Railway Safety Risk Assessment and Control Optimization Method Based on FTA-FPN: A Case Study of Chinese High-Speed Railway Station

In order to make safety risk assessment more accurately and more reasonably for high-speed railway station in China, this paper analyzes risk factors of fault tree and transfers the fault tree of risk accident into fuzzy petri net and then builds the FPN-FTA model by combining the dynamic weighting fuzzy petri net (FPN) and fault tree analysis (FTA) based on the latter. This paper simulates the FTA-FPN model with Stateﬂow of Matlab software. Then, it builds up a bi-objective risk control model, making the minimum safety risk level and minimum necessary cost as the objectives, and it designs discrete particle swarm optimization algorithm to solve the risk control model. Finally, this paper selects stampede accident of Shijiazhuang high-speed railway station as an example in case study for assessing stampede risk level and gets the risk control schemes for this station. The results verify the feasibility and validity of the model and algorithm.


Introduction
e pressure on railway transport safety management has increased constantly with the rapid development of railway. erefore, safety risk control is the key to secure railway transport. Safety risk control refers to the scientific management methods of realizing the maximum safety guarantee with the minimum cost by controlling risks effectively and optimizing safety risk control technologies based on the assessment of safety risks during the enterprise production activities. Safety Risk Assessment and Control Optimization can not only reduce probability of risk occurrence but also keep the risk control cost within reasonable boundaries, and many scholars have done researches on this topic [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. Fault tree theory is widely applied to safety risk assessment at present [5][6][7][8], while fuzzy petri net is mostly used for safety diagnosis [9][10][11][12][13][14]. However, there is no existed literature that combines the fault tree and fuzzy petri net to make railway safety risk assessmentexcept our master thesis [15].
Although these methods or models have contributed to the safety risk control theory of railway transport in different aspects, there are still several problems need to be discussed.
① In the previous safety risk assessment research, the indicator system is used to analyze the system as a whole, but the causal correlation of the development of security risk events is not described. ② e traditional studies on the safety risk of transportation system consider the ambiguity and uncertainty of risk factors not enough. It is impossible to determine the risk status of the system accurately. ③ e weight value of each risk factor is relatively fixed, and it cannot directly reflect the influence degree of the development stage with different risk factors of the risk accident. ④ In previous studies, the control of the risk is lack of balanced analysis between benefit and cost since there is not enough consideration for the cost control.
In order to solve these problems, this paper takes the similar characteristics of dynamic weighting fuzzy petri net (FPN) and fault tree analysis (FTA) into consideration, introduces FTA-FPN into railway safety risk assessment, analyzes risk factors of fault tree, maps the fault tree of risk accident into fuzzy petri net, and builds up railway safety risk assessment model combined with both FPN and FTA [4]. en, this paper proposes to simulate FTA-FPN model by Stateflow, considering the graphic characteristics of fuzzy petri net. Based on Target Cost Method, cost control is introduced into risk control optimization. A bi-objective model with the minimum safety risk level and minimum necessary cost as the objectives is built up, and corresponding discrete particle swarm algorithm is designed for solving the model. e paper makes the risk control of passenger traffic congestion in high-speed rail passenger station as an example to carry out method verification. An empirical study is conducted at the Shijiazhuang High-speed Railway Station to assess the safety risk level of the crowded stampede event and the control optimization plan.

