Complexity and Vulnerability Analysis of Critical Infrastructures : A Methodological Approach

modules as nodes Abstract relationships as


Introduction
Social infrastructures are the natural product of infrastructure development at a certain stage, which are the important support and assurance of social development and national economy.For daily activities, modern societies are reliant on dependable functioning critical infrastructure to a large extent, such as electrical supply, water supply, transportation, and communication networks.Critical infrastructures (CIs) can provide various fundamental goods or services for promoting national development and social progress.Furthermore, CIs also play crucial roles in disaster rescue and effective emergency response [1].For instance, the transportation and telecommunication infrastructures contributed greatly to rescue operations in the Wenchuan deadly earthquake in 2008 in China.In reality, interruptions in their operations often result in considerable social and economic damage at the regional or national level.For example, an initial disturbance in Ohio triggered the largest blackout in US history on 14 August 2003, causing an estimated $250-300 billion loss in total [2].Due to the importance of CIs, it is very necessary to analyze complexity and vulnerability of them.
Complexity refers to the difficulty of identifying and quantifying causal links among a variety of specific adverse events and potential candidates [3].CIs are often described as a complex set of interconnected, large scale, spatially distributed, interdependent, and adaptive systems upon which society, manufacturing systems, and residents depend.Moreover, CIs gradually become more and more complex and mutually dependent along with developments in science and technology.Because CIs are composed of a great diversity of interacting subsystems and components, even small perturbations or interferences can trigger large scale and harmful consequences.The issue of extending modeling and simulation techniques is addressed by Kröger [4], for the purpose of coping with the increasing complexity.Once part of a CI is disturbed or even collapsed, the adverse effects may rapidly diffuse directly or indirectly to other components or even spread to other infrastructures.In some cases, serious accident may be derived just from a minor failure of some components [5].For example, the 22 June 2009 Washington metro collision, which resulted in the death of 9 people, the injury of 52 people, and economic losses of about 12 million dollars, was triggered by an initial fault in signal system.Moreover, the dramatic events like terrorist attacks have particularly long-lasting and far-reaching effects on the society, such as those that happened in 2004 in Madrid, in 2005 in London, and in 2010 in Moscow [6].Hence, it can be said that capturing complexity of CIs will provide an important foundation for CIs safety operation.
The operation safety of CIs is decisive for the strategy of country industrial development, economic growth, and public confidence.Many researches have been carried out in a variety of critical infrastructures from different perspectives, such as high-speed railway [7], power plant [8], road network [9], and water supply system [10].The existing studies mainly focus on the safety evaluation and improvement, risk identification and prediction, interference factors analysis and controlling, and system optimization by using comprehensive approach and general method.With the increasing of complexity and hazards, there is a need to develop new perspective or approach for infrastructure safety.In the context of the existing literature, some attention is already paid to vulnerability of infrastructure system [11][12][13].Vulnerability analysis is applied within the management of CIs and some achievements have been made by exploring the impacts of random disturbances, deliberate attacks, and natural disasters.For instance, indicators have been proposed to quantify the redundancy of water distribution systems by assessing their tolerance of random failures and targeted attacks [14].Furthermore, vulnerability analysis is also quite beneficial for decision-making in case of an emergency [15].Risk and vulnerability analyses are principal methods and essential tools for conducting proactive and effective safety management [16].Therefore, it is increasingly needed to identify potential risk and vulnerability, which is the basis of establishing various related strategies and adopting a series of corresponding management and technical countermeasure [17].However, the current study on vulnerability mainly targeted the infrastructure with a fixed topological structure, such as traffic network and power network.Little attention is paid to the infrastructure system itself without a fixed topological structure, and the systematic quantification of the internal structure vulnerability analysis to various hazards and failures is worthy of being pondered deeply.
The objective of this study is to explore complexity and analyze vulnerability in critical infrastructure system without a fixed topological structure, with the hope of offering new perspectives and ideas for managers to implement effective safety management.Engineering breakdown structure (EBS) and complex network theory (CNT) are employed to do the complexity and vulnerability analysis in this study.Metro system is considered as a typical case study due to its critical role in urban development and change.It is apparent that increasing complexities and interconnectivities are making metro system more in need of systematic vulnerability analysis.A specific data set is established by merging data obtained from various sources.The analysis is conducted by the proposed methodological approach.This study contributes to the existing literature on infrastructure safety in terms of potential research perspective and suitable modeling techniques.
The remainder of this paper is organized as follows.In Section 2, a literature review is presented on vulnerability of infrastructure and approaches to studying the vulnerability of infrastructure systems.Subsequently, the proposed modeling approach is explained and network analysis method is expatiated in Section 3. Next, a case study is executed in which the metro physical network's topological properties are discerned in accordance with degree, betweenness, average path length, network diameter, and clustering coefficient.The system's vulnerability to component failure is then determined through the failure analysis of network nodes and edges.Furthermore, in Section 5, final comments summarize conclusions and suggestions concerning possible implementation issues and future study.

