Assessing the Risks of Airport Airside through the Fuzzy Logic-Based Failure Modes, Effect, and Criticality Analysis

To identify risk items, measure risk value objectively, and establish risk assessment matrix of airports is the major task of airport safety.This paper first extracts 14 risk items of airports from the International Civil AviationOrganization (ICAO) aviation accidents database and then applies Failure Modes, Effect and Criticality Analysis (FMECA) to define the decision factors of probability, severity and detectability of airport risks.This paper also designs a questionnaire and applies fuzzy logic to discover the importance of decision factors, to find out the threshold value of Risk Assessment Matrix, and to prioritize the airport risks. This paper uses Taiwan Taoyuan International Airport as a case study to demonstrate the modeling process and analyze the results.


Introduction
Any aviation accident may lead to unpredictable fatal losses.Statistically, almost 80% of aviation accidents occur at airports.Therefore, how to identify risk items, measure risk value objectively, and establish Risk Assessment Matrix of airports is a major task of airport safety management.Establishing a risk management mechanism for airports to monitor and improve these risks is the only solution to lower latent risks efficiently and to achieve the goal of airport safety.The probability of an aviation accident is very low, making it a difficult and complex task to properly explain, locate, and manage overall aviation safety [1].Quantitative assessment of risk is particularly challenging in aviation safety domain where undesired events are extremely rare, and the causal factors are difficult to quantify and nonlinearly related [2].Because of this incomplete information and data uncertainty, the traditional risk assessment ranks the level of risks through risk map based on the subjective experience and risk threshold value [3].Since the subjective experience involves fuzzy linguistic variables to describe the severity, frequency of occurrence of the failure, and their fuzzy relationship, fuzzy logic based on the experience of experts is a good method to deal with risk assessment.
Risk assessments are classified into 3 types of assessments: qualitative, quantitative, and quasi-quantitative.Failure Modes, Effect, and Criticality Analysis (FMECA) has been widely used as a quantitative tool to analyze the safety and reliability of products and processes in a wide range of industries.In 1960s, NASA concluded that it is a necessary procedure of space development project.In 1970s, it was applied extensively on defense science and technology of America and motor process [4,5].However, conventional FMECA techniques impose some limitations on problem solving such as the difficulty to evaluate linguistic variables and obtain the probability distributions as several failure modes occur simultaneously [6].To overcome the drawbacks of FMECA, a number of approaches have been suggested in the literature [7].One of them proposed fuzzy risk priority numbers (RPNs) to prioritize the failure modes [8].However, conventional RPN methodology has not considered indirect relations between components [9], and it has the serious problem of measurement scales and loses some valued information, which experts have to provide [10].The RPN analysis requires the risk factors of  (probability),  (severity), and  (detectability) for each failure mode.However, the weights for each risk need to be identified.
An airport is a complex system, and each facility in the airport is an important component of the system.Any component influences the airport operation to some extent and may lead to aviation accidents if it fails.Michael [11] used the Flight Operations Risk Assessment System (FORAS) to provide a quantitative relative risk index representing an estimate of the cumulative effects of potential hazards on a single flight operation.Heinrich [12] classified aviation safety items as human, machine, mission, management, and environment.Edwards [13] classified them as livewire, hardware, software, and environment.Boeing Company classifies them as crew, airline flight operations, airplane design and performance, airplane maintenance, and weather information [14].IATA Safety Report classifies them as human, organization, machine, environment, and insufficiency [11,15].Most of past research in aviation safety focuses on the safety of aircraft operation, traffic control system, crew management, aviation safety system of airlines organization and culture, and logistics issues such as apron operation and security check; less attention has been paid to airport risk management [16].
The purpose of this paper is to improve the shortcomings of traditional RPN and the difficulty of identification of threshold value through incorporating the FMECA concept and fuzzy logic method with weightings of risk decision factor to measure the risk priority numbers (RPN).Compared with traditional methods of risk quantification or FMECA, this paper has the following advantages: (1) fuzzy inference provides more realistic and flexible way to reflect the real situation of the ambiguous airport airside risk with imprecise information; (2) weights of risk decision factors can be employed to set improvement strategies in the future; (3) ambiguous risk can be ranked and represented in terms of precise RPN effectively; (4) by determining the threshold value of risk assessment matrix more precisely, airport operator can explore unacceptable risk efficiently; (5) by designing FMECA table systematically and assessing RPN, we can explore the hot spot of airport airside risk occurrence efficiently.To illustrate the applicability, this paper uses Taiwan Taoyuan International Airport as a case study.

