Send Orders of Reprints at reprints@benthamscience.

net

The Open Transportation Journal, 2013, 7, 27-42 27

Open Access
An Intelligent Railway Safety Risk Assessment Support System for
Railway Operation and Maintenance Analysis
Min An*, Wanchang Lin, and Sheng Huang

School of Civil Engineering, The University of Birmingham, Birmingham B15 2TT, UK

Abstract: The paper presents the development of an intelligent railway safety risk assessment based support system. The
proposed method can evaluate qualitative and quantitative safety risk data and information in a uniform manner for
railway safety risk assessment. It permits the safety risk analysts to assess the risks associated with the failure modes
directly using linguistic terms, i.e. qualitative descriptors. The proposed intelligent railway safety risk assessment system
is capable of assessing the risks at component level, sub-system level and system level. It can assess not only “hard” risks
(e.g. risks of a system), but also “soft” risks (e.g. staff risks). The outcomes of safety risk assessment are represented in
two formats, risk score and risk category with a belief of percentage, which provide very useful safety risk information to
railway designers, operators, engineers and maintainers for risk response decision making. An illustrative example of staff
risk assessment in a railway depot is used to demonstrate the proposed intelligent railway safety risk assessment system.
The results indicate that by using the proposed system, risks associated with a railway depot can be assessed effectively
and efficiently.
Keywords: Railway safety, safety risk assessment, fuzzy reasoning approach, qualitative descriptors, staff safety risk
assessment.

1. INTRODUCTION Railway safety is a very complicated subject, which is

determined by numerous aspects including human error.
Railways are by far one of the safest means of ground
Many of the railway safety assessment techniques currently
transportation, especially for their passengers and
used are comparatively mature tools [2, 4, 6, 8-10].
employees. However, there are serious issues involved in
However, in many circumstances, the application of these
both maintaining this position in reality and sustaining the
tools may not give satisfactory results because the safety risk
public perception of railway safety excellence [1-3]. The UK
data are incomplete or there is a high level of uncertainty
railway now finds itself in a situation where actual and involved in the safety risk data. Therefore, it is essential to
perceived safeties are real issues, to be dealt with in a new
develop new safety risk analysis methods to identify major
public culture of rapid change, short-term pressures, and
hazards and to assess the associated risks in an acceptable
instant communications [4, 5].
way under various environments where such mature tools
The risk, in the railway industry, can be defined in cannot be effectively or efficiently applied. The safety
relation to accidents and incidents leading to fatalities or information produced should be in a form to aid decision-
injuries of passengers and employees. Recent structured making purpose. If risks are high, risk reduction measures
hazard identification work within the industry has confirmed must be applied and the operation and maintenance standards
the high-risk scenarios of the types of accidents, such as should be reassessed to reduce the occurrence probabilities
collision, derailment and fire [4, 6, 7]. This shows the and/or to control the possible consequences. If risks are
dangerous nature of the railway industry and demonstrates negligible, no actions are required but the information
the need for increased awareness and better safety produced needs to be recorded for audit purpose.
management. There are many possible causes of risk through
The quantified risk assessment (QRA) approaches such
operation and maintenance of vehicles and rail infrastructure
as fault tree analysis (FTA), event tree analysis (ETA) and
and also from outside the railway such as vandalism and
equivalent annual fatality analysis (EAF) are currently used
road incidents. Specifically, in the modification and
in railway safety risk analysis [4, 6, 10], but often do not
maintenance of plain line, the largest number of serious
effectively handle with uncertainty of information as they
incidences are from derailments and vehicles fouling rely heavily on the supporting statistical information that
infrastructure such as station platforms. There are many
may not be available. Collecting sufficient data on which to
combinations of potential causes, each involving several
base a statistical probability of the failure is a costly and
disciplines and work-groups.
difficult undertaking, and the relevance of data to any
particular system, as well as its validity, is often questionable
[1, 11]. Furthermore, in many situations, the data of
*Address correspondence to this author at the School of Civil Engineering, The probability of failure of a system do not exist and it must be
University of Birmingham, Edgbaston, Birmingham B15 2TT, UK; Tel: estimated based on the expert knowledge and experience or
+44-121-414-5146; Fax: +44-121-414-3698; E-mail: [email protected]
engineering judgement from similar items. In this context, a

1874-4478/13 2013 Bentham Open

28 The Open Transportation Journal, 2013, Volume 7 An et al.

safety risk model using fuzzy reasoning-based approach may A = {( x, μ A ( x)) | x
U } (1)
be more appropriate to analyse the risks of the system where
there is incomplete safety risk information [3, 12, 13]. A where
A(x) is called the MF of x in A that takes values in the
fuzzy reasoning approach allows imprecision or approximate interval [0, 1]. The element x is characterised by qualitative
information in its analysis process, which helps to restore descriptors, for example, in railway safety risk assessment,
integrity to safety risk analysis. The fuzzy reasoning one may often use such qualitative descriptors to present the
approach can handle imprecision, ambiguous, qualitative FP as Improbable, Remote, Unlikely, Possible, Likely and
information and quantitative data in a uniform manner. It Frequent; one may often use such qualitative descriptors to
allows the safety risk analyst to evaluate the risk associated describe the CS as Minor, Major, Severe and Fatal; and
with the failure modes directly using qualitative descriptors qualitative descriptors such as Low, Possible, Substantial
that are more expressive and natural to describe the risk and High are used to describe the RL. Various types of MFs
issues in railway safety risk assessment [14-16]. can be used, including triangular, trapezoidal, generalized
bell shaped, and Gaussian functions [8]. However, the
The paper presents an intelligent railway safety risk triangular and trapezoidal MFs are the most frequently used
assessment system using a fuzzy reasoning approach. This in safety risk analysis practice [1-3, 11-13].
system provides a structured way of combining the
qualitative information with quantitative information from Let U be the universe of discourse U = [0, u] . A
all available sources to facilitate safety risk analysis. The rest triangular MF can be defined as A = {a, b, c}
of the paper is organised as follows. In section 2, the
fundamentals of fuzzy reasoning approach are described. 0, xa
The basic concepts of fuzzy set, membership function (MF), x
a
fuzzy operation, fuzzy IF-THEN rule and fuzzy inference  , axb
b
a
system are outlined. Section 3 presents a methodology for f (x; a, b, c) =  (2)
the railway safety risk assessment using a fuzzy reasoning c
x , bxc
approach. The risk factors, such as failure probability (FP), c
b
consequent severity (CS), and risk level (RL) are discussed 0, cx

