An Integrated Reasoning Framework for Vehicle Level Diagnosis of Aircraft Subsystem Faults

A framework for integrated diagnostic reasoning to detect and isolate faults in complex aircraft systems, at the vehicle level, is proposed. A Digital Twin emulating the functions of an aircraft’s selected subsystems is to be developed; this will include their input/output parameters connecting to other systems, for simulating the subsystem level interactions. The failure propagation across subsystems will be observed by injecting different faults. A diagnostic module for each subsystem will detect and isolate faults. This will be complemented by an integrated reasoner at the vehicle level which will isolate the root cause of propagated faults. On successful completion, the fully developed integrated reasoner shall distinguish an effect (for example, engine power reduction in B777 (Sleight and Carter, 2014)) from its root cause (blocked Fuel Oil Heat Exchanger (Sleight and Carter, 2014)), yielding maintenance savings and increasing dispatch reliability. 1. PROBLEM STATEMENT An aircraft is a complex machine comprising several multi-physical systems interacting with each other at various levels for its safe and efficient operation. Due to these interactions, it is possible for faults to propagate from one system to another. There are several aircraft incidents, ((Sleight and Carter, 2014), (Conradi, 2015)) which bolster the claim that faults can propagate between the subsystems, under which philosophy, this research’s problem statement is built. Also, many academic works deal with the interactions between aircraft subsystems for different applications like energy management (O’Connell et al., 2010), risk assessment in design (Fritz, 2007), and subsystems health management (Keller et al., 2006). * To isolate cascading faults is a challenging task, as they are not predicted and are only mitigated by troubleshooting activities during maintenance. Current industrial diagnostic practice focuses on automated isolation mainly at the subsystem level. It Cordelia M Ezhilarasu. This is an open-access article distributed under the terms of the Creative Commons Attribution 3.0 United States License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. is to fill this gap that Integrated Vehicle Health Management (IVHM) comes into the picture, enabling the assessment of the current and the future state of all the assets, with the goal of increased life and availability and decreased life cycle cost for the vehicle. A diagnostic reasoner, one of IVHM’s components, can take advantage of the connections between the subsystems to monitor their health at the vehicle level. This can save significant time and cost involved in Maintenance, Repair and Overhaul (MRO) and increase the dispatch reliability. With this context, this research aims to showcase the potential of a reasoning system at the vehicle level by deploying an integrated diagnostic reasoner over a digital twin emulating the subsystems of an aircraft, to isolate the single electrical and mechanical faults which have propagated between the subsystems. 2. EXPECTED CONTRIBUTIONS The research will involve developing a digital twin (the complex system) and a diagnostic module (the reasoning system) for multiple subsystems and a toplevel reasoner integrating all the subsystem’s reasoning systems. The system will have multiphysical functionality as well as a local and a global control system. The control system is assumed to be healthy at all times and only mechanical and electrical faults under single fault modes will be considered. Contribution 1 – Modeling the Complex System: A Digital Twin is a virtual representation of any physical or functional asset that helps in monitoring the efficiency of the asset. Further, it enables exploration of effect of failures in different scenarios. To develop a digital twin of the subsystems of an aircraft, the Propulsion System (PS), and the Environmental Control System (ECS) are chosen; the Fuel System (FS) is chosen as Hardware in the Loop (HIL). These systems are selected, to demonstrate the framework of system level interactions while keeping with the PhD timeline. Besides, in order to enable better demonstrate faults involving multiple systems, and to give a multi-physical dimension to the research problem, the Electrical Power System (EPS) and the Control System (CS) are selected, in addition to the PS, the ECS and the FS of the aircraft for


PROBLEM STATEMENT
An aircraft is a complex machine comprising several multi-physical systems interacting with each other at various levels for its safe and efficient operation. Due to these interactions, it is possible for faults to propagate from one system to another. There are several aircraft incidents, ((Sleight and Carter, 2014), (Conradi, 2015)) which bolster the claim that faults can propagate between the subsystems, under which philosophy, this research's problem statement is built. Also, many academic works deal with the interactions between aircraft subsystems for different applications like energy management (O'Connell et al., 2010), risk assessment in design (Fritz, 2007), and subsystems health management (Keller et al., 2006). * To isolate cascading faults is a challenging task, as they are not predicted and are only mitigated by troubleshooting activities during maintenance. Current industrial diagnostic practice focuses on automated isolation mainly at the subsystem level. It Cordelia M Ezhilarasu. This is an open-access article distributed under the terms of the Creative Commons Attribution 3.0 United States License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. is to fill this gap that Integrated Vehicle Health Management (IVHM) comes into the picture, enabling the assessment of the current and the future state of all the assets, with the goal of increased life and availability and decreased life cycle cost for the vehicle. A diagnostic reasoner, one of IVHM's components, can take advantage of the connections between the subsystems to monitor their health at the vehicle level. This can save significant time and cost involved in Maintenance, Repair and Overhaul (MRO) and increase the dispatch reliability.
With this context, this research aims to showcase the potential of a reasoning system at the vehicle level by deploying an integrated diagnostic reasoner over a digital twin emulating the subsystems of an aircraft, to isolate the single electrical and mechanical faults which have propagated between the subsystems.

EXPECTED CONTRIBUTIONS
The research will involve developing a digital twin (the complex system) and a diagnostic module (the reasoning system) for multiple subsystems and a toplevel reasoner integrating all the subsystem's reasoning systems. The system will have multiphysical functionality as well as a local and a global control system. The control system is assumed to be healthy at all times and only mechanical and electrical faults under single fault modes will be considered.