Identification of the Airport Airside Risks
Risk was traditionally defined as uncertainty or the chance of loss [17].The uncertainty of event occurrence is subjective and indicates the existence of "whether or not, " "when, " "circumstance, " and "severity." While the loss caused by the occurrence of an event is objective, it emphasizes the probability of loss [18].The definition of risk may be different in research but it always emphasizes the expected value of combining probability and severity.Detecting risk helps control the occurrence of airport risks during operation.This paper introduces detectable concept on airport risk management and defines risk as expected value combining the probability, severity, and detectability.
An airport system is classified into airside and landside.Airside consists of apron-gate area, taxiway system, holding pad, runway, and terminal airspace.Landside consists of terminal buildings and airport ground access system.Accidents on landside may lead to chaos of airport or nearby transportation, while accidents on airside cause not only aircraft damage of staff injury, but also flight schedule delay as well as indirect chaos.This paper focuses on airport airside risk.
According to Annex 13 to the Convention on International Civil Aviation Organization (ICAO), an aviation accident is defined as an occurrence associated with the operation of an aircraft which takes place between the time any person boards the aircraft with the intention of flight and all such persons have disembarked, in which a person is fatally or seriously injured, the aircraft sustains damage or structural failure, or the aircraft is missing or is completely inaccessible [19].Aviation safety is influenced by random factors from human, climate, or machinery and all these bring uncertainty.The identification of airport airside risk is the first step of airport risk analysis.Not much literature has identified the airport airside risks so far.This paper first extracts 6 airport airside-related flight operation procedures and their corresponding occurrence areas, based on 14 flight operation procedures and 28 categories of accidents in ICAO aviation accidents data base [20], and then identifies 14 airport airside-related risk items shown in Table 1.Each risk item along with its corresponding failure mode code and definition is shown in Table 2.

Risk Measurement Methodology
To identify, measure, and prioritize the risk items, this paper employs the methods of FMECA, fuzzy logic, and risk assessment matrix, which are discussed in this section.

Failure Modes, Effect, and Criticality Analysis (FMECA).
FMECA combining Failure Modes and Effect Analysis (FMEA) with Criticality Analysis (CA) is a systematic analysis method with a bottom-up pattern.In practice, FMECA risk assessment mainly consists of four methods: mode criticality, criticality rank, risk level and risk priority numbers (RPN).However, the RPN method is the most extensively used one to assess risk.
In the RPN method the parameters used to determine the criticality of an item failure mode are its frequency of occurrence, the severity of its failure effects, and the likelihood that subsequent testing of the design will detect that the potential failure mode actually occurs [21].Traditionally, RPN is the product of probability, severity and detectability [22].Sankar and Prabhu [23] used the RPN ranks 1-1000 to represent the increasing risk of the 1000 possible severityoccurrence-detection combinations and interpreted them as if-then rules by an expert.But different sets of severityoccurrence detection may produce the same RPN value, and their hidden risk implications may be different.Ahmet and Mehmet [2] used the fuzzy technique for order preference by similarity to ideal solution (TOPSIS) based fuzzy analytical hierarchy process (FAHP) to find the most important and risky potential failure mode (PFM).Daya and Roof [24] consider the importance of risk factors by using exponential weight.Chang and Wen used the Ordered Weighted Average (OWA) operator to resolve the problem of measurement scale [10].Lee and Chang [25] tried to apply the TOPSIS method to allocate weights to risk decision factors, but they still failed to determine the threshold of risk assessment matrix effectively.In order to resolve the problems mentioned above, this paper

RI-A FM11
Runway incursion-animal (collision with, risk of collision, or evasive action taken by an aircraft to avoid an animal on a runway in use)