in terms of qualitative descriptors and how these qualitative
descriptors are characterised within the MFs. The where three parameters {a, b, c} with satisfaction of the
relationship between the risk factors and the RLs is relationship a
b
c determine the x coordinates of three
addressed by the fuzzy IF-THEN rules base, which is based corners of a triangular MF.
on engineering judgement and expert knowledge. Section 0
describes the implementation of the proposed intelligent Let U be the universe of discourse U = [0, u] . A
railway safety risk assessment system. The structure of trapezoidal MF can be defined as A = {a, b, c, d}
software is illustrated in block diagram and the function of
each module is also presented in this section. In addition, the 0, xa
methodology of processing uncertainty in risk analysis is x
a
also discussed, which two pseudo codes are given to help the  , axb
b
a
implementation of such processes. The proposed system not 
only assesses the RL of a single failure event of a railway f (x; a, b, c, d) = 1 bxc (3)
component, but can also assess the risks at subsystem and d
x
system levels based on a set of failure events. An illustrative  , cxd
example of the staff safety risk assessment of a railway depot d
c
is presented in section 5 to demonstrate the effectiveness of 0, dx
the proposed intelligent system in railway safety risk Similarly, where four parameters {a,b,c,d} with
analysis. The results of the safety risk assessment in the case
satisfaction of the relationship a
b
c
d determine the
example are represented as risk scores, located in a defined
range, and risk category with a belief of percentage. Finally,
x coordinates of the four corners of a trapezoidal MF. The
section 6 gives conclusions and a summary of main benefits triangular and trapezoidal MFs are shown in Fig. (1).
of using fuzzy reasoning approach in the railway safety risk A MF indicates the degree of preference. It should be
assessment process. noted that a numerical value, a range of numerical values and
2. FUZZY REASONING APPROACH a triangular MF can be converted as simplified trapezoidal
MFs, for example, when a = b = c = d , a MF is a numerical
Fuzzy reasoning approach possesses the ability to mimic value; when a = b and c = d , a MF is a range of numerical
the human mind to effectively employ modes of reasoning values; when b = c , a trapezoidal MF becomes a triangular
that are approximate rather than exact. It enables the safety MF.
risk analyst to specify mapping rules in terms of qualitative
expression rather than numbers and approximate function 2.2. Fuzzy Operations
rather than exact reasoning. The union (“or”) and intersection (“and”) are two fuzzy
2.1. Fuzzy Sets and Membership Functions operations, which are widely used in the safety risk
assessment. The union of A and B , denoted by A
B or A
Fuzzy set was originally introduced by Zadeh [17]. A
fuzzy set A on a universe of discourse U is defined as a set of OR B, contains all elements in either A or B, which is
ordered pairs [14, 17-19].
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 29

µ(x) Triangular MF µ(x) Trapezoidal MF

1 1

0 0
a b c a b c d
Fig. (1). Illustration of triangular and trapezoidal MFs.

calculated by the maximum operation and its MF is defined fuzzy reasoning system, human knowledge has to be
as: represented in the form of the fuzzy IF-THEN rules (Eq.
(6)). There are three major properties of fuzzy rules that are
μ A
B (x) = max{μ A (x), μ B (x)} (4)
outlined as follows [2, 20].
The intersection of A and B , denoted by A
B or A 1. A set of fuzzy IF-THEN rules is complete if for any
AND B, contains all the elements that are simultaneously in x
U , there exists at least one rule in the fuzzy rule
A and B, which is obtained by the minimum operation and its base, say rule Ri in the form of Eq. (4), thus
MF is defined as
μ A
B (x) = min{μ A (x), μ B (x)} (5) μ Ai (x j )
0 (7)
j

2.3. Fuzzy IF-THEN Rule for all j = 1, 2,…, n . Intuitively, the completeness of
Fuzzy reasoning approaches are rule-based a set of rules means that at any point in the input
methodologies constructed from human knowledge in the space, there is at least one rule that ‘fires’, i.e. the
form of fuzzy IF-THEN rules [3, 14, 18, 19]. A fuzzy IF- membership value of the IF part of the rule at this
THEN rule is a statement in which some words are point is non-zero.
characterised by continuous MF. For example, the following 2. A set of fuzzy IF-THEN rules is consistent if there are
is a frequently used fuzzy IF-THEN rule in railway safety no rules with the same IF parts, but different THEN
risk assessment. parts.
IF FP is likely and CS is fatal, THEN RL of the failure 3. A set of fuzzy IF-THEN rules is continuous if there
event is high. do not exist such neighbouring rules whose THEN
where likely, fatal and high are qualitative descriptors part fuzzy sets have empty intersection, i.e. they do
characterised by MFs. not intersect.
A fuzzy rule base consists of a set of fuzzy IF-THEN 2.4. Fuzzy Inference System
rules. Consider the input space U = U1
U 2


U n  R n The railway safety risk assessment system consists of
and the output space V
R . Only the multi-input-single- two subsystems: fuzzy inference system (FIS) and user
output case is considered here, as a multi-output system can interface system. Fuzzy inference is to map from a given
always be decomposed into a collection of single-output input to an output using fuzzy logic. The mapping provides a
systems. Specifically, the fuzzy rule base comprises the basis from which decisions can be made on the basis of both
follow fuzzy IF-THEN rules of qualitative and quantitative information. The process of
fuzzy inference involves the developments of qualitative
Ri : IF x1 is A1i and … and x j is Aij and … and xn is Ani , descriptors, MFs, fuzzy logic operations and fuzzy rule base
[21-23]. The FIS as shown in Fig. (2) consists of four
THEN y is Bi
components: the fuzzy rule bases, fuzzification, fuzzy
i = 1, 2,..., r ; j = 1, 2,..., n (6) inference engine and defuzzification.
2.4.1. Fuzzy Rule Base
where Ani and Bi are the fuzzy sets in U
R and V
R ,
respectively, and x = (x1 , x2 ,…, x x )T
U and y
V are the The development of the rule base involves various
knowledge acquisition techniques to produce a body of
input and output qualitative descriptors of the fuzzy information that could be useful in developing fuzzy
reasoning system, respectively. Owing to their concise form, qualitative descriptors and their associated MFs to qualify
fuzzy IF-THEN rules are often employed to capture the RLs. For many practical situations, several approaches can
imprecise modes of reasoning that play an essential role in be used to gather information and knowledge required in
the human ability to make decisions in an environment of deriving fuzzy rules. The knowledge acquisition
uncertainty and imprecision. Therefore, in the proposed methodologies used in this study include (a) historical data
30 The Open Transportation Journal, 2013, Volume 7 An et al.