Literature Review
2.1.Approaches to Study Infrastructure System.Numerous efforts have been carried out by academia and practitioners to develop approaches capable of analyzing risk and vulnerability.The main methods in current vulnerability studies can be divided into two kinds, that is, empirical approach and predictive approach [18].The main purpose of the empirical approach is to identify formation mechanisms and patterns of cascading failure and its consequences, assisting in gaining knowledge or experience through the analysis of previous near-miss and accidents.The predictive approach mainly refers to modeling or simulating the major characteristics of infrastructure system through reasonable simplification, aiming to analyze the potential hazards or consequences.Several representative research methods are expatiated as follows.
Agent-based modeling (ABM) is a relatively new approach to simulating infrastructure systems composed of different types of autonomous agents.This method is usually used to study the behavior of an infrastructure network and its relevant economic entity [19].An agent is built with the information of a specific location, function, and behavior, which can be used to represent different components in infrastructure system.The ABM method is always employed to research infrastructure system in terms of specific scenarios.An agent-based model has been constructed to support infrastructure interdependencies assessment process in order to identify and mitigate significant risks arising from interconnections [20,21].
Object-oriented modeling (OOM) is another method for characterizing and analyzing the dynamic behaviors of infrastructure system.It can include physical rules in the simulation and emulate behavior emerging as a result of individual actions at a global level.It could be deemed as a modification or evolution of agent-based modeling.Behavior rules of individual are defined, and individuals can communicate with each other.Therefore, the global behavior characteristics emerge as a result of numerous individuals.OOM supports event-driven and time-dependent simulations and allows the explicit integration of highly nonlinear, time-dependent effects and nontechnical factors [22].In this view, OOM obviously demonstrates its attractiveness in detailed simulating of infrastructures.OOM has been used as a simulation framework to discern the most vulnerable part of CI systems in numerous operational scenarios [23].
The System Dynamics (SD) approach is applicable to research into interdependent infrastructure systems by using stocks, flows, and feedback loops [24].SD depends on the structure of the model, time lags, and amplification that occur through feedback.An innovative modeling and analysis framework has been proposed to study an entire infrastructure system by using an existing individual model together with SD, functional models, and nonlinear optimization algorithms [25].Min et al. [25] also propose an innovative economic-SD model to study an entire system of physical and economic infrastructures.Rehan et al. [26] propose using a SD model to study the planning and management of water utilities infrastructure.Based on SD, Genge et al. [27] design a methodology for assessing the impacts of cyber-attack by changing control variables, which is responsible for correct functioning of operational process in infrastructures.
Input-output model is another methodology for studying infrastructure proposed by Leontief in 1973, which is able to describe the ripple effect of disruptions to interdependent systems [28,29].This approach is usually used to build the correlation between economic sectors and quantify the relationships between infrastructure networks.In this model, the interdependences are captured at a macro level rather than in a micro perspective, and elements of each infrastructure have not been analyzed in detail.Yu et al. [30] use a vulnerability measure that integrates information elicited from expert judgment to develop an input-output model, for studying the satisfaction of fuzzy economic output goals under conditions of scarcity caused by climatic disruptions.The case study in this research indicates that transportation, trade, and service-oriented industries suffer losses in gross domestic product (GDP).Although input-output model is helpful to assess vulnerability, it seems to be difficult to extend for restoration activities [19].
CNT is another widely used method to simulate the characteristics of infrastructures in specific analysis.Indeed, CNT has received increasing attention in recent years and is applicable to analyze and evaluate various properties of real infrastructures, such as vulnerability and reliability [31,32].It has been widely used with infrastructures in form of visible networking, such as power grid networks [33,34], transportation networks [35,36], and pipeline networks [37,38].In addition, graph theory and multiattribute utility theory have also been employed to identify and prioritize candidate infrastructure scenarios vulnerable to terrorist attack [39].
In addition, some other methods are also employed to study infrastructure system, such as entropy theory [40].Sometimes, according to the characteristics of the research object, hybrid approach is adopted to implement the corresponding work.However, there is not a silver bullet solution for all applications in infrastructure system research; all these models and methods have their own advantages and shortcomings and the most suitable approach depends on the specific problems and conditions for each situation.

