Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Daoquan Li,Xueqing Dong,Jie Gao,Keyong Hu

DOI: https://doi.org/10.1109/access.2023.3289200

IF: 3.9

2023-01-01

IEEE Access

Abstract:Abnormal traffic detection is critical to network security and quality of service. However, the similarity of features and the single dimension of the detection model cause great difficulties for abnormal traffic detection, and thus a big-step convolutional neural network traffic detection model based on the attention mechanism is proposed. Firstly, the network traffic characteristics are analyzed and the raw traffic is preprocessed and mapped into a two-dimensional grayscale image. Then, multi-channel grayscale images are generated by histogram equalization, and an attention mechanism is introduced to assign different weights to traffic features to enhance local features. Finally, pooling-free convolutional neural networks are combined to extract traffic features of different depths, thus improving the defects such as local feature omission and overfitting in convolutional neural networks. The simulation experiment was carried out in a balanced public data set and an actual data set. Using the commonly used algorithm SVM as a baseline, the proposed model is compared with ANN, CNN, RF, Bayes and two latest models. Experimentally, the accuracy rate with multiple classifications is 99.5%. The proposed model has the best anomaly detection. And the proposed method outperforms other models in precision, recall, and F1. It is demonstrated that the model is not only efficient in detection, but also robust and robust to different complex environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ping Zhao,Zhijie Fan,Zhiwei Cao,Xin Li

DOI: https://doi.org/10.4018/IJISP.290832

2022-01-01

International Journal of Information Security and Privacy

Abstract:In order to improve the ability to detect network attacks, traditional intrusion detection models often used convolutional neural networks to encode spatial information or recurrent neural networks to obtain temporal features of the data. Some models combined the two methods to extract spatio-temporal features. However, these approaches used separate models and learned features insufficiently. This paper presented an improved model based on temporal convolutional networks (TCN) and attention mechanism. The causal and dilation convolution can capture the spatio-temporal dependencies of the data. The residual blocks allow the network to transfer information in a cross-layered manner, enabling in-depth network learning. Meanwhile, attention mechanism can enhance the model's attention to the relevant anomalous features of different attacks. Finally, this paper compared models results on the KDD CUP99 and UNSW-NB15 datasets. The authors apply the model to video surveillance network attack detection scenarios. The result shows that the model has advantages in evaluation metrics.

Shi Dong,Yuanjun Xia,Tao Peng

DOI: https://doi.org/10.1109/tnsm.2021.3120804

2021-12-01

IEEE Transactions on Network and Service Management

Abstract:The rapid development of Internet technology has brought great convenience to our production life, and the ensuing security problems have become increasingly prominent. These problems threaten users' privacy and pose significant security risks to the normal conduct of many aspects of society, such as politics, economy, culture, and people's livelihood. The growth of the information transmission rate expands the scope of attacks and provides a more attack environment for intruders. Abnormal detection is an effective security protection technology that can monitor network transmission in real-time, effectively sense external attacks, and provide response decisions for relevant managers. The development of machine learning has also led to the development of abnormal traffic detection technology. The goal has been to use powerful and fast learning algorithms to deal with changing threats and respond in real-time. Most of the current abnormal detection research is based on simulation, using public and well-known datasets. On the one hand, the dataset contains high-dimensional massive data, which traditional machine learning methods cannot be processed. On the other hand, the labeled data scale is far behind the application requirements, and the dataset's labels are all manually labeled, so the labeling cost is exceptionally high. This paper proposes a semi-supervised Double Deep Q-Network (SSDDQN)-based optimization method for network abnormal traffic detection, mainly based on Double Deep Q-Network (DDQN), a representative of Deep Reinforcement Learning algorithm. In SSDDQN, the current network first adopts the autoencoder to reconstruct the traffic features and then uses a deep neural network as a classifier. The target network first uses the unsupervised learning algorithm K-Means clustering and then uses deep neural network prediction. The experiment uses NSL-KDD and AWID datasets for training and testing and -erforms a comprehensive comparison with existing machine learning models. The experimental results show that SSDDQN has certain advantages in time complexity and achieved good results in various evaluation metrics.

computer science, information systems

Tingting Su,Jia Wang,Wei Hu,Gaoqiang Dong,Jeon Gwanggil

DOI: https://doi.org/10.32604/cmc.2024.051535

2024-01-01

Abstract:Along with the progression of Internet of Things (IoT) technology, network terminals are becoming continuously more intelligent. IoT has been widely applied in various scenarios, including urban infrastructure, transportation, industry, personal life, and other socio-economic fields. The introduction of deep learning has brought new security challenges, like an increment in abnormal traffic, which threatens network security. Insufficient feature extraction leads to less accurate classification results. In abnormal traffic detection, the data of network traffic is high-dimensional and complex. This data not only increases the computational burden of model training but also makes information extraction more difficult. To address these issues, this paper proposes an MD-MRD-ResNeXt model for abnormal network traffic detection. To fully utilize the multi-scale information in network traffic, a Multi-scale Dilated feature extraction (MD) block is introduced. This module can effectively understand and process information at various scales and uses dilated convolution technology to significantly broaden the model’s receptive field. The proposed Max-feature-map Residual with Dual-channel pooling (MRD) block integrates the maximum feature map with the residual block. This module ensures the model focuses on key information, thereby optimizing computational efficiency and reducing unnecessary information redundancy. Experimental results show that compared to the latest methods, the proposed abnormal traffic detection model improves accuracy by about 2%.