RI-VAP FM12
Runway incursion-vehicle, a/c or person (any occurrence at an aerodrome involving the incorrect presence of an aircraft, vehicle or person on the protected area of a surface designated for the landing and takeoff of aircraft) SEC FM13 SEC: security related (criminal/security acts, which result in accidents or incidents) USOS FM14 Undershoot/overshoot (a touchdown off the runway surface) formulates the RPN with criticality of risk decision factors in the form of exponential weight by where : probability, : severity, : detectability, : constant, : flight procedure, : risk occurrence area, : failure mode,   ,   ,   : the weights of probability, severity, and detectability, respectively, and the sum of weights is equal to 1.
Equation (1) shows that the higher the probability, severity, and undetectability of a risk item, the more critical the RPN is.Risks with a high RPN are assumed to be more important and should be given a higher priority than those having a lower RPN.Hence, this paper considers probability, severity, and detectability as state variables and RPN as a control variable in the following FLC process.
A good FMEA can help analysts identify known and potential failure modes as well as their causes and effects and prioritize the identified failure modes and can also work out corrective actions for the failure modes [7].To analyze the complicated airport airside risk, this paper assesses the values of probability, severity, detectability in each failure mode and their corresponding RPN values and ranks them in terms of RPN values.

Fuzzy Logic.
Fuzzy logic provides a tool for directly working with the linguistic terms used in making the criticality assessment.A criticality assessment based on fuzzy logic allows an analyst to evaluate the risk associated with failure modes in a natural way [21].Fuzzy logic, based on the if-then rules with expert's knowledge, formulates rules in linguistic terms rather than in numerical terms, which can deal with situations such as the assessment of airport airside risk with insufficient and imprecise information.This paper adopts fuzzy logic to analyze the airport airside risks and its process is discussed as follows and shown in Figure 1.
Step 1 (identification of the airport airside risks (described in Section 2)).The airport airside risk items are identified in Section 2.
Step 2 (fuzzification of , ,  and risk).The fuzzification process first converts the probability, severity, and detectability inputs into their linguistic variables and then fuzzifies them to determine their degrees of membership through membership functions.The membership function of fuzzy numbers presented here is the most popular triangular one because it is easy to use and interpret.A triangular membership function of fuzzy number  in fuzzy set  can be defined as follows: where   = (  +   )/2.  ,   , and   denote the smallest possible value, the most promising value, and the largest possible value that describe a fuzzy event, respectively.A sample of a triangular fuzzy is shown in Figure 2.
Three classes of the linguistic variable, high, moderate and low, as defined in this paper, overlap between adjacent membership functions and are shown in Figure 3.
Step 3 (derivation of fuzzy rules between , ,  and risk).Fuzzy inference rules (If-then) have the form: "if  is  and  is  then  is ", where ,  and  are the linguistic values defined by fuzzy sets in the universe of discourse , , and , respectively [26].The If-Then rules have two parts: an antecedent (state variable), which is compared to the inputs, and a consequent (control variable), which is the result.All the rules that have any truth in their premises will fire and contribute to the fuzzy conclusion set.
Fuzzy rules are generated through expert knowledge in this paper.These rules can be viewed as relations between state variables and a control variable, or a qualitative evaluation of riskiness for various combinations of , , and .One example is "if probability () is low, severity () is low, and detectability () is low, then risk () is low." For the fuzzy criticality analysis, we express the failure probability through its occurrence, the seriousness of a failure through its severity and how easy it is to detect a failure through its detectability.Each rule is fired to a degree that is a function of the membership to which its antecedent matches the input.
Step 4 (evaluation to a fuzzy conclusion).The fuzzy inference process uses "min-max inference" to calculate the rule conclusions based on the system input values [27].The result of this process is called the "fuzzy conclusion." The truthvalue of a rule is determined from the conjunction of the rule antecedents.With conjunction defined as "minimum, " rule evaluation then consists of determining the smallest (minimum) rule antecedent, which is taken to be the truth value of the rule.This truth-value is then applied to all consequences of the rule.If any fuzzy output is a consequence of more than one rule, that output is set to the highest (maximum) truth-value of all the rules that include it as a consequence.The result of the rule evaluation is a set of fuzzy conclusions that reflect the effects of all the rules whose truth values are greater than zero [21].The fuzzy conclusion process goes through the stages of fuzzification of inputs and output, application of fuzzy operation and implication, aggregation method [6].
Step 5 (defuzzification to a crisp RPN).The result of fuzzy operations is a fuzzy number and in some situations a single scalar quantity is needed as an output.To establish how risky the airport is and prioritize its failure modes, it is required to convert a fuzzy number into a crisp value.The defuzzification process is required to decipher the meaning of the fuzzy conclusions and their membership values, and resolve conflicts between differing results, which may have been triggered during the rule evaluation [21].There are several available defuzzification methods for this purpose in the literature.Weights mean of maximum (WMOM), centroid method (or center of area, COA), and a-cut methods are the most common defuzzification methods [28,29].This paper adopts the "WMOM" method whose formula is where : the number of quantified risk conclusions;   : the support value at which the th membership function reaches its max value;   : the degree of truth of the th membership function; : the weighted mean of maximum conclusion.
The  value represents crisp ranking from the fuzzy conclusion set.In this paper it is defined as RPN.
Step 6 (generation of weights of , , and ).The RPN method uses linguistic terms to rank the probability, severity, and detectability on a numeric scale from 0 to 100.These rankings are then multiplied with exponential weight form to give the RPN (see (1)).According to all crisp inputs of probability, severity, detectability and crisp outputs of RPN, this paper applies (1) to compute the corresponding weights (  ,   ,   ) and the constant  value.The weight value represents the importance of risk decision factors.When there are planning strategies to reduce risk in the future, the strategies to lower severity of risk should be considered first to have a greater achievement if the weight of severity is the highest.