Fuzzy Inference
Inputs Fuzzification Defuzzification Outputs
Engine

Rule Base

Fig. (2). Fuzzy inference system (FIS).

analysis, (b) failure analysis, (c) concept mapping, and (d) where μ Bi (y) is the MF of conclusion part of a fuzzy
domain human expert experience and engineering
knowledge analysis. These techniques are not mutually rule and μimpi (y) is the MF of the truncated fuzzy set
exclusive, and a combination of them is often the most after implication.
effective way to determine the rule base [3, 11, 13].
• Aggregation. Aggregation is the process in which the
2.4.2. Fuzzification truncated fuzzy sets that represent the implication
The fuzzification converts input values into the outputs of each rule are aggregated into a single fuzzy
corresponding fuzzy MF values. It determines the degrees of set. The aggregation using fuzzy union (maximum)
input values belonging to each of the appropriate fuzzy sets operation can by obtain by
by MFs. μagg (y) = max{μimp1 (y), μimp2 (y),
, μimpr (y)} (11)
2.4.3. Fuzzy Inference Engine
where μagg (y) is the MF of the fuzzy set after
• Evaluation of Fuzzy Rule. Once inputs have been
fuzzified, these fuzzified values are employed to each aggregation.
rule to find out whether the rule will be fired. If a rule 2.4.4. Defuzzification
has true value in its premise, it will be fired and then
contributes to the conclusion part. If the premise of a On the basis of the aggregated fuzzy set, defuzzification
given rule has more than one part, the fuzzy operator calculates the defuzzified value, which is a crisp value,
is applied to evaluate the composite firing strength of standing for the final result of the fuzzy inference. The
the rule. Considering the i-th rule has two parts in the centroid of area method, which determines the centre of
premise gravity of an aggregated fuzzy set, is the most frequently
used method in the fuzzy reasoning systems [3, 8, 11, 13,
Ri : IF x1 is A1i and x2 is A2i , THEN y is Bi 23], defined as
i = 1, 2,..., r (8)
ydef =

μ
y
agg (y)y dy
(12)
The two parts in the premise are connected with
μ agg (y) dy
“and” and the firing strength
i can be obtained
y

using fuzzy intersection (minimum) operation where μagg (y) is the aggregated output MF.

i = min{μ Ai (x1 ), μ Ai (x2 )} (9) 3. A RAILWAY SAFETY RISK ASSESSMENT
1 2
MODEL
where μ Ai (x1 ) and μ Ai (x2 ) are the MFs of fuzzy sets
1 2
The railway safety risk assessment model as shown in
A1i and A2i . Fig. (3) includes the development of the qualitative
descriptors for representing risk inputs, i.e. FP and CS, risk
• Implication. Implication is to shape the conclusion of output, i.e. RL, and fuzzy rule base that presents the
a rule by using the firing strength obtained from the relationship between risk inputs and outputs. The qualitative
premise. In other words, the firing strength is descriptors are haracterized within fuzzy MFs. The fuzzy
implicated with the value of the conclusion MF by rule base is determined by data and failure analysis, human
using fuzzy intersection operation and the output is a expert judgement, and engineering knowledge analysis. The
truncated fuzzy set. The implication using fuzzy RL of a failure event in the railway safety risk analysis is
intersection (minimum) operation is given by determined by two risk factors, i.e. FP and CS of a failure or
μimpi (y) = min{
i , μ Bi (y)} (10) hazard event [2, 4, 6, 12, 13, 15, 16, 25, 26].
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 31

Failure Analysis
and
Other Information
Sources

Expert Fuzzy Rule Historical Data

Knowledge Bases Analysis

Risk Analysis Fuzzification Fuzzy Inference Defuzzification Risk Analysis

Input Engine Output

Input Output
Membership Membership
Function Function

Fig. (3). Railway safety risk assessment model using fuzzy inference system.

3.1. Qualitative Descriptors are used to measure a variable, they give us numbers. When
human experts are asked to evaluate a variable, they give us
If a variable can take words in natural language as its words. Hence, by introducing the concept of qualitative
value, it is called a qualitative descriptor, where the words descriptors, it enables safety risk analysts to formulate vague
are characterised by fuzzy sets defined in the universe of descriptions in natural languages in precise mathematical
discourse in which the variable is defined. A qualitative terms. This will be able to incorporate human knowledge
descriptor is characterised by (X, T, U, M) [2, 3, 15, 16]. into engineering systems in a systematic and efficient
• X is the name of the qualitative descriptor, for manner.
example, X is FP of an item. Fuzzy qualitative descriptors are extensions of numerical
• T is the set of qualitative values that X can take, for variables in the sense that they are able to represent the
example condition of an attribute at a given interval by taking fuzzy
sets as their values [1-3]. The values obtained in the
TFP = {Improbable, Remote, Unlikely, Possible, development of fuzzy qualitative descriptors are considered
Likely, Frequent} (13) as fuzzy-measuring attributes of objects, in this case, RLs.
TCS = {Minor, Major, Severe, Fatal} (14) The two fundamental parameters used to assess RL of a
railway system on a subjective basis are FP and CS.
TRL = {Low, Possible, Substantial, High} (15) Subjective assessment, for example, use of qualitative
descriptors instead of ultimate numbers in probabilistic
• U is the actual physical domain in which the terms, is more appropriate to conduct safety risk analysis on
qualitative descriptor X takes its quantitative (crisp) these two parameters, as they are always associated with
values, for example, U = [FPossible , FLikely ]. great uncertainty. Thus, these two parameters are represented
by natural languages, which can be further described by the
• M is a semantic rule that relates each qualitative value MFs. A MF is a curve that defines how each point in the
in T with a fuzzy set in U, for example, M relates input space is mapped to a membership value between 0 and
Improbable, Remote, Unlikely, Possible, Likely and 1. The fuzzy MFs are generated utilizing the linguistic
Frequent with the specific MFs of FP. Similarly, M categories identified in the knowledge acquisition and
relates Minor, Major, Severe and Fatal with the consisting of a set of overlapping curves.
specific MFs of CS, and Low, Possible, Substantial
and High with the specific MFs of RL. The FP in terms of qualitative descriptors are defined as
Improbable, Remote, Unlikely, Possible, Likely and
The concept of qualitative descriptors is important Frequent. Based on the definitions used in the Workplace
because qualitative descriptors are the most fundamental Risk Assessment (WRA) methodology [25, 26], according to
elements in human knowledge representation. When sensors
32 The Open Transportation Journal, 2013, Volume 7 An et al.

the data collected from the railway industry, Table 1 Minor Major Severe Fatal
describes the categories of FP, i.e. the number of times an 1
event occurs over a specified period of time. For example,
qualitative descriptor Remote is defined to cover the
likelihood ranging from occurring once every ten years (0.1) 0.8

to occurring once every year (1.0) and qualitative descriptor

Possible indicates likelihood ranging from occurring once
0.6
every year (1.0) to occurring once every month (10). As the F
qualitative descriptors are categorized according to WRA M
values used in WRA [25, 26], the trapezoidal and triangular 0.4
MFs are assigned to characterise these qualitative
descriptors. The qualitative descriptors Improbable and
Frequent are defined as trapezoidal MFs and others are 0.2
defined as triangular MFs as shown in Fig. (4) and Table 1
shows the MF parameters.
0
Improbable Remote Unlikely Possible Likely Frequent 0 5 10 15
1 Consequence Severity

Fig. (5). MFs of consequent severity.

