Modeling Conflicts of Multiple Independent Alerting Systems Lixia Song James K. Kuchar Massachusetts Institute of Technology.

Slides:



Advertisements
Similar presentations
Its Good To Squawk! Why YOU should always Squawk Mode C.
Advertisements

Building a Cradle-to-Grave Approach with Your Design Documentation and Data Denise D. Dion, EduQuest, Inc. and Gina To, Breathe Technologies, Inc.
Acknowledgements to Jim Kuchar
Nationaal Lucht- en Ruimtevaartlaboratorium National Aerospace Laboratory NLR CXXX-1A Free Flight with Airborne Separation will result in an uncontrolled,
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 3 Presentation 1.
Continuous Climb Operations (CCO) Saulo Da Silva
M I T I n t e r n a t i o n a l C e n t e r f o r A i r T r a n s p o r t a t i o n Influence of Structure on Complexity Management Strategies of Air Traffic.
Investigation of Utility-Based Alerting Lee Winder Jim Kuchar International Center for Air Transportation MIT FAA/NASA Joint University Program FAA Technical.
Chapter 14 Schedule Risk Management Dr. Ayham Jaaron Second Semester 2010/2011.
Introduction The Traffic Alert and Collision Avoidance System (TCAS) is an airborne system that interrogates transponders in other aircraft. From the replies.
Lecture 9: Ground Proximity Warning System (GPWS)
Introducing Structural Considerations into ATC Complexity Metrics Jonathan Histon & Prof. R. John Hansman JUP Meeting, April 5-6, 2001.
Confidential This document contains trade secrets, financial, commercial, scientific, technical or other confidential information, the further disclosure.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Design of a Certifiably Dependable Next- Generation Air Transportation System Stephen A. JacklinMichelle M. Eshow Michael R. LowryDave McNally Ewen Denny.
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
© Cranfield University 2009 Towards a Framework of Sales Performance Measurement Effectiveness Peter Kerr, Javier Marcos-Cuevas Cranfield School of Management.
Authors: Amy R. Pritchett, Scottie-Beth Fleming Presented by: Rachel A. Haga Cognitive Engineering Center, Georgia Tech 32 nd DASC, Oct. 9, 2013 Pilot.
Examining Operations Coupling Autoflight To ADS-B Targets In High Traffic Density Rachel Haga Amy Pritchett, Ph.D. DASC 2014.
Traffic Alert and Collision Avoidance System TCAS
TCAS Basics Capt Craig Hinkley. 2 TCAS HISTORY  Two planes collided over the Grand Canyon  Alternative airborne version using transponders.
Improving the TCAS System: A Work Domain Analysis Approach (TCAS: Traffic Alerts and Collision Avoidance System) Course: COG SCI 600 Instructor: Prof.
Interoperability of Airborne Collision Avoidance Systems Lixia Song James K. Kuchar Massachusetts Institute of Technology.
By Saparila Worokinasih
© 2003 The MITRE Corporation. All Rights Reserved. Cockpit Display of Traffic Information (CDTI) Enhanced Flight Rules (CEFR) Randall Bone October 7, 2003.
MIT ICAT MIT ICAT D ECISION- S UPPORT FOR E NHANCING A VIATION W EATHER I NFORMATION S YSTEMS AND S AFETY.
Massachusetts Institute of Technology 4 April 2003
ASSTAR User Forum #1 Rome 4th April 2006 ASAS-TN2 Second Workshop ASSTAR Safety Approach and Preliminary Issues Dr Giuseppe GRANIERO, SICTA
Computerised Air Traffic Management Tools - Benefits and Limitations OMAR BASHIR (March 2005)
Presented to: By: Date: Federal Aviation Administration Minimum Safe Altitude Warning November 19, 2008 Glenn W. Michael Air Traffic Manager, Boston ARTCC.