RPN
Step 6 Step 7 Weights of P/S/D Risk assessment matrix

Risk Assessment Matrix.
Because the causes of airport airside risk are very complicated, mapping risk assessment matrix traditionally is rough and unable to define the existing risk threshold value objectively.This paper conducts questionnaire and responses from experts to construct fuzzy membership function, formulate linguistic class and evaluation criteria, and establishe expert's rules.Furthermore, this paper incorporates the weight of the decision factor through fuzzy logic method and then determines risk assessment matrix threshold value to assess the airport airside risk effectively.
Step 7 (risk assessment matrix and the threshold value).Risk assessment is the process by which operators focus on critical areas of concern and prioritize their use of resources in order to maximize the improvement efforts.In making strategic decisions, operators routinely try to predict the benefits and/or harm that might be caused by implementing or failing to implement those decisions.The Risk Assessment Matrix can be viewed as a logical extension  of that process.It provides a systematic method for assigning a risk level to a failure mode based on the probability, severity, and detectability of the occurrence.However, because the ambiguous characteristic of inputs (probability, severity, and detectability) and outputs (risk) for uncertain consequences, inputs to Risk Assessment Matrix and resulting outputs require subjective interpretation, and different users may obtain opposite ratings of the same quantitative risks.These limitations suggest that Risk Assessment Matrices should be used with caution, and only with careful explanations of embedded judgments.This paper constructs the basic structure of a Risk Assessment Matrix shown in Table 3.Although airport operators can identify the risk categorization by probability, severity, and detectability through Risk Assessment Matrix, the sequential improvement of risk items with same risk categorization cannot be determined exactly without the RPN.To solve these problems, this paper identifies the threshold value between reviewed risk and acceptable risk and the threshold value between reviewed risk and unaccepted risk through the ranking of RPN.

Case Study
Taiwan Taoyuan International Airport (TTIA) located in Taoyuan County, is the largest and busiest international airport in Taiwan.This paper uses TTIA as a case study.In order to investigate the airport airside risks occurred at TTIA, this paper conducted an in-depth survey by 5 experts (including one airline practitioner, one flyer, and three government officials).The questions include the probability, severity, detectability, and RPN using the linguistic term set {high, moderate, low}, each expert specified the value range for each term between 0 and 100, represented as a triangle fuzzy number.The step-by-step algorithm for this example is as follows.

