving the safety level of civil aviation. Advanced technologies and management measures such as risk assessment, determination of safety integrity level and CAS management are used to ensure the effective implementation of the safety function of SPCS. Thus, to control the overall risk of security systems within an acceptable range of a new, unique industry safety engineering discipline. SPCS is the key research object of CAS. In addition, the pillar, structure, function and management method of SPCS are also functional research objects.

(ii) The mechanism of CAS is to maintain the safety of protected objects by establishing protective layers. Layers of protective layers can strictly control system risks and eliminate security problems. The research of CAS includes two parts: theory and technology application. In the theoretical part, we mainly studied the personnel in the system, CAS management, system structure and surrounding environment. In the technological application part, we mainly studied the risk decomposition, design and development of SPCS.

(iii) The methodological principles of CAS research include five aspects: normality, completeness, scientific nature, comprehensiveness and relativity. Due to the CAS and other safety disciplines, there are both similarities and differences, we also compared the research methods with other security discipline in similar and dissimilar way, the research methods include: comparative analysis method, qualitative and quantitative combined method, macro-micro combined method, decomposition of dimension reduction method, integrated method, safety risk assessment method, and security event analysis method.

(iv) The general procedures of CAS research can be divided into four stages: safety system analysis stage, system risk analysis stage, SPCS design and development stage and CAS management stage. We summarized the specific contents of each step and gave the specific implementation methods and examples.