0.8 The fuzzy set of RL in terms of qualitative descriptors is
defined as Low, Possible, Substantial and High [3, 12, 13,
15, 16]. Their definitions are generally similar to those
0.6 described in EN50126, EN50129, and GE/GN8561 [5, 24,
F
M
27] are listed in Table 3. The risk score is defined in a
manner that the lowest score is 0, where as the highest score
0.4
is 10. For example, qualitative descriptor Low is defined on
the basis of the risk score ranging from 0 to 1. Similar to the
0.2
input qualitative descriptors of FP and CS, the trapezoidal
MFs are used to describe the RL as shown in Fig. (6). The
result of RLs can be expressed either as risk score located in
0 the range from 0 to 10 or as risk category with a belief of
0 2 4 6 8 10 12 14 16 18 20
percentage.
Failuar Probability

Fig. (4). MFs of failure probability. 3.2. Fuzzy Rules

The CS is described as Minor, Major, Severe and Fatal Fuzzy rule base consists of a set of fuzzy IF-THEN rules. It
according to staff risk model used in WRA [25, 26]. The is the core of a fuzzy logic system in the sense that all other
definitions of qualitative descriptors about CS are given in components are used to implement these rules in a reasonable
terms of the number of fatalities, major and minor injuries and efficient manner. The fuzzy rules as described in Section 2
resulting from the occurrence of a particular hazardous event are basically built through the study of engineering knowledge,
as shown in Table 2. In this study, minor and major injuries historical incident, and accident information. The human experts
are equated to fatalities, i.e. a minor injury is equated to have a good intuitive knowledge of the system behaviour and
0.001 fatalities, a major injury to 0.01 fatalities and severe risks involved in various types of failures. As the fuzzy rules are
injury to 0.1 fatalities. The qualitative descriptors Minor and linguistic rather than numerical, they provide a natural
Fatal are defined as the trapezoidal MFs while Major and framework for expressing human knowledge. Thus, experts
Sever as triangular MFs as shown in Fig. (5). Their MF often find fuzzy rules to be a convenient way to express their
parameters are chosen according to WRA values [16, 17] knowledge about the relationship between input and output
and listed in Table 2. variables. These sources are not mutually exclusive and a

Table 1. Qualitative Descriptors of Failure Probability

Qualitative Descriptors Description Likelihood (Event/Year) WRA Value MF Parameters

Improbable <1 in 100 years/ extremely unlikely <0.01 1 0, 0, 1, 5 (Trapezoid)

Remote 1 in 10 years to 1 in 1 year 0.1-0.3 5 1, 5, 7 (Triangle)
Unlikely 1 in 1 year to 1 in 10 years 0.3-1 7 5, 7, 11 (Triangle)
Possible 1 in 1 year to 1 in 1 month 1-10 11 7, 11, 15 (Triangle)
Likely 1 in 1 month to 1 in 1 week 10-50 15 11, 15, 17 (Triangle)
Frequent >1 in 1 week >50 17 15, 17, 20, 20 (Trapezoid)
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 33

Table 2. Qualitative Descriptors of Consequent Severity

Qualitative Descriptors Description Equivalent Fatalities (EF) WRA Value MF Parameters

Minor < 3 days off work 0.001 1 0, 0, 1, 5 (Trapezoid)

Major Between 3 days and 1 months off work 0.01 5 1, 5, 7 (Triangle)
Severe > 1 month off work 0.1 7 5, 7, 12 (Triangle)
Fatal Fatality 1 12 7, 12, 15, 15 (Trapezoid)

combination of them is often the most effective way to The importance of fuzzy IF-THEN rules stems from the
determine the rule base. fact that human expertise and knowledge can often be
represented in the form of fuzzy rules [2, 3, 12, 13]. Rules
1
Low Possible Substantial High
based on these types of qualitative descriptors are more
natural and expressive than numerical numbers and
calculations. The fuzzy rules also allow quantitative data
0.8
such as the FP, and qualitative or judgemental data such as
severity of consequence to be combined in a uniform manner
for the RL.
0.6
F
4. IMPLEMENTATION OF THE INTELLIGENT
M RAILWAY SAFETY RISK ASSESSMENT SYSTEM
0.4 4.1. System Module Structure
An intelligent railway safety risk assessment system
0.2
based on the proposed approach has been developed. The
system has been written for a PC platform in C++ and
operates under Windows 98, 2000, 2007 and XP. The
0
modular structure of the proposed intelligent system is
0 1 2 3 4 5 6 7 8 9 10
Risk Level shown in Fig. (7), which consists of two main modules, i.e.
fuzzy inference system (FIS) and Graphical user interface
Fig. (6). MFs of risk level. (GUI):
Several factors also have an influence in developing the 1. Fuzzy inference system
fuzzy rule base as follows [2, 3, 12, 13].
This module implements the FIS as described in Section
• Completeness. The fuzzy rule base should cover all 0 and consists of the following four sub-modules:
matches between inputs and outputs.
(a) Fuzzification. The fuzzification converts the crisp
• Number of rules. Although there is no general inputs of FP and CS into fuzzified inputs located
procedure for deciding the optimal number of rules, between 0 and 1 with respect to the corresponding
the decision should consider importance of MF. The input can be a numerical value or an interval
performance, efficiency of computations and choice value that indicates the input uncertainty.
of qualitative descriptors.
(b) Implication. The implication is to shape the
• Consistency and correctness. The choice of fuzzy conclusion part of fired rule from the premise part to
rules should minimise the possibility of contradiction the conclusion part of a fired or active rule by using
and unwanted interactions between the rules. the fuzzy “and” operator. Evaluation of fuzzy rules is
In this study, as FP has six qualitative descriptors and CS to determine which rule in the rule base is fired or
has four qualitative descriptors, their combination, connected not. If a rule has a true value in its premise, it will be
with “and”, leads to total twenty-four rules, as listed in Table fired and then contributed to the conclusion part.
4. These rules are subjectively defined based on the expert (c) Aggregation. Aggregation is the process to synthesize
experience and engineering judgment. For example, the rule the fuzzy sets, which represents the outputs of all fired
at bottom left of Table 4 would be expressed as follows. rules into a single fuzzy set by using fuzzy “or” operator.
IF failure probability is improbable and consequent (d) Defuzzification. Defuzzification is to convert the
severity is minor THEN risk level is low. aggregated results produced from aggregation to a
There are two parts combined through an intersection crisp output that represents the final result of fuzzy
operator “and” in the premise of the above rule. If the inference, i.e. risk score and risk categories with a
premise has a true value via an “and” operator, the premise belief of percentage.
will be fired and will contribute to the fuzzy conclusion, in 2. Graphical user interface
this case, RL. If the premise is true to some degree of
membership, then the conclusion is also true to that same This module implements the interface for the data
degree. exchange between the user and the computer, which includes
the following sub-modules:
34 The Open Transportation Journal, 2013, Volume 7 An et al.

Risk Assessment System

FIS GUI

Fuzzy Operation

Results Display
Defuzzification

Batch Process
Fuzzification

Aggregation
Implication

Rule Base
MF Setup

Display Process
Add and Delete
Change Rules

Display Final
Delete Rules
Change MFs
Delete MFs

Add Rules

Load Files

Save Files
Add MFs

Records

Results

Results
Fig. (7). Risk assessment system model structure.