Vulnerability of Infrastructure.
The word vulnerability comes from Latin, which is mainly used to describe the characteristic that the system and its components could be easily affected and destructed.For example, Achilles heel is a typical example of vulnerability.Recent literature reviews reflect a growing attention in the research of infrastructure vulnerability, and contributions are produced in various disciplines and applied in many different fields [41].In current research, because different disciplines have their own characteristics, the definitions of vulnerability are always different, especially between natural science and social science, and sometimes they seem ambiguous [42].Generally speaking, there are two commonly accepted interpretations in research literature [19].One is that vulnerability is regarded as a system property which means the severity of consequences under the occurrence of a specific hazardous event [43].The other is that vulnerability applies to express a critical system component, a geographical location, or an aspect of a system [39].According to these interpretations, there are different types of vulnerability analyses, ranging from global vulnerability analysis [44] and critical component analysis [42] to critical geographical locations analysis [45].
In modern society, infrastructure system and its components do not exist in isolation and the functional or physical relationships between them are dynamic and complex.Due to interdependences inside the infrastructure or among infrastructures, the failure in any part of system will affect other parts or even spread and cause disturbances to other infrastructures through functional or physical connectivity [46].As such, hazard or failure may give rise to unanticipated cascading consequences.In 2008, a south China snowstorm caused considerable damage to many infrastructures such as transportation and electricity, and most lost part or all of their functions, resulting in an estimated direct economic loss of 1516.5 billion RMB.In addition, functional interdependences among different infrastructures can lead to more serious consequences.For instance, the snowstorm caused loss of transportation, which threatened the supply of coal required by the electric power infrastructure for its generators.Subsequently, the lack of adequate power resources substantially reduced and delayed the rescue effort.
Vulnerability analysis focuses on identifying Achilles' heels in system that may be activated by random incidents, uncertain hazards, or unnoticed threats.There are various disturbances in the operating process of infrastructure systems, which can be broadly divided into two types: concrete disturbances such as snowstorms and abstract disturbances such as random component failures [47].Vulnerability analysis is therefore widely applied in the management of CI systems in the form of evaluating the degree of adverse effects caused by the imposition of these disturbances.

Methodology
3.1.Proposed Framework.Along with the development of engineering technology, the physical structure and function of infrastructures have become increasingly advanced and complex.In general, an infrastructure usually consists of various physical subsystems and components.There are numerous interdependencies of differing kinds in infrastructures [48].During their operation, these subsystems and components must work synergistically and collaboratively for producing and distributing a continuous flow of services or products.The relationships among components can be divided into two types, including physical relationship and functional relationship.From the perspective of network, if the components and their relationships could be discerned in an infrastructure, it could be established as network model.Therefore, CNT is the most appropriate method to analyze the complexity and vulnerability in this study.
According to the research purposes, a theoretic framework is proposed to study the complexity and vulnerability of infrastructure systems without a fixed topological structure.Based on the aforementioned idea, a particular framework is put forward and illustrated in Figure 1.As is known to all, node and edge are the two basic elements in a network model.Correspondingly, according to EBS, the node can be obtained by physical decomposition of infrastructure, and the edge can be obtained by functional decomposition.Based on the decomposition, the network model can be established to describe the infrastructure using network modeling technique.The topological properties in the network model can be analyzed to describe the complexity of the infrastructure.Then, failure types of infrastructure have to be identified for determining the failure mode, which is a key step to do vulnerability analysis in accordance with actual failure conditions.
According to the analytical framework, a prototype of collaborative network model can be built in generalized form by network analysis software Pajek, as illustrated in Figure 2.This network model can be used to vividly represent the components of CIs and their relationships.