Algorithm
Step 1 (identification of the TTIA airside risks).The TTIA airside risks as defined in Section 2 and Tables 1 and 2 were identified.
Step 2 (fuzzification of , ,  and risk).Based on the expert questionnaire, the scales and membership functions identified by triangular fuzzy number corresponding to each fuzzy linguistic variable are shown in Tables 4, 5, 6, and 7.
To fuzzify the inputs, this paper puts the probability, severity, and detectability assessment on the corresponding scale and determines the degree of membership in the corresponding fuzzy sets.Take the evaluation of ground handling risk occurring at apron-gate in the standing procedure as an example; its probability, severity, and detectability are assessed as 37, 34, and 35, respectively.Referring to (2) and Table 6, a probability of 37 means that it will have a low probability with a membership of 0.24 and a moderate probability with a membership of 0.2.Because the membership of low probability is higher than the moderate one, we assume the linguistic variable here is low.Similarly, we repeat the fuzzification procedure; the results are shown in Table 8.
Step 3 (derivation of the fuzzy rule).Through brainstorming among the experts, this paper assumes 14 fuzzy rules and these are shown in Table 9.For example, Rule J in Table 11 should be read as follows: if probability is moderate, severity is low and detectability is from high to moderate, then the risk is Low.Step 4 (evaluation to a fuzzy conclusion).Following the preceding example, Rule G, Rule H, Rule I, Rule J, Rule M, and Rule N are individually matched and fired for the 6 input combinations.To determine the truth-value of the result "Low" from Rule N we note that its premise is the conjunction of the probability = Low, severity = Low, and detectability = Low, fuzzy sets, with membership values of 0.24, 0.03, and 0.17, respectively.Thus, the conclusion, risk = Low, has a membership value of min(0.24,0.03, 0.17) = 0.03.Similarly, we can reference Tables 4-6 and repeat the evaluation procedure to yield all results shown in Table 10.
Similarly, we can repeat the defuzzification procedure to yield all weighted mean of maximum conclusions.The  value represents crisp ranking from the fuzzy conclusion set.We can define it as RPN, the overall results shown in Table 11.
Step 6 (generation of the weights of , , and ).According to crisp inputs of probability, severity, and detectability and crisp outputs of RPN in Table 11, we apply (1) to compute the corresponding weights:   = 0.15,   = 0.72,   = −0.13,and  = 5.0869.The weight value represents the importance of risk decision factors.In the assessment of airside risk occurred in TTIA, we conclude that severity of risk is much more important than probability and detectability.Therefore, when planning strategies to reduce risk in the future, strategies to lower severity of risk should be considered first to have a greater impact.
Step 7 (risk assessment matrix and threshold value).To construct the TTIA Risk Assessment Matrix, we must make sure of the relationship between decision factors and their corresponding risk levels first.Following the preceding example, the linguistic class of probability, severity, and detectability are low, moderate, and low, respectively.It conforms to Rule M in Table 9, so we determine that the risk level here is moderate.Referring to the risk level evaluation criteria, moderate, risk level means the risk must be reviewed (see Table 7).Similarly, we compute all the risk level, and complete "Risk Level" column in Table 11.Finally, this paper derived at the TTIA Risk Assessment Matrix as shown in Table 12.
Table 12 shows that the risk level increased from the lower-left side (accepted risk) to the upper-right side (unaccepted risk).Although airport operators can identify the risk categorization by probability, severity, and detectability through Risk Assessment Matrix, the sequential improvement of risk items with same risk categorization cannot be determined exactly without the RPN.In addition, based on the information in Table 11, this paper finds that the highest 9 risks all correspond to unacceptable risk category, and their RPNs are from 92.52 to 100.Hence, the threshold value between reviewed and unacceptable risk can be assumed as 92.52.Similarly, this paper can determine the threshold value between reviewed risk and acceptable risk, shown in Table 13.
The threshold value in Table 13 shows that if RPN is less than 33.5, the risk is acceptable.If RPN is between 33.5 and 92.52, the risk must be reviewed at all times.Otherwise, if RPN is more than 92.52, the risk is unacceptable and should take improvement measures to lower the risk to reasonably practicable (ALARP) extent.