Dynamic Weighting Fuzzy Petri Net.
Dynamic weighting fuzzy petri net is a transformation of the normal petri net; it consists of places, transitions, and the flow relations between them. However, the composition and element meaning of dynamic weighting fuzzy petri net are different from the normal petri net. Dynamic weighting fuzzy petri net can be defined by a ten-element group [8]: where P � p 1 , p 2 , . . . , p n refers to the nonempty set of places which represent cause events. T � t 1 , t 2 , . . . , t m refers to the nonempty set of transitions which represent the happening of the events. D � d 1 , d 2 , . . . , d n refers to the nonempty set of propositions. |P| � |D|, P ∩ T ∩ D � ∅. I: P × T ⟶ 0, 1 { } refers to the entry incidence matrix which represents the entry relations from places p i to transitions t j . I � (θ ij ). θ ij refers to the input arc. If there is input arc between place p i and transition t j , then θ ij � 1, otherwise { } refers to the export incidence matrix which represents the export relations from transitions t j to places p i . O � (η ij ). η ij refers to the export arc. If there is output arc between transition t j and place p i , then η ij � 1, otherwise η ij � 0. μ: T ⟶ [0, 1] refers to the real number mapping of transitions. μ j is the certainty factor (CF) of the inference rule of transition t j . μ � (μ 1 , μ 2 , . . . , μ m ), μ j ∈ [0, 1]. α: P ⟶ [0, 1] refers to the real number mapping of places which represent the validity of propositions d i that correspond to places p i . P ⟶ D because the places are mapped into propositions, so places and propositions are matched one by one. α is the token of the petri net. α i � α(p i ), α i ∈ [0, 1]. λ: T ⟶ [0, 1] refers to the mapping which represents the threshold values of the triggering of transitions t j . λ j ∈ [0, 1]. W � (ϖ ij ) refers to the dynamic weighting which represents the support of prerequisite proposition to result proposition; it varies with the changing of α(p i ). Dynamic weighting reflects the degree of associations between a certain indicator and other indicators in the evaluation system. e dynamic performance of the petri nets means the dynamic weight will change dynamically with the assessed value α(p i ) of each evaluation of the cause events p i in the petri nets. Formula (2) shows the value of ϖ ij . 1≤i≤n ϖ ij � 1, j � 1, 2, . . . , m: M � (α(p 1 ), α(p 2 ), . . . , α(p n )) T refers to the identification of dynamic weighting fuzzy petri net. e fuzzy rules of fuzzy petri net are as follows: ( . . , d in are prerequisite propositions; μ 1 , μ 2 , . . . , μ n are validities of different rules, d k is result proposition, and λ 1 , λ 2 , . . . , λ n are the threshold values of the triggering of different transitions. If n i�1 α(p i )ϖ i > λ i , transition will be triggered. e validity of prerequisite proposition is not changed, and the validity of d k is max(α(p i )μ j ).

Railway Safety Risk Assessment Model Based on FPN and FTA.
Based on the features of railway system and safety risk assessment, this paper combined the advantages of fault tree method and fuzzy petri net theory and proposed the railway safety risk assessment method based on FTA-FPN, as shown in Figure 1. e specific rules for mapping fault tree model into fuzzy petri net model are as follows: ① e events of fault tree and the places of petri net can be transformed into each other. e basic events of fault tree are corresponding to initial places of petri net; the top event of fault tree is corresponding to target place of petri net. ② e causal relations between events of fault tree and the transitions of petri net can be transformed into each other. ③ e logical gates mainly consist of AND gates, OR gates, NOT gates. e negativity of the event can be set as a new event, so there will be no NOT gate existing in the fault tree. e logical gates of fault tree and symbols of petri net can be transformed into each other, as shown in Figure 2. ④ e special logical gates such as voting gates, exclusive-OR gates, and exclusion gates can be transformed into AND gates, OR gates, or their combinations. erefore, the fault tree can only consist of AND gates and OR gates.

e Solving Method.
ere are two methods used for solving fuzzy petri net. e search algorithm based on the net model and the inference method based on the incidence matrix of petri net. e second method is popular at present for its convenience. However, it is the lack of efficiency while applied to large-scale net. e first method can be visualized, but it is complicated and difficult for solving manually. According to the disadvantages of the first method, this paper proposes to use Stateflow for simulating petri net model and finally solve the fuzzy petri net. Stateflow is a kind of design tool with strong visualization and integrated into Simulink of Matlab software. It is widely used for the simulation of complicated eventdriven system.

Assumptions
(1) e superior limit of system risk level and the limit of total cost of risk control is both known.

Parameters
Q-general risk level of the whole system c i -cost for controlling the risk source i Q m -maximum permissible general risk level C m -limit of total cost for risk control N-amount of risk factors n-amount of controlled risk factors Journal of Advanced Transportation Formula (3) refers to risk level of railway system, and formula (4) refers to the necessary cost for safety risk control of railway system. Constraints: Formula (5) represents that the risk level of railway system cannot exceed the maximum permissible general risk level. Formula (6) represents that the cost of risk control cannot exceed the limit of total cost of risk control. Formula (7) represents that the amount of controlled risk factors cannot exceed the amount of risk factors. Formula (8) represents the decision variable of risk source i, if the risk source is controlled, then it is 1, otherwise, it is 0. Formula (9) represents that risk level of risk source i after control is lower than that before control.