Analytical Approach.
With the continuous development of CNT, the statistical indexes of network structure have obtained a lot of achievements, which are the basis of statistical description of various topological characteristics.Furthermore, calculation is usually precise and concise in research.In this paper, several typical indexes are employed to investigate the properties of infrastructure network, that is, degree, betweenness, average path length, network diameter, and clustering coefficient.
In general, for any network  = (, ), where  = (V 1 , V 2 , . . ., V  ) and  = ( 1 ,  2 , . . .,   ), the degree of a node in a network is the number of edges connected to the node.In a directed graph, the degree can be either in-degree (number of incoming edges) or out-degree (number of outgoing edges), with the total degree being the sum of the two, which is expressed by (1).The degree distribution () is defined as the proportion of nodes with degree , and the cumulative () is defined as the proportion of nodes equal to or greater than  [49].Betweenness refers to the proportion of shortest paths through a node or an edge to the total shortest paths between all possible pairs of other nodes in a network.Two types of betweenness-"node betweenness" and "edge betweenness"-are used extensively in network analysis [50,51].Due to the similarity of node betweenness and edge betweenness, only node betweenness is used in this study, which can be calculated by (2) in which   denotes the length of the shortest path between node V  and node V  and   () represents number of the shortest paths running through node V  between node V  and node V  .The average path length is defined as the average number of steps between all possible pairs of nodes in a network, which could be described by (3).The network diameter is defined as the maximum path length in the network, which indicates the size of the network, which can be obtained by (4).The clustering coefficient is used to describe which nodes in a network tend to cluster together from a local perspective [52].The clustering coefficient of a node is defined as the probability of two randomly selected neighbors of the node being connected, which can be calculated by (5), where   is the number of edges directly connected to node   .
Vulnerability is related to the capacity to continue operating following disruption; in other words, it can be described as the decrease degree of system efficiency after failure or attacks [53].In a network, it could be interpreted as the degree of susceptibility to certain disturbances that may lead to reducing its functions.The critical element of a network (node or edge) is that most influence its vulnerability: the more critical the element, the greater the effects of its loss on the system [54,55].Each element of a network has its special functions although they are quite different.The vulnerability level of an element depends on the role it plays in the network structure.It is necessary to identify the weak points in the network for the sake of mitigating vulnerability [56].In a particular case, such as catastrophic event, priority must be given to some critical nodes or edges over others to rebuild and recover the whole system [35].Many definitions on system efficiency are created and studied, but they all have different limitation.At present, the generally accepted measure method is average reciprocal shortest path lengths of networks [57].In network analysis, the vulnerability of a network  could be calculated by (6) [58], where  is the interference factor and  is the set of interferences.Φ denotes the functional metric and Φ[(, )] denotes the degree of function loss.Φ() can be calculated by (7), where  is the number of nodes and   is the distance between two nodes.

An Illustration Example
With the rapid increase of urbanization in China, an increasing number of people move from the countryside to the cities.One effect of this is serious traffic congestion and environment pollution, which is detrimental to the healthy development of cities [59].In view of this, the metro, with large-capacity and energy-saving, is increasingly becoming an effective solution for reducing traffic congestion in large cities in China.As is known to all, China has many large and populous cities, with 142 cities being estimated to have populations over 1 million by 2015.The traffic pressure greatly stimulates the construction and operation of metro projects.At the end of 2015, metros in 24 Chinese mainland cities have already been put into operation with total mileage of 3010 kilometers, and many other cities have been authorized to build their urban metros.Nowadays, metro is becoming one of the critical and essential infrastructures in China mainland, especially in the big cities such as Beijing, Shanghai, and Guangzhou.
The metro system is a good example for the case study in this paper.The metro physical network (MPN) model is established by a three-stage process.Firstly, the data of metro system is collected from monograph, literature, enterprise, and media.Many documents and webpages were downloaded and their contents are sorted and coded for content analysis.The achievement made in the first stage is to find out the components of metro system based on EBS method.In the second stage, an academic conference on the theme of relationships among components is held.Participating in the conference were leaders from the industry experts in metro equipment, some university professors, Nanjing metro operation company, and all the members of our research team.The physical or functional relationships among components are analyzed in-depth and coded in terms of the type and nature of the components.The potential methods of improving metro operation safety management are also discussed.In the third stage, Pajek is used to establish the MPN model in accordance with the components of metro system and their relationships.The nodes stand for components and the edges represent relationships.The entire MPN contains 30 physical modules, as shown in Table 1.Based on the aforementioned method, the MPN model is established, consisting of 30 nodes and 75 directional edges, as shown in Figure 3.