Results
Analysis.We can easily analyze the airport airside risk utilizing our fuzzy assessment system described in previous sections.Table 1 shows the airside-related risks in TTIA; Table 11 shows "runway incursion-animal at runway in the landing procedure" is the most critical risk, and the airport operator must take improvement measures to lower the risk to reasonably practicable (ALARP) extent immediately.The other unaccepted risks in TTIA are "runway incursion-animal at runway in the taxi procedure, " "abnormal runway contact at terminal airspace in the takeoff procedure, " and "runway incursion-vehicle, /, or person at runway in the landing and taxi procedure" in order.Moreover, referring to the threshold value in Table 13, the highest 9 risks whose RPNs are more than 92.52 are determined as unacceptable risks; the TTIA operator must pay more attention to reducing those risks in order.Similarly, the lowest 9 risks are acceptable risks and the rest other 59 risks are should be reviewed at all time.In addition, easing the severity of risk should be considered first to have a greater achievement because of the most critical importance of it (  = 0.72 >   = 0.15 > |  | = 0.13).In order to make further analysis of risk pattern, this paper compiles statistics from Table 11 by risk category, occurrence area, and flight operation procedure, shown in Tables 14-16.
Table 15 and Figure 5 show that "runway" is the most risky area in the TTIA airside and accounts for 42% of total risk.The risk ranking of other TTIA airside area is "taxiway  system, " "terminal airspace, " "holding pad, " and "apron-gate area" in order.
Regarding the flight operation procedure where risks occurred, Table 16 and Figure 6 show that procedures on taxi (TXI) are the most dangerous stage, accounting for 37% of total risk, followed by procedures on landing (LDG).These two flight operation procedures contribute to 71% of the total risk.The risk ranking of other flight operation procedures in TTIA is takeoff (TOF), standing (STD), approach (APR), and pushback/towing (PBT).
Based upon the analysis by risk category, occurrence area and flight operations procedures above, we determine that   "RI-A" is the biggest single risk item, "runway" is the most risky area, and "TXI" and "LDG" are the most dangerous stage in TTIA.This result conforms to the overall analysis conclusion that the greatest risk is "runway incursion-animal at runway in the landing procedure" (see Table 11).

Conclusions
A fuzzy logic-based FMECA technique was developed in this paper and applied to analyze a case study of TTIA airside risk using vague, qualitative, or imprecise information.The approach presented resolves the issues of weighting of risk factors and threshold value in risk assessment matrix in traditional methods of risk assessment and conclude that "runway incursion-animal at runway in the landing procedure" is the most critical risk item; "runway" is the most risky area; and "TXI" is the most risky flight operation procedure.We also conclude that risk is unacceptable if its RPN is more than 92.52, and severity is the most critical factor to eliminate the risk.
Further studies should be undertaken to analyze the failure mode effects on each risk item in detail and plan the improvement measures according to the importance of decision.

Figure 1 :Figure 2 :
Figure 1: Frame work of the risk assessment.

Table 1 :
Airport airside risk items.Acronyms are defined in Table2.

Table 2 :
Risk item, failure mode (FM) code, and definition.
(any landing or takeoff involving abnormal runway or landing surface contact) ADRM FM2 Aerodrome (aerodrome design, service, or functionality issues are evident) ATM FM3 Air traffic management (ATM) or communications/navigation/surveillance (CNS) service issues are evident CFIT FM4 Controlled flight into or toward terrain (in-flight collision or near collision with terrain, water, or obstacle without indication of loss of control) F-NI FM5 Fire/smoke (nonimpact) (fire or smoke in or on the aircraft, in flight, or on the ground, which is not the result of impact) RAMP FM6 Ground handling (occurrences during or from ground handling operations) GCOL FM7 Ground collision (collision while taxiing to or from a runway) ICE FM8 Icing (accumulation of snow, ice, or frost on aircraft surfaces that adversely affects aircraft control or performance) LOC-G FM9 Loss of control-ground (loss of aircraft control while the aircraft is on the ground) RE FM10 Runway excursion (a veer off or overrun off the runway surface)

Table 3 :
Structure of risk assessment matrix.

Table 7 :
Risk level evaluation criteria.

Table 8 :
Membership of linguistic class.

Table 10 :
Evaluation to a fuzzy conclusion-example.

Table 13 :
Threshold value of the risk assessment matrix.