(e) MF Setup. This module enables users to set up The main benefit of using this type of structure is that the
qualitative descriptors, MFs and input values. It data are completely separated from the users. This
consists of Add MF, Delete MF and Change MF independence enables modifications to be made to each of
functions for the MF construction and maintenance. the modules individually with little or no impact on the
others. This is useful if, for example, certain MFs within the
(f) Rule Base. This module contains fuzzy rules. The
system need updating, as it can be done without affecting the
construction of a fuzzy rule is based on the qualitative
descriptors developed in the MF setup module and behaviour of the other modules.
connected with “and” or “or” operator. The functions In railway safety risk assessment, the input values of FP
of Add Rule, Delete Rule and Change Rule enable the and CS are required. As stated earlier in this article, because
user to add new fuzzy rules, delete the existed fuzzy the process of risk analysis is very complex and data
rules and change the behaviours of fuzzy rules from available may be incomplete for risk assessment in many
the rule base. circumstances, it may be extremely difficult to conduct
traditional probabilistic risk analysis to assess the occurrence
(g) Fuzzy Operation. The module sets up fuzzy
likelihood of hazards and the magnitude of their possible
operations required in the FIS including fuzzy “and”,
consequences because of the great uncertainty involved. For
“or”, implication, aggregation and defuzzification.
example, assume the input value of FP is 8 as indicated by
(h) Batch Process. Users can assess the RL of a set of the vertical line as shown in Fig. (8), the input is fuzzified to
failure events and subsystems and/or a system. A set be Unlikely and Possible with a belief of 75% and 25%,
of input values can be added, changed or deleted via a respectively. These MF values are then used in safety risk
grid control by using Add and Delete Record assessment process. However, even with detailed guidelines,
functions. The establishment of a set of events can be it is often difficult to translate feelings and experience into a
saved into a text file and the file can also be loaded number that represents exactly how much more one
again into the system by using Save File and Load parameter impacts on a given event than other. In this case,
File functions. as described in the Fuzzification module, if the exact value
(i) Results Display. This module can display the results of a FP or CS is not acquired, an interval value can be used
of implication, aggregation and final RL. For as uncertain input. The uncertainty is processed in a manner
example, Display Final Results function shows the that the values near the centre of interval are assumed to be
risk score and risk categories with a belief of more certain than those near the edges, and the width of the
percentage, and Display Process Results function interval indicates the amount of uncertainty in the input. For
shows the results of implication and aggregation. example, the FP of an event is around 9 to 16 and most likely
to be 13 in the universe of (0, 20). The input values of FP are
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 35

interval as shown in Fig. (8). Therefore, the values near the For example, as illustrated in Fig. (8), the interval input
centre of interval are assumed to be more certain than those has one intersection point withMFs of Unlikely, Possible,
near the edges. Such an interval input is associated with a Likely and Frequent. As the two functions are stepwise linear
triangular MF. The points of intersection between the MF of functions, the value pairs, (5, 6), (6, 7), (7, 8), (8, 9), (9, 10),
interval input and the relevant MF of input qualitative (10, 11), (11, 12), (12, 13), (13, 14), (14, 15), (15, 16), (16,
descriptors are treated as the fuzzified inputs. As shown in 17), (17, 18), (18, 19) and (19, 20), are chosen as the initial
Fig. (8), in this case, the input of FP lies in the range from 9 values. Fifteen sessions of calculation are executed on the
to 16 and mostly to be 13 associated with a triangular MF. It basis of the fifteen pairs of the initial values to find
can be seen that the interval input has intersection points intersection points between the interval input and the
with qualitative descriptors Unlikely, Possible, Likely and qualitative descriptors Unlikely, Possible, Likely and
Frequent. It indicates that this interval input belongs to these Frequent. In this case, there are four intersection points: (10,
four categories of FP with different MF values. The values 0.24), (11.8, 0.76), (14.1, 0.71) and (15.5, 0.18). In other
of intersection points between the interval input and the words, the inputs are fuzzified to be Unlikely with a belief of
fuzzy MF are the solutions of a non-linear equation below 24%, Possible with a belief of 76%, Likely with a belief of
71% and Frequent with a belief of 18%. Similarly, the
f (x) = μ A (x)
μ B (x) = 0 (16) uncertainty associated with CS can also be traded using
where μ A (x) and μ B (x) are the MF of the interval input and equations (16) and (17). These fuzzified input values are
then used by the FIS to assess the RL.
a qualitative descriptor, respectively. The numeric analysis
approach, secant method, has been employed to calculate As described earlier in this section, the Batch Process
intersection points [14]. module deals with risk assessment from component level,
then progressing up to the subsystem level and finally to the
Assume two initial approximations p0 and p1 , the system level. The pseudo codes for risk assessment at
following equation is used to calculate the iterative solutions subsystem and/or system level are listed as follows
of f (x) = 0 : PROCEDURE system level risk assessment
f ( pk )[ pk
pk
1 ] BEGIN
pk+1 = pk
for k = 1, 2,
(17)
f ( pk )
f ( pk
1 ) REPEAT
where k is the index of iteration. Read a failure event.

Improbable Remote Unlikely Possible Likely Frequent

Run main FIS operation.
1
Get risk level of component level.
Get the aggregation results of this failure event.
0.8
Combine these aggregation results with previous one.
UNTIL reach the final failure event.
0.6
F Perform defuzzification on the combined aggregation
M results.
0.4 END
4.2. Application of the Proposed Intelligent System for
0.2 Railway Safety Risk Assessment
Some screen shots of the proposed intelligent railway
0
safety risk assessment system are shown in Figs. (9- 12). The
0 2 4 6 8 10 12 14 16 18 20 proposed intelligent system can be used to assess the risk of
Failuar Probability
a failure event with quantitative and qualitative information,
Fig. (8). MFs of failure probability. the risks of a set of failure events and sub-systems and/or a
system. Using GUI, qualitative descriptors and their MFs can
The following pseudo codes describe the uncertainty be easily set up. Based on these qualitative descriptors, the
processing: rule base can be established correspondingly. Once the
PROCEDURE uncertainty processing qualitative descriptors, MFs and rule base have been set up,
BEGIN the system is ready to process safety risk analysis. The
system consists of a number of tab pages to deal with the MF
FOR i: = 1 to No. of MFs parameter setup, rule base development, fuzzy operation
CALL: Secant-method (uncertainty input, current MF) selection, process result and final result display, which are
IF find intersection THEN described as follows.
Store them • Failure Probability Tab. Users can set up qualitative
ENDIF descriptors of FP, types of MFs and their
corresponding parameters as shown in Fig. (9). The
ENDFOR command bottoms, Add MF, Delete MF and Change
END
36 The Open Transportation Journal, 2013, Volume 7 An et al.