Discrete Particle Swarm Optimization Algorithm.
is paper chooses Binary Particle Swarm Optimization (BPSO), also known as Discrete Particle Swarm Optimization Algorithm, to solve the safety risk control model. BPSO belongs to Particle Swarm Optimization (PSO). It has several features as follows: where v τ i·l is the speed of particle i in dimension l in iteration τ; x t i,l is the position coordinates of particle i in dimension l in iteration τ; ξ is inertia weight of the current speed during state adjustment; Rand() is random coefficients evenly distributed between 0 and 1; and o is acceleration limit factor. p τ i,l is the optimal position of particles i in the population up to the τ− th iteration. p τ g,l is the optimal position experienced by all particles in the population until the τ− th iteration.
Different from basic PSO, the coding of BPSO is binary, the code of each particle is 0 or 1. erefore, the update rule of basic PSO is changed by introducing the fuzzy function, as formula (10) shows.
For basic PSO, v max , which is definite, is the superior limit of particle speed, while for BPSO, the particle speed v τ i,l can be represented in the form of probability, and v max refers to the probability range of particle speed. Now, define the probability of particle position as Sig(v τ i,l ) � 1, then 1 − Sig(v τ i,l ) � 0. e transformation probability of particle will be

Inertia Weight.
Inertia weight has influence on algorithm search capability. is article proposed to use nonlinear adaptive strategy for calculating the inertia weight w, as formula (14) shows: where τ is the number of iterations at present; τ max is the maximum number of iterations; w initial is the initial inertia weight of particle at beginning; w final is the final inertia weight of particle at ending; τ sw is the number of iterations at present during calculation, initial value is 0; and w sw is the inertia weight at present during calculation, initial value is w initial , Specific calculation process: Step 1: Initialize parameters of model, algorithm, and particle initial status such as position and speed. Calculate the sufficiency for each particle by the following formula F(x) � ε 1 Q(x) + ε 2 C(x), ε 1 � 0.5 and ε 2 � 0.5.
Step 2: Compare the sufficiency with the current best sufficiency Pbest of each particle; update Pbest if it is better.
Step 3: Compare the best sufficiency Pbest of each particle with the current best sufficiency Gbest of the whole group; update Gbest if it is better.
Step 4: Calculate inertia weights by formula (12), then update particle positions by formula (10), correct unsuitable particles of constraints, and generate the new particle group.
Step 5: Check the number of iterations, if it has reached the maximum number, end calculation, and turn to Step 6, otherwise, turn to Step 1.

Case Study
is paper uses stampede accident in high-speed railway stations as the example of method validation. Comparing with the normal railway station, high-speed railway station covers a larger area, has more equipment, and more complicated passenger flows. Stampede accident may easily occur if there is passenger tumble or escalator failure. erefore, it is vital to control the risks of stampede accidents accurately and efficiently in the high-speed railway station.

Stampede Risk Assessment Model of High-Speed Railway Station Based on FTA-FPN.
is paper builds the fault tree model of stampede accident of high-speed railway station and maps it into fuzzy petri net based on the transformation methods. en, the stampede risk assessment model of high-speed railway station based on FTA-FPN is built. Figure 3 and Table 1 specify the contents of places. Place P i represents factor that may cause stampede accident, the corresponding proposition d i represents the status of the factor. e reliability α(p i ) of d i represents its assessed value under different statuses. Transition t j represents the development of event. Fuzzy factor μ j of transition t j represents the possibility of development. e corresponding risk level of token value of place P 21 can represent the stampede risk level in high-speed railway station.

Stampede Risk Control Model of High-Speed Railway Station Based on FTA-FPN.
e stampede risk control model of high-speed railway station based on the FPN model of stampede risk is built, and its object function and constraints are shown as follows:  Table 2. S experts, recorded as E � e 1 , e 2 , . . . , e s , are invited to assess stampede risk factors, and expert weights are W e � w e 1 , w e 2 , . . . , w e s . e assessment criteria of stampede accident are recorded as Z � z 1 , z 2 , . . . , z n , and the assessed values are x j (j � 1, 2, . . . , n). All criteria are calculated based on formula (15   Crowded ticket or boarding entrance P 3 Crowded escalator or passage P 4 Crowded station exit P 5 Insufficient emergency response ability P 6 Insufficient safety awareness (staff) P 7 Fire explosion P 8 Escalator failure P 9 Terrorist attack P 10 Passenger tumble P 11 Unsuitable escalator or passage P 12 Unsuitable station entrance and exit P 13 Poor emergency evacuation P 14 Insufficient safety awareness (passenger) P 15 Poor station design P 16 Unforeseen circumstances P 17

Assessment Criteria Quantization of High-Speed Railway
Poor manual guidance P 18 Passenger gathering P 19 Activating event P 20 Excessive passenger density P 21 Stampede accident 6 Journal of Advanced Transportation