MIT ICAT MIT ICAT 1October 17, 2002 Exploring the Envelope of a Modified 3° Decelerating Approach for Noise Abatement Liling Ren & John-Paul Clarke October.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
An Automated Airspace Concept for the Next Generation Air Traffic Control System Todd Farley, David McNally, Heinz Erzberger, Russ Paielli SAE Aerospace.
Chapter 16 Problem Solving and Decision Making. Objectives After reading the chapter and reviewing the materials presented the students will be able to:
Lecture 9: Ground Proximity Warning System (GPWS)
Ecological Interface Design in Aviation Domains Improving Pilot Trust in Automated Collision Detection and Avoidance Advanced Interface Design Laboratory.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Chapter 19 Verification and Validation.
Lecture 10: Traffic alert and Collision Avoidance System (TCAS)
Objectives Students will be able to:
Cognitive Engineering Perspective of ASAS Amy Pritchett Cognitive Engineering Center School of Aerospace Engineering Georgia Tech Atlanta, GA.
Lecture 9 Ground Proximity Warning System (GPWS) Radio Aids & Navigational System.
“ A location on an aerodrome movement area with a history or potential risk of collision or runway incursion, and where heightened attention by pilots/drivers.
WHAT IF ANALYSIS USED TO IDENTIFY HAZARDS HAZARDOUS EVENTS
USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Java class User: - getExpectation() - checkExpectation() FAULTY EXECUTION start incrMCPAlt pullAltKnob.
Low Level Flying And Special Use Airspace Capt John Withelder.
13-1 McGraw-Hill/Irwin ©2006 The McGraw-Hill Companies, Inc., All Rights Reserved CHAPTER THIRTEEN Multiple Parties and Teams.
COMPUTER SCIENCE AND AIRPLANES - TRAFFIC COLLISION AVOIDANCE SYSTEM (TCAS) YIXIN ZENG.
1 Roma, 3-5 April 2006 – ASAS TN2, 2 nd Workshop, Session 1 – When ASAS meets ACAS When ASAS meets ACAS Thierry Arino (Sofréavia, IAPA Project Manager)
The air traffic controller’s perspective on runway incursion hazards and mitigation options Session 2 Presentation 1.
M I T I n t e r n a t i o n a l C e n t e r f o r A i r T r a n s p o r t a t i o n Impact of Operating Context on the Use of Structure in Air Traffic.
(Enhanced) Traffic Collision Avoidance System
Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.
Lecture 10: Traffic alert and Collision Avoidance System (TCAS)
Lecture 10: Traffic alert and Collision Avoidance System (TCAS)
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Workshop on preparations for ANConf/12 − ASBU methodology
Continuous Climb Operations (CCO) Saulo Da Silva
Workshop on preparations for ANConf/12 − ASBU methodology
Workshop on preparations for ANConf/12 − ASBU methodology
Air Carrier Continuing Analysis and Surveillance System (CASS)
Continuous Climb Operations (CCO) Saulo Da Silva
The air traffic controller’s perspective on runway incursion hazards and mitigation options Session 2 Presentation 1.
The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 2 Presentation 2.
The air traffic controller’s perspective on runway incursion hazards and mitigation options Session 3 Presentation 3.
The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 3 Presentation 1.
The pilot and airline operator’s perspective on runway incursion hazards and mitigation options Session 2 Presentation 2.
Safety Risk Management (SRM) Process Overview
Knowing When to Stop: An Examination of Methods to Minimize the False Negative Risk of Automated Abort Triggers RAM XI Training Summit October 2018 Patrick.
Workshop on preparations for ANConf/12 − ASBU methodology
Presentation transcript:

Modeling Conflicts of Multiple Independent Alerting Systems Lixia Song James K. Kuchar Massachusetts Institute of Technology

Why Implement Multiple Alerting Systems  Existing systems intended for specific roles, new alerting systems have been introduced to provide additional protection in new applications (TCAS/AILS)  Different timescales GPWS vs. EGPWS TCAS vs. ATC conflict probe  Due to cost and certification issues, the new systems have been introduced independently rather than modifying and enhancing an existing system (GPWS/EGPWS)

Multiple Alerting Systems Environment Controls Nominal information sources DisplaysSensors Displays System 1 Sensors Displays System 2 Process Human Alerting logic and/or Decision aiding Alerting logic and/or Decision aiding

Conflict  Dissonance between human and automation  Difference between an alerting system’s decision and a human operator’s internal model of a threat situation  Pritchett and Hansman explored the concepts  Dissonance between two or more alerting systems  Each system uses different set of sensors  Different logic for  Alert stage  Resolution guidance  Different displays

Undesirable Effects of Conflicts  Human vs. Automation  Increased delay in taking action  Failure to take action at all  Implementing an action contrary to the automation command  Automation vs. Automation  Same as above  Overloading or confusing the human  Long-term  Distrust of automation in the future

Methods to Mitigate Alert Conflicts  To date, the conflict issue has been largely managed through prioritization  Inhibit one of the alerts  Problem when both alerts are valid  Procedurally prevent conflict (aircraft flight path restriction)  Modify air traffic control procedures to reduce the likelihood of a simultaneous TCAS alert and parallel traffic alert  Training the pilot  Training may fall short (two accidents of Boeing B757 aircraft in 1996)  Modify system design to reduce impact/frequency of conflicts  Need a more formal method to identify the potential of dissonance and develop the mitigation method

High Level Overview of Conflict Types Alert Systems Threat Level (or resolution command) A B None (climb) Moderate (descend) Extreme (turn climb) Environment Dissonance may occur whenever a given state maps into two different alert stages or two different resolution commands or when the time-derivatives of these mappings differ

State-space Model for Multiple Alerting Systems

Alerting Systems Conflict Types Static Conflict and Dynamic Conflict

Human Factor Issues  Work to date has focused on mathematical identification of when information from each system disagrees. Also critical is determining:  How much difference between the information provided to the human operator may result in dissonance  How rapidly systems must change for dynamic dissonance to occur  Human operator’s internal model of the threat situation

Preliminary Human Factor Study =0 =1=2 (0, 0) (1, 1) (2, 2) (0, 1) (1, 2) (0, 2) No at all confident Highly confidence Difference are statistically significant (p<0.05) Also investigating dynamic effects static alert stage with 90%--90% N=8

One-Dimensional Example(1) Own Aircraft Other aircraft System 1: System 2: TCAS-like logic:command decelerate if time to impact < threshold Simple proximity logic: command accelerate if range > threshold (, ) Own Aircraft(trail) has two systems :

One-Dimensional Example(2) ---system logic

One-Dimensional Example(3) ----static conflict conditions

One-Dimensional Example(4) ----possible dynamic conflict

Restrictions on the Model  Hard to describe and analyze complicated logic  Assumes/Requires functional relationship between states and alert output  Hard to present results and describe behavior  Multidimensional case  Identification of conflict sets depends on human factors issues

Petri Nets ---A Formal Method  To express the system logic  Capture temporal behavior  Better represents modes/stages  To find the conflict conditions between system logic  To find controls to avoid dynamic conflict  To avoid situations leading to dynamic conflict

An Example of Multiple Alerting Systems Model Using Petri Net h V On Off On Off X1 X0 R<R2 R2<R<R1 R>R1 V0=K1 Speed up V0=K2 Slow down System 1 System 2 Dynamic process

Concept of Safety in Petri Nets  A process is “unsafe” when it reaches certain undesired states  The safety verification problem is determining whether a sequence of control may lead the system from any initial condition to any potentially unsafe condition within certain time  For multiple alerting systems, use petri net to find situations leading to conflict and design optimal control to avoid entering the conflict region within certain time  Plan to apply PNs to example aviation problem(e.g. TCAS & Airborne Conflict Management)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.