MF, provide editing functions for MFs development. Progress Results illustrates the results of implication
When the user enters the parameters of a MF, the and aggregation.
system will check the validity of the parameters
• Data Grid Tab. Users can add the values of FP and
automatically. If they do not satisfy the required
CS of failure events to the data grid, change or delete
conditions, an error message box will prompt the user them via this tab. These values of FP and CS, can be
to check the parameters and enter the correct
saved into a comma-separated-value (CSV) file by
parameters. The text box of Value allows the user to
pressing command button Save. When the values of
enter the value of FP. For example, when a numerical
FP and CS are needed to be exported from other data
value of 7 is input into the text box of Value and a
format, such as Excel format, into a CSV file, the
vertical line as shown in Fig. (9) in the graphical
system is able to load such a data file into the data
window of Membership Function Plot indicates such grid tab by pressing command button Load. Once the
an input. In some cases, where no exact value of FP is
values of FP and CS have been loaded into the data
known, the user can input two values separated by a
grid tab, by pressing command button Run and the RL
comma as an interval input to indicate the
of each failure event is displayed in the column of
uncertainty. The interval values will be shown in the
Risk Level as shown in Fig. (12). Also the RLs of
graphical window of Membership Function Plot with
subsystem and/or a railway system with respect to all
a triangular MF. of these failure events are computed and listed in the
• Consequent Severity Tab. This tab has the exact same column of Risk Level of System.
functions as Failure Probability Tab to set up the
qualitative descriptors and their MFs of CS. 5. AN ILLUSTRATIVE EXAMPLE: METRONET
STAFF RISK ASSESSMENT
• Risk Level Tab. Similar to Failure Probability Tab
and Consequent Severity Tab, this tab enables the An illustrative example of staff risk assessment is used to
user to set up the qualitative descriptors and MFs of demonstrate the proposed intelligent railway safety risk
RL. assessment system using fuzzy reasoning approach. The
input parameters are FP and CS of hazardous events. The
• Rule Base Tab. This tab is used to construct fuzzy outputs of safety risk assessment are the RLs of specific
rules based on qualitative descriptors of FP, CS and hazards, hazard groups and a railway depot. The hazard
RL expression. For example, when the user adds a group RLs are produced using the fuzzy reasoning approach
new rule as shown in Fig. (10), the input qualitative based on the aggregation results of each specific hazard
descriptor of Failure Probability from Inputs combo belonging to the particular hazard group. The RL of the
box can be selected and then one of qualitative values railway depot is computed based on the aggregation of the
will be added to the box of If. Similarly, the RLs of each hazard group. The format of output has two
qualitative descriptor of Consequent Severity can be forms. One is risk score located from 0 to 10 and other one is
selected and its value will be added to the If box with risk categorized as Low, Possible, Substantial and High with
a connection of OR/AND by clicking the radio a belief of percentage. The data set has been collected from
button. The above two steps are used to construct the the industry and the example has been involved to assess the
premise part of a fuzzy rule. Then an output risk to staff in a typical depot, Northumberland Park, in
qualitative value from the box of then output is, i.e. which a number of hazard groups are defined as [19, 26]
Low, Possible, Substantial and High can be selected.
Finally, by pressing Add Rule button to add the rule • Electricity: The specific hazards include arcing eye,
into rule base which will be shown in the box of arcing from 630V, attaching or removing targets,
Rules. If a rule needs to be deleted from the rule base, contact with 630V during task, contact with low
the user can select such a rule from the box of Rules voltage, gaining entry to unit, removing or inserting
and then press Delete Rule button to do so. If a rule 630 volt jumpers, walking in pit, walking near live
needs to be edited from the rule base, the user can track, and so on.
select such a rule from the box of Rules, make • Falling Objects: The specific hazards include stacked
necessary change and then press Change Rule button. items, tools and train parts.
• Project Tab. The user can choose fuzzy operations • Fire/Explosion: The specific hazards include burning
such as AND, OR, Implication, Aggregation and equipment, gas cylinder and hose leakage, ignition of
Defuzzification from the corresponding combo boxes flammable gases and ignition of flammable solvent.
as shown in Fig. (11). The text box of Name shows
• Hand Tools: The hazards include ejection of material
current project name. The user can change the project
from hand tools, entanglement with hand tools and
name on the basis of particular cases. When all of the
minor injury from hand tools.
parameters are set up, the results are then shown in
the result windows by pressing command button Run. • Health Hazards: The specific hazards include glazing,
The graphical window of Final Result shows the MFs corrosive substance, irritant substance, noise/ vibration,
of RL with the defuzzified value and its percentages particulates/dust, toxic substance, and so on.
belonging to the defined qualitative descriptors. By
• Machinery: The specific hazards include compressed air,
pressing Previous Result and Next Result buttons, the
crushing, ejection of material from machinery,
user can see the firing strength and its implication
entanglement with machinery and minor injury from
results of each rule. The graphical window of
machinery.
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 37

Fig. (9). Failure probability tab.

Fig. (10). Rule base tab.

38 The Open Transportation Journal, 2013, Volume 7 An et al.

Fig. (11) Risk level tab.

Fig. (12). Data grid tab.

An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 39

• Manual Handling: The specific hazards include changing The qualitative descriptors of FP and their MFs are
train parts, lifting loads, maneuvering loads, operating defined as Improbable, Remote, Unlikely, Possible, Likely
machinery and contacting overhead 630V jumper. and Frequent as shown in Fig. (4). The CS is described as
Minor, Major, Severe and Fatal which are characterised by
• Slips, Trips & Falls: The specific hazards include
access/egress from pit, access/egress from unit, triangular and trapezoidal MFs as shown in Fig. (5). The
qualitative descriptors of FP and CS have been used to assess
attaching/removing targets (above the pit), attaching/
RL of each specific hazard. The results are listed in Table 6.
removing targets (in the pit), descending/climbing
The qualitative descriptors of RL and their MFs are defined
stairs, driving vehicles near the pit, from height (e.g.
as Low, Possible, Substantial and High as shown in Fig. (6).
ladders), from unit during task, through opening trap
The RL of each specific hazard event obtained is represented
door/manhole, walking around depot and walking
around depot (into the pit). by a risk score ranging from 0 to 10 and the risk categories
defined in Table 3 with a belief of percentage belonging to
• Vehicle Collision: The specific hazards include collis- these categories. Table 4 gives the fuzzy rules to describe the
ion with another train, collision with plants/people relationships between the FP, CS and RL, which has been
and collision with uncontrolled movement of units. used to assess RLs of staff risks at Northumberland Park
Each hazard group is divided into specific hazards, which Depot. The hazard group RLs are produced using the fuzzy
consists of a large number of failure events. These specific reasoning approach based on the aggregation results of each
hazard events have been saved as Excel data files which can specific hazard belonging to the particular hazard group. The
be read directly by the proposed intelligent railway safety RL of the railway depot is computed based on the
risk assessment system. aggregation of the RLs of each hazard group.