Contribution 1 -Modeling the Complex System:
A Digital Twin is a virtual representation of any physical or functional asset that helps in monitoring the efficiency of the asset. Further, it enables exploration of effect of failures in different scenarios. To develop a digital twin of the subsystems of an aircraft, the Propulsion System (PS), and the Environmental Control System (ECS) are chosen; the Fuel System (FS) is chosen as Hardware in the Loop (HIL). These systems are selected, to demonstrate the framework of system level interactions while keeping with the PhD timeline. Besides, in order to enable better demonstrate faults involving multiple systems, and to give a multi-physical dimension to the research problem, the Electrical Power System (EPS) and the Control System (CS) are selected, in addition to the PS, the ECS and the FS of the aircraft for modeling. The FS provides fuel at rated flow and pressure to the Engine, and when required by the ECS, the Engine provides bleed air. Engine driven generators provide electricity to the EPS, which in turn supplies electricity to the valves, pumps, and sensors in the FS in addition to the electrically driven valves in the ECS. Every subsystem communicates with the aircraft through the local and the global control system. These functions form the outline of the to-be developed Digital Twin of the aircraft, as shown in Figure 1.

Contribution 3 -Modeling the Reasoning System:
The current focus of the research is on developing the capabilities of the reasoning system. The integrated reasoner will be built on the diagnostic capability of the subsystems modeled. A combination of both model-based and data driven techniques will be used to isolate the known faults and ambiguous causes of faults will be assigned likelihoods. The diagnostic module at the subsystem level will make use of the parameters from the subsystem's digital twin and in the case of a fault, will isolate the plausible cause. The integrated reasoner will get its inputs from the subsystem level reasoners and reason through them to isolate the root cause of the fault (Figure 1).

RESEARCH PLAN
The aircraft subsystems representing a legacy B737 aircraft are to be modeled. The generic plan is to define the boundary conditions of a subsystem, model and validate its digital twin. A diagnostic module for that subsystem will be developed and integrated to the vehicle-layer reasoning platform. Faults will be injected and the reasoner validated for fault isolation. The cycle is repeated until all subsystems are modelled.
The integrated diagnostic reasoner is developed to integrate any number of modules. Choosing the correct level of complexity for the digital twin is the biggest risk in this research, as a very detailed subsystem might be time consuming, whereas a simple subsystem might not be able to demonstrate the full potential of the reasoning system. Table 1 shows the list of available simulation platforms for each subsystem. Finally, the integrated reasoner is to be benchmarked against its capabilities like accuracy and latency. In-house MATLAB-SimScape Model

Electrical Power System
Virtual ADAPT (MATLAB-Simulink) (Sweet, 2008) As it is impossible to capture all the possible faults that can occur in the digital twin, a fault analysis is needed. This will be done by injecting faults into the digital twin and observing the symptom vectors as they emerge. The recorded observations will be treated as evidence to add to the list of known faults that the reasoner can diagnose. Later, when a new fault is injected into any subsystem, for example, the EPS, the corresponding diagnostic module will compare the signatures from the EPS' digital twin and isolate the fault. Note that, the reasoner can identify only the known faults.

Work Performed
To develop the reasoning strategy and to define the scale of the problem, a thought experiment was carried out with reference to a fuel test rig (Yufei Lin, 2017).

Figure 1: Integrated Diagnostic Reasoner for Digital Twin of Aircraft Subsystems
Thought Experiment: A simple mechanical layout from the test rig is chosen to represent the B737 engine-fuel system (Figure 2). The mechanical layer consists of a fuel tank R, a shut off valve V1, a filter F, a motor driven pump P, a flow meter FM and a flow control valve V2. 12-24VDC is provided for the flow meter and the nozzle; 230VAC is supplied to the motor to drive the pump. The local control system (dotted lines) controls the pump speed N, the valve positions and the flow Q through the flowmeter. Faults considered: With the above-mentioned setup, for a constant flow Q, the following mechanical and electrical faults are planned: 1) Clogged filter (Mechanical), 2) Pipe leak (Mechanical) 3) Gear tooth broken in the pump (Mechanical) 4) No electrical supply to the pump (Electrical), 5) Clogged nozzle (mechanical) and 6) No electrical supply to the nozzle (Electrical). The minimum set of pressure sensors (S1, S2, S3, and S4) and laser sensor (LS) to monitor the health, are considered. Assumptions: To run the experiment, the following assumptions are made initially and can be relaxed at the later stage of modeling. 1) The control system is assumed to be 100% healthy. 2) Only single faults are considered 3) study the signature of all fault modes at steady state, and 4) Sensors are always healthy. Observation and Analysis: The fuel rig is to be run in a healthy condition and a range of degradation states to observe the threshold of all monitored parameters. A symptom vector matrix will be developed, by comparing the data from sensors during the fault modes with the threshold values.
With these fault signatures recorded, the reasoner will generate hypotheses based on the unique combination of signatures to isolate the faults.
As fault signatures for some electrical faults can be similar to mechanical faults, the necessity for a reasoner is highlighted to isolate such ambiguous set of faults.

Remaining Work
Currently, the research is focused on developing diagnostic reasoner for the existing fuel rig. More components will be added to the mechanical layout to achieve sufficient complexity and reasoning strategy will be updated accordingly. Once the layout is finalized, experiments will be carried out for Hardware in the Loop (HIL). Later, the digital twins for the PS, the EPS, and the ECS will be developed, along with their own diagnostic modules; all the reasoners will be integrated to the reasoning system at the vehicle level. Validation will be carried out during the development stage of each module and benchmarking of the reasoning system will be the final step of this research.