Analyzing the Complexity of MPN.
Many studies show that the topology of a network plays a decisive role in the determining characteristics of a network [52,60].In a broad sense, calculating the topological parameter is helpful for acquiring complexity of the MPN and analyzing the spread of accidents [61].Hence, five parameters of degree, betweenness, average path length, network diameter, and clustering coefficient are explored in this section, which can be used to describe the complexity of a network model from different perspectives.

Degree.
The values of the in-degrees, out-degrees, and total degrees for the MPN are shown in Figure 4.The average degree value is 2.5, which indicates that each subsystem cooperates with two or three other subsystems on average in carrying out its function.The critical component failure will affect correlative components.Automatic train supervision (ATS) (vertex 25) has the highest degree of 13, with an 8 indegree and 5 out-degree, which indicates that ATS plays a critical role in the whole metro system and is in a relatively central position.Its in-degree is also the highest in the network.Multiple paths make it difficult to control for operation safety, compared to other kinds of physical modules with low input degree.It is usually regarded as a key point in a network.The clock system (CS) (vertex 7) and building automation system (BAS) (vertex 28) have the next highest in-degrees with a value of 7. In daily operation, if a few highdegree nodes are attacked simultaneously, MPN will become vulnerable and be turned into a set of isolated subnetworks.Controlling these key nodes can have a positive influence on the robustness of the metro system, which is referential in High voltage network (3) Catenary system (4) Computer interlock (5) Dedicated communication (6) Optical fiber system (7) Clock system (8) Wireless communication (9) TV monitoring (10) Broadcast system (11) Automatic fare collection system (12) Screen doors (13) Escalator (14) Environment control system (15) Water supply and drainage system (16) Electrical and mechanical control system (17) Fire alarm system (18) Supervisory control and data acquisition (19) Passenger information system (20) Access control system (21) Screen display system (22) Sign system (23) Fire control system (24) Automatic train operation (25) Automatic train supervision (26) Automatic train protection (27) Track system (28) Building automation system (29) Low voltage network (30) Elevator equipment maintenance under the condition of limited security resource.In addition, it would be of great helpful to disrupt the connectivity among failures to prevent failures from spreading and propagating in MPN under special conditions.Due to rare nodes with high degree, it makes little sense to analyze statistic data in the tail of the degree distribution.In practice, the cumulative () is preferred in statistical analysis using double logarithmic coordinate system, with the purpose of reducing statistical errors due to finite network size.The cumulative () of MPN is depicted in Figure 5 with approximate fit () = 2.1217 ×  −1.216 , which basically follows the power-law.This indicates that the MPN has the property of scale-free according to CNT.The property means that MPN is robust to random attacks to some extent.The nodes with degree equal to or less than 4 account for 60%, and the influence of failure of these nodes on the network is relatively small.But MPN is vulnerable to simultaneous attacks aiming at nodes with high degree.
Mathematical Problems in Engineering Out-degree In-degree Degree

Betweenness.
Node betweenness is used to describe the extent to which a node plays an intermediary role in the interaction between all possible pairs of nodes in a network [62].Large node betweenness indicates greater importance in the whole network.The range of node betweenness in the MPN is 0 to 0.0976, as shown in radar chart in Figure 6.
Eleven nodes are invisible due to their node betweenness being zero, which indicates that they do not play the role of intermediary among interactions between other nodes.The ATS (vertex 25) has the highest value of node betweenness, which means that the maximum number of shortest paths passes through ATS.Next CS (vertex 7) is 0.0963 and train system (TS) (vertex 1) is 0.0803.The cumulative node betweenness of these three nodes is equal to 0.2742, and almost about 40% shortest paths pass through these three nodes.These nodes should be paid more attention and maintenance cost in daily operation, and it is apparent that effectively controlling these few key nodes can slow down the failure diffusion and step down the chain reaction in MPN.