Table 3. Qualitative Descriptors of Risk Level

Qualitative Descriptors Description Risk Scores MF Parameters

Low Review subject to availability. 0–1 0, 0, 1, 3 (Trapezoid)

Possible Review to be carried out and corrective action implemented. 3–4 1, 3, 4, 6 (Trapezoid)
Substantial Review and corrective action to be carried out. 6 -7 4, 6, 7, 9 (Trapezoid)
High Need immediate corrective action. 9 – 10 7, 9, 10, 10 (Trapezoid)

Table 4. Rule Base of Staff Risk Assessment

Failure Probability (FP)

Consequent Severity (CS)
Improbable Remote Unlikely Possible Likely Frequent

Fatal Possible Possible Substantial Substantial High High

Severe Low Possible Possible Substantial Substantial High
Major Low Low Possible Possible Substantial Substantial
Minor Low Low Low Possible Possible Substantial

Table 5. Risk Calculation of Hazard Groups at Northumberland Park Depot

Hazard Groups WRA Records Risk Scores Risk Categories

Electricity 380 2.56 Low: 22%, Possible: 78%

Falling Objects 32 2.56 Low: 22%, Possible: 78%

Fire / Explosion 12 1.06 Low: 97%, Possible: 3%

Hand Tools 35 2.56 Low: 22%, Possible: 78%

Health Hazards 72 4.07 Possible: 97%, Substantial: 3%

Machinery 64 4.07 Possible: 97%, Substantial: 3%

Manual Handling 178 4.07 Possible: 97%, Substantial: 3%

Slips, Trips & Falls 493 2.56 Low: 22%, Possible: 78%
Vehicle Collision 24 2.56 Low: 22%, Possible: 78%

Railway Depot: 1290 4.07 Possible: 97%, Substantial: 3%

40 The Open Transportation Journal, 2013, Volume 7 An et al.

Table 6. Risk Calculation of Specific Hazards at Northumberland Park Depot

Hazard Group Specific Hazards WRA Records Risk Scores Risk Categories

Arcing eye 2 1.06 Low: 97%, Possible: 3%

Arcing from 630V 126 1.06 Low: 97%, Possible: 3%
Attaching/removing targets 39 2.56 Low: 22%, Possible: 78%
Contact with 630V during task 38 2.56 Low: 22%, Possible: 78%
Electricity Contact with low voltage 5 2.56 Low: 22%, Possible: 78%
Gaining entry to unit 39 2.56 Low: 22%, Possible: 78%
Removing / inserting 630 volt jumpers 8 2.56 Low: 22%, Possible: 78%
Walking in pit 11 2.56 Low: 22%, Possible: 78%
Walking near live track or shoegear 112 2.56 Low: 22%, Possible: 78%
Stacked items 2 1.06 Low: 97%, Possible: 3%
Falling Objects Tools 4 1.06 Low: 97%, Possible: 3%
Train parts, etc 26 2.56 Low: 22%, Possible: 78%
Burning equipment 3 1.06 Low: 97%, Possible: 3%
Gas cylinder/hose leakage 2 1.06 Low: 97%, Possible: 3%
Fire / Explosion
Ignition of flammable gases 2 1.06 Low: 97%, Possible: 3%
Ignition of flammable solvent 5 1.06 Low: 97%, Possible: 3%
Ejection of material from hand tools 8 2.56 Low: 22%, Possible: 78%
Hand Tools Entanglement with hand tools 16 1.06 Low: 97%, Possible: 3%
Minor injury from hand tools 11 1.06 Low: 97%, Possible: 3%
Glazing 4 1.06 Low: 97%, Possible: 3%
Corrosive substance 2 1.06 Low: 97%, Possible: 3%
Irritant substance 27 4.07 Possible:97%, Substantial: 3%
Health Hazards
Noise/Vibration 12 4.29 Possible:86%, Substantial: 14%
Particulates and Dust 20 1.06 Low: 97%, Possible: 3%
Toxic substance 7 2.56 Low: 22%, Possible: 78%
Compressed air 29 4.07 Possible:97%, Substantial: 3%
Crushing 17 2.56 Low: 22%, Possible: 78%
Machinery Ejection of material from machinery 2 4.29 Possible:86%, Substantial: 14%
Entanglement with machinery 7 1.06 Low: 97%, Possible: 3%
Minor injury from machinery 9 1.06 Low: 97%, Possible: 3%
Changing train parts 65 4.29 Possible:86%, Substantial: 14%
Lifting loads 29 2.56 Low: 22%, Possible: 78%
Manual Handling Maneuvering loads 13 1.06 Low: 97%, Possible: 3%
Operating machinery 1 1.06 Low: 97%, Possible: 3%
Overhead 630V jumper 70 1.06 Low: 97%, Possible: 3%
Access/egress from the pit 15 1.06 Low: 97%, Possible: 3%
Access/egress from the unit 16 2.56 Low: 22%, Possible: 78%
Attaching/removing targets (above the pit) 76 1.06 Low: 97%, Possible: 3%
Attaching/removing targets (in the pit) 2 1.06 Low: 97%, Possible: 3%
Descending/climbing stairs 119 1.06 Low: 97%, Possible: 3%
Slips, Trips &
Falls Driving vehicle near pit 1 3.50 Possible: 100%
From height (e.g. ladders) 4 2.56 Low: 22%, Possible: 78%
From unit during task 13 2.56 Low: 22%, Possible: 78%
Through opening trap door/manhole 4 1.06 Low: 97%, Possible: 3%
Walking around depot 132 1.06 Low: 97%, Possible: 3%
Walking around depot (into the pit) 111 1.06 Low: 97%, Possible: 3%
Collision with another train 13 1.06 Low: 97%, Possible: 3%
Vehicle Collision Collision with plants/people 5 2.56 Low: 22%, Possible: 78%
Collision with uncontrolled movement of units 6 1.06 Low: 97%, Possible: 3%
An Intelligent Railway Safety Risk Assessment Support System The Open Transportation Journal, 2013, Volume 7 41