Stampede Risk Assessment of Shijiazhuang High-Speed
Railway Station. Shijiazhuang high-speed railway station is a large transportation hub with multiple transport modes, including subway, high-speed railway, normal-speed railway, and road transport. In this paper, 15 experts are invited to participate in the evaluation work. However, considering the daily safety assessment of the high-speed railway station, the number of experts participating in the evaluation is limited. In order to make the evaluation results be in line with the actual work, the authors selected 3 typical experts and their evaluation results for Shijiazhuang highspeed railway station. One of them is an expert on the field of passenger safety supervision for high-speed railway passenger stations with rich supervision experience. One is a senior management with high management experience in high-speed railway passenger transportation. e other is a professor of high-speed railway passenger safety management with rich theoretical knowledge. For the opinions of the other 12 experts, we have summarized their opinions with the 3 typical expert opinions, which are selected to a certain degree, and finally form an evaluation index system for the thesis. Taking into account the equality of experts from different fields, the paper sets their weights as W ε � 1/3, 1/3, 1/3 { }. After calculation, the assessed values of criteria can be received, as shown in Table 3.
Based on the relations between criteria and fuzzy petri net, Stateflow is used to simulate the fuzzy petri net model of stampede risk in Shijiazhuang high-speed railway station; e Stateflow model is shown in Figure 4. After substituting the assessed values of criteria, the risk levels of some risk factors can be received, as shown in Figure 5. e risk status can be divided into 4 segments according to relevant Chinese national standards, including safe, alert, dangerous, and extreme dangerous, and the corresponding ranges of assessed value are shown in Table 4 based on the literature [4,9]. Calculation results show that risk status of stampede accident is alert. Main causes include crowded station entrance, escalator, or passage and two escalator failures during the assessment.
After simulation, the result is shown in Figure 4. e red square frames represent that the risk levels of the corresponding risk factors have reached the alert level, which is 0.6, and the control methods are necessary. e risk levels of risk factors of stampede accident in the Shijiazhuang high-speed railway station can be received, as shown in Figure 6. e risk statuses of risk factors P 18 , P 19 , P 16 , P 1 , P 4 , and P 8 are alert. e risk statuses of risk factors P 2 and P 3 are nearly dangerous. e control methods for risk factors are shown in Table 5. Fire explosion P 7 and terrorist attack P 9 are left out of consideration for their assessed values are very low.
Different control methods need different amount of staff or materials, which leads to different costs. erefore, this paper determines the costs of different control methods for different risk factors based on investigation and survey, which is shown in Table 6.
α ′ (p i ) are the predicted risk levels after control, assessed by experts. e model is solved by discrete particle swarm optimization algorithm; initialization is necessary at the beginning. Population size N � 20, study factor o 1 � o 2 � 1.52, W inital � 0.9, W final � 0.4, C κ � 0.8. Matlab is used for programming. is paper sets 3 different cost constraints, including 700,000 Yuan/year, 900,000 Yuan/year, and 1150,000 Yuan/year for comparing different control results. e control results under different cost constraints are shown in Table 7.   Figure 7 shows the control results of different risk factors under different cost constraints. Although the cost is 900,000 Yuan/year, the result is obvious, which is 0.4143, and all risk factors remain in safe status. If safety redundancy is needed, that is, risk levels of all risk factors should remain under 0.5, and then, the control cost should be 1150,000 Yuan/year. is paper concludes that Scheme 2 is preferable under overall consideration. Step8 entry: P 19 = P19; P 20 = P20; T 19 = P19/(P19 + P20); T 20 = P20/(P19 + P20);
(2) Add staff for guidance. (3) Strict operation standards and reliable insurance. P 3 Add staff for guidance.
(2) Set instruction signs. P 13 (1) More education or simulation of emergency response.
(2) Immediate and effective emergency response process.  safety risk level and minimum necessary cost as the objectives is also built up with the risk control costs as constraints. Discrete particle swarms optimization algorithm is designed accordingly. Meanwhile, Stateflow of Matlab software is used for simulating fuzzy petri net and visualized simulation for risk assessment model based on FTA-FPN is also achieved. is paper selects stampede accident of the Shijiazhuang high-speed railway station as an example in case study for assessing stampede risk level and receiving risk control schemes. Results show that the risk level of Shijiazhuang high-speed railway station is 0.601 which is alert. en, research for safety risk control was carried out, and results show that while the limit of total risk control cost is 900,000 Yuan/year, risk source P 1 , P 2 , P 3 , P 4 , and P 8 should be controlled, and the risk level shall be reduced to 0.4143. e improvement is obvious and risk levels of all risk factors remain safe.

Data Availability
Major part of the data used to support the findings of this study are included within the article. Further information can be obtained from the author Mr. Zhuang.

Conflicts of Interest
e authors declare that they have no conflicts of interest.