Average Path Length and Network
Diameter.The transmission efficiency of information or energy has a significant correlation with the average path length, with shorter average path lengths having a higher efficiency.The value of the average path length in MPN is 2.5, which indicates that the information or energy is transmitted in two or three steps on average.For instance, TS (vertex 1) and computer interlock (CI) (vertex 4) are two isolated physical modules, which can be connected only in two steps, as presented in Figure 3.In addition, the network diameter in the MPN is 6, which is from CI (vertex 4) to TV monitoring (TVM) (vertex 9).The MPN is therefore a relatively small network according to its average path length and network diameter.It means that metro system is a more collaborative network.In general, this kind of network always has a high operating efficiency, which means that MPN is an efficient transportation system.

Clustering Coefficient.
The node clustering coefficient of the MPN is shown in Figure 7.It is observed that it only includes 22 nodes.The other eight nodes do not have a clustering coefficient because their in-degree or out-degree is equal to 1, means they have only one adjacent node.In the process of calculating, the direction between nodes is not considered.The highest clustering coefficient is 0.5 (vertex 3 and vertex 8) and the lowest is 0.03 (vertex 6).The network clustering coefficient is defined as the average value of all nodes in the network and is 0.1085 in the MPN, which is larger than a random network with a similar network scale.The MPN has a short average path length and a high clustering coefficient, which indicates that it has small-world characteristics [63].A small-world network is a special kind of graph in which most nodes can be reached from every other node by a short path.Failure propagation in MPN is much faster than a regular network.Hence, it is necessary and changeful to control cascading failure among physical modules for avoiding a serious consequence.

Analyzing the Vulnerability of MPN.
There are various kinds of interference factors in the process of metro operation, such as severe weather, equipment failure, and unsafe behavior of passengers.However, no matter what kind of interference, the harmful results can be divided into two categories: module failure and relationship failure.
Corresponding to the network model, the consequences are node failure and edge failure.Therefore, in this paper, vulnerability analysis is mainly implemented as follows.

Vulnerability in Node Failure
Mode.Vulnerability in node failure mode is analyzed in this section.One node in the network model represents a physical module in critical infrastructure, and the whole network represents the whole infrastructure.If a module can not provide its normal function in reality, the corresponding node will be deleted from the network model.The deletion sequence of nodes corresponds with the order of node degree, called the "largest degree node-based protocol."Network efficiency is calculated in order to evaluate the change of performance in MPN. Figure 8 depicts the changes of network efficiency as the fraction of moved nodes increases, indicating that the network efficiency declines quickly as the number of removed nodes increases.The network efficiency is decreased by 60% when the fraction of removed nodes is about 10% and declines very quickly as it increases to 20%.This suggests that 10% of nodes with largest node degree are the most vulnerable nodes in the network model, which means that the corresponding components in the infrastructure are vulnerable.For instance, the most vulnerable module in the metro system is the ATS (vertex 25).If these critical modules can obtain good maintenance effect, the safety level in metro operation can be improved to a great extent.

Vulnerability in Edge Failure
Sequences.Vulnerability in edge failure mode is analyzed in this section.One edge in the network model represents the functional relationship between two components in the infrastructure system.When an edge is unavailable to play its full part, the safest path between nodes will change due to forced detours around the failure.From this point of view, an edge will be deleted from the MPN model if the collaboration relationship is broken in reality.The deletion sequence of edges corresponds with order of edge betweenness, termed the "highest betweenness edge-based protocol."Figure 9 depicts the changes of network efficiency as the fraction of moved edges increases.Due to an edge just representing the partial function of one component, the curve declines slower under the edge deletion protocol comparing with the node deletion protocol.Network efficiency decreases by 20% when the fraction of removed edges is about 5% and declines at an even speed when this is larger than 10%.This indicates the most vulnerable relationship to be between the (vertex 1) and automatic train operation (ATO) (vertex 24) in If these critical relationships can obtain good maintenance effect, the safety level in metro operation can be improved to a great extent.