The number of WRA risk records associated with the Council (EPSRC) under Grant no. GR/S07292 with technical
Northumberland Park Depot is 1290. By using the proposed support from London Underground Ltd, Tube Lines Ltd,
intelligent system, the risk score of staff risk at the Metronet SSL, Rail Safety & Standard Board (RSSB),
Northumberland Park Depot is 4.07 and risk categories of Network Rail Ltd and Serco Assurance Ltd. Their support is
Possible and Substantial with a belief of 97% and gratefully acknowledged.
3%respectively. As can be seen from Table 5 that Health
Hazards, Machinery and Manual Handling hazard groups DISCLOSURE
have the highest risk scores of 4.07, which belongs to Part of information included in this article has been
Possible (97%) and Substantial (3%). The Fire/Explosion previously published in “doi: 10.1243/09544097JRRT34,
hazard group has the lowest risk score of 1.06 and risk Proceedings of the Institution of Mechanical Engineers, Part
categories of Low and Possible with a belief of 97% and 3% F: Journal of Rail and Rapid Transit 220(2), pp. 153-167,
respectively. 2006”.
The risks of specific hazards associated with REFERENCES
Northumberland Park Depot are listed in Table 6. The
[1] M. An, Y. Chen, and C. J. Baker, “A fuzzy reasoning and fuzzy-
hazards, for example, Noise/Vibration, Ejection of material analytical hierarchy process based approach to the process of
from machinery and Changing train parts, have the highest railway risk information: A railway risk management system”, Inf.
risk scores of 4.29 belonging to Possible and Substantial Sci., vol. 181 no. 18, pp. 3946–3966, 2011.
with a belief of 86% and 14% respectively. [2] M. An, S. Huang, and C.J. Baker, “Railway risk assessment - the
FRA and FAHP approaches: a case study of shunting at Waterloo
6. CONCLUSIONS depot”, In: Proc. Int. Mech. Engineers, Part F J. Rail Rapid
Transit, Sage Publications: London, vol. 221, no. 3, pp. 365-383,
This paper presents a proposed intelligent system for 2007.
railway safety risk assessment. The development of fuzzy [3] M. An, W. Lin, and A. Stirling, “Fuzzy-reasoning-based approach
qualitative descriptors and their MFs of FP, CS and RL to qualitative railway risk assessment”, Proc. IMechE, Part F: J.
Rail Rapid Transit, vol. 220 no. 2, pp. 153-167, 2006.
expressions to quantify RLs are discussed. The relationship [4] V. A. Profillidis, Railway Management and Engineering. Ashgate:
between the risk factors and RL expressions represented by England, 2006.
the fuzzy rules are described. [5] Railway Safety and Standard Board, Profile of Safety Risk on the
UK Mainline Railway. SP-RSK-3.1.3.11, May 2003.
The fuzzy reasoning approach offers a great potential in the [6] W. Lin, M. An and A. Stirling, “Development of railway safety and
safety risk modelling of railway systems, particularly, when the risk analysis system using fuzzy reasoning approaches”, In: 8th
safety risk data are incomplete or there is a high level of International Railway Engineering Conference (CD format),
Engineering Technics Press: Edinburgh, 2005.
uncertainty involved in the safety risk data. Safety risk analysis [7] London Underground Limited, London Underground Limited
by using fuzzy reasoning approaches can formulate domain Quantified Risk Assessment. Update 2001. 1, 2001.
human experts’ knowledge and engineering judgements. [8] J. S. Jang, C. T. Sun, and E. Mizutani, Neuro-fuzzy and Soft
Furthermore, the knowledge base can be built by transforming Computing: a Computational Approach to Learning and Machine
information from various sources in the fuzzy logic inference Intelligence. Prentice Hall, Upper Saddle River: New Jersey, USA,
1997.
process. The proposed intelligent railway safety risk assessment [9] Metronet SSL, “Framework for the Assessment of HS&E Risks”.
system can provide comprehensive results of safety risk analysis Second Metronet SSL Interim Report, 2005.
in two formats, i.e. risk score in a defined region and risk [10] R. I. Muttram, “Railway Safety's safety risk model”, Proc. Int.
categories with a belief of percentage. The risk categories Mech. Engineers, Part F: J. Rail Rapid Transit, Sage Publications:
London: vol. 216, pp. 71-79, 2002.
employ the qualitative descriptors that are more expressive and [11] M. An, W. Lin, and A. Stirling, “Railway safety risk assessment
natural way to describe the risk issues. This can promote the using fuzzy reasoning approach”, World J. Eng., vol. 2, no. 2, pp.
understanding of risks associated with a railway system. An 198–207, 2005.
illustrative example of staff risk assessment at Northumberland [12] C. J. Bouch, C. Roberts, and J. Amoore, “Development of a
Park Depot has been carried out to evaluate the performance of common set of European high-level track maintenance cost
categorise”, In: Proc. Int. Mech. Engineers, Part F: J. Rail Rapid
the proposed intelligent system. The results of the case study Transit, Sage Publications: London, vol. 224, no. 3, pp. 327-335,
demonstrated that there are benefits to be gained by using the 2010.
proposed intelligent system. The results produced from safety [13] J. B. Bowles, and C. E. Peláez, “Application of fuzzy logic to
risk assessment provide railway engineers, maintainers, and reliability engineering”, In: Proc. IEEE, Sage Publications:
London, vol. 83 no. 3, pp. 435–449, 1995.
managers with valuable information for risk response decision- [14] European Standard, EN50129, “Railway applications – safety
making. The proposed intelligent railway safety risk assessment related systems for signalling”, Comite European de Normalisation
system will provide railway safety risk analysts, operators, Electrotechnique, Brussels, May 1998.
infrastructure engineers, and managers with a method and tool [15] A. Kennedy, “Risk management and assessment for rolling stock
to improve their safety management, and set safety standards. safety cases”, In: Proc. Int. Mech. Engineers, Part F: J. Rail Rapid
Transit, Sage Publications: London, vol. 211 no. 2, pp. 67-72,
CONFLICT OF INTEREST 1997.
[16] W. Lin, M. An, and A. Stirling, “Railway safety assessment using
The authors confirm that this article content has no fuzzy reasoning approach”, In: 7th International Railway
conflict of interest. Engineering Conference (CD Format), Engineering Technics
Press: Edinburgh, 2004.
ACKNOWLEDGEMENTS [17] L. A. Zadeh, “Fuzzy sets”, Inf. Control, vol. 8, pp. 338-353. 1965.
[18] J. H. Mathews, Numeric Methods for Mathematics, Science and
The work described herein is part of a research project on Engineering. 2nd ed., Prentice Hall: Englewood Cliffs, New Jersey,
‘An intelligent safety prediction system for rail design and 1992.
[19] O. P. Yadav, N. Singh, R. B. Chinnam, and P. S. Goel, “A fuzzy
maintenance’ funded by the Physical Sciences Research logic based approach to reliability improvement estimation during
42 The Open Transportation Journal, 2013, Volume 7 An et al.

product development”, Reliab. Eng. Syst. Safety, vol. 80, pp. 63-74. [24] J. B. Bowles, and C. E. Peláez, “Fuzzy logic prioritisation of failure
2003. in a system failure mode, effects and criticality analysis”, Reliab.
[20] A. Sergaki, and K. Kalaitzakis, “A fuzzy knowledge based method Eng. Syst. Safety, vol. 50, 203–213, 1995.
for maintenance planning in a power system”, Reliab. Eng. Syst. [25] J. M. Mendel, “Fuzzy logic system for engineering: a tutorial”,
Safety, vol. 77, pp. 19-30, 2002. Proc. IEEE, vol. 83, no. 3, pp. 345-377, 1995.
[21] Railway Safety and Standard Board, Guidance on the Preparation [26] Metronet SSL, “Development of Metronet Staff Risk Model”. First
of Risk Assessment within Railway Safety Cases. Railway Group Metronet SSL Interim Report, 2005.
Guidance Note – GE/GN8561, June 2002. [27] European Standards, EN50126, “Railway applications – the
[22] L. Wang, 1997. A Course in Fuzzy Systems and Control, Prentice specification and demonstration of reliability, availability,
Hall: Englewood Cliffs, New Jersey, 1997. maintainability and safety (RAMS)” CENELEC, British Standards
[23] K. Xu, L. Tang, M. Xie, S. L. Ho, and M. L. Zhu, “Fuzzy Institute: UK, September 1999.
assessment of FMEA for engine systems”, Reliab. Eng. Syst.
Safety, vol. 75, pp. 17-29. 2002.

Received: February 3, 2013 Revised: May 4, 2013 Accepted: May 12, 2013

© An et al.; Licensee Bentham Open.

This is an open access article licensed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-
nc/3.0/) which permits unrestricted, non-commercial use, distribution and reproduction in any medium, provided the work is properly cited.