Conclusion and Discussion
In this paper, a theoretic framework is put forward to research critical infrastructure system without a fixed topology structure.Metro system is chosen to be investigated in accordance with network analysis, which is a powerful tool in complexity and vulnerability research.Based on the physical modules and their relationships, Pajek is selected to build the unweighted directed MPN.CNT is adopted to study the complexity and vulnerability of MPN.Five parameters including degree, betweenness, average path length, network diameter, and clustering coefficient are calculated and analyzed to better acquire and understand the network structure of MPN.These parameters reflect the topological properties from different perspectives, which is beneficial to understand and capture the complexity of metro system.ATS, CS, and TS are the three highest degree nodes in MPN, and about 40% shortest paths pass through these nodes.Effectively controlling these key nodes can reduce accident propagation efficiency and dampen chain reaction.The cumulative () of MPN obeys power-law distribution with the approximate fit () = 2.1217 ×  −1.216 .It means that MPN has the property of scale-free network and is robust to random attacks.The properties of short average path length and big clustering coefficient denote that MPN has the property of small-world network.Accident propagation in this type of network is faster than random network and regular network.Meanwhile, it is found that metro system is a more collaborative network, and some few key nodes play a critical role in metro operation, such as ATS and TS.If some high-degree nodes are broken down or some high-betweenness edges fail to provide their normal function at the same instant, MPN is turned to be isolated and vulnerable.The key threshold is between 10% and 20%.The most vulnerable module in the metro system is the ATS, and the most vulnerable relationship is to be between the TS and ATO.These critical modules and relationships are Achilles' heels for the whole metro system.Effectively controlling these Achilles' heels can slow down the accident propagation and weaken chain reaction.Quantitative analysis of the topological parameters is beneficial to further understand and capture the complexity of MPN.The vulnerability analysis is helpful for controlling original accidents and avoiding secondary accidents.In view of the sequential relationships among numerous failures and accidents, this research may also have a positive impact on early-warning of accidents.In practice, the managers and technicians should pay more attention to the identified vulnerable modules and put more resource to assist in promoting safety performance in metro operation.
Because it is impossible to consider all failure factors due to their diversity and complexity, two removal strategies are selected to research the vulnerability of the metro system under the condition of real failures.According to actual situations, two different strategies are selected to evaluate performance change as measured by the network efficiency.The largest degree node-based protocol causes great damage to the metro physical network due to the nodes with large degrees having better local connectivity.In a real infrastructure system, this means these components exert a greater influence on a functional level.In contrast, the highest betweenness edge-based protocol causes relatively smaller but still serious damage.In a real infrastructure system, one edge represents the collaborative relationship between two components, which has less functional impact.Hence, through network analysis, the vulnerable components and functional relationships in MPN can be identified, and the extent of vulnerability can be obtained and quantified.It is envisaged that this study can help managerial personnel to understand the complexity and vulnerability in metro system for the sake of developing necessary strategies aimed Mathematical Problems in Engineering at improving safety management in a dynamic operating environment, especially in emergency.
The potential contributions of this study lie in three aspects.First, it helps to understand the complexity and vulnerability of infrastructure.In this paper, the main topology properties are captured in order to display the essential structure of metro system, and the vulnerability of metro system is analyzed.Second, network modeling technique is employed in this study, which may offer a possible approach to study complex infrastructure system.It will enlarge the application range of CNT.Furthermore, this study has the potential benefits in infrastructure emergency and relief.It can help managers to make decisions in emergency rescue in order to lighten the losses by original accident and avoid derivative or secondary accidents.
The main limitation of applying CNT in this study is that the established network model does not take the difference of nodes and edges into consideration.Various physical modules are collaborative to accomplish the overall functions of metro system, and it is very difficult to discern and distinguish the different importance for different physical modules; therefore, the weight is more difficult to assign.That is why the network model in this study is unweighted.In future study, more attention should be paid to improve the network model based on more precise understanding of infrastructure.Furthermore, how to reduce the vulnerability of infrastructure is a significant direction which deserved further research.In addition, the potential interdependencies among metro system and other CIs deserve more attention and should be explored systematically.

Figure 2 :
Figure 2: A prototype of collaborative network model.

Figure 3 :
Figure 3: The network model of metro physical system.

Figure 4 :
Figure 4: In-degree, out-degree, and total degree values.

Figure 9 :
Figure 9: Changes of network efficiency with the highest betweenness edge-based protocol.

Table 1 :
Names and codes of physical modules.