Jay Sinha,M. Manollas

DOI: https://doi.org/10.1145/3430199.3430224

2020-06-26

Abstract:The need for Network Intrusion Detection systems has risen since usage of cloud technologies has become mainstream. With the ever growing network traffic, Network Intrusion Detection is a critical part of network security and a very efficient NIDS is a must, given new variety of attack arises frequently. These Intrusion Detection systems are built on either a pattern matching system or AI/ML based anomaly detection system. Pattern matching methods usually have a high False Positive Rates whereas the AI/ML based method, relies on finding metric/feature or correlation between set of metrics/features to predict the possibility of an attack. The most common of these is KNN, SVM etc., operate on a limited set of features and have less accuracy and still suffer from higher False Positive Rates. In this paper, we propose a deep learning model combining the distinct strengths of a Convolutional Neural Network and a Bi-directional LSTM to incorporate learning of spatial and temporal features of the data. For this paper, we use publicly available datasets NSL-KDD and UNSW-NB15 to train and test the model. The proposed model offers a high detection rate and comparatively lower False Positive Rate. The proposed model performs better than many state-of-the-art Network Intrusion Detection systems leveraging Machine Learning/Deep Learning models.

Yangyang Song,Nurbol Luktarhan,Zhaolei Shi,Haojie Wu

DOI: https://doi.org/10.3390/electronics12132849

IF: 2.9

2023-06-28

Electronics

Abstract:With the increasing complexity of the network environment, the types of network attacks are gradually increasing. Network intrusion detection systems can detect and identify network attacks effectively. However, the existing methods have some limitations, focusing only on local or global temporal features of network traffic. To address the above issues, we present a novel network intrusion detection model (TGA) based on Temporal Convolutional Network (TCN), Bidirectional Gated Recurrent Unit (BiGRU), and self-attention mechanism. TCN extracts local temporal information from network traffic sequences, while BiGRU extracts global temporal information from network traffic sequences. However, TCN and BiGRU do not consider the weights of features when extracting them, so an attention mechanism is added. The feature vectors obtained in TCN and BiGRU are fused and then input into the self-attention mechanism to capture the correlation between different positions in the sequence and reassign the weights of the temporal features to further enhance the model's capabilities. Lastly, it is delivered to the classifier to classify different network traffic classes. Our method achieves 97.83% accuracy on the public CSE-CIC-IDS2018 dataset. After extensive experiments, our idea proved to be reasonable and practical.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhipeng Li,Zheng Qin,Pengbo Shen,Liu Jiang

DOI: https://doi.org/10.1007/978-3-030-36808-1_19

2019-01-01

Abstract:Intrusion detection system is an important network security facility. With the fast development of information technology, the information security is getting more serious. On the other side, making the IT equipment more intelligent via AI methods becomes a research hotpot. Recent studies show that temporal convolutional networks can outperform recurrent networks and convolutional architectures in sequence modeling problems. In this work, we propose a data processing method for intrusion detection. We conduct a systematic evaluation of temporal convolutional networks for intrusion detection with NSL_KDD data set. Compared with other standard baseline machine learning methods and some advanced deep learning architectures, the proposed model gives a promising performance in different level tests. With limited computational cost, TCN model converges fast and shows good performance. The proposed model can be easily adjusted to raw inputs and can be extended to large-scale online applications.

Tamilselvan Arjunan

DOI: https://doi.org/10.22214/ijraset.2024.58946

2024-03-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In light of the increasing sophistication of cyberattacks and the rapid growth in network traffic, it is essential to detect network traffic anomalies or intrusions as they occur. Manual inspection is inefficient due to the large volume, speed, and variety network traffic data. This paper suggests using deep learning techniques in order to build intelligent models which can detect network traffic anomalies automatically within big data environments. We present a framework for anomaly detection using long-short-term memory models (LSTM) and convolutional neural network (CNN). The models are based on data extracted from packet captures. The models are evaluated on benchmark intrusion datasets as well as a large scale real network traffic dataset. The results show that deep learning models are able to detect anomalies more effectively than traditional shallow learning methods. Models can handle high-volume streaming data with low latency and in real time. To improve detection efficiency, we also propose optimization methods such as model compression and transfer learning. This work shows the effectiveness of deep learning for real-time anomaly detection within big data environments

Chengpeng Yao,Yu Yang,Jinwei Yang,Kun Yin

DOI: https://doi.org/10.1155/2022/7513717

IF: 1.43

2022-10-06

Mathematical Problems in Engineering

Abstract:The rapid development of information technology has brought much convenience to human life, but more network threats have also come one after another. Network security situation prediction technology is an effective means to protect against network threats. Currently, the network environment is characterized by high data traffic and complex features, making it difficult to maintain the accuracy of the situation prediction. In this study, a network security situation prediction model based on attention mechanism (AM) improved temporal convolutional network (ATCN) combined with bidirectional long short-term memory (BiDLSTM) network is proposed. The TCN is improved by AM to extract the input temporal features, which has a more stable feature extraction capability compared with the traditional TCN and BiDLSTM, which is more capable of processing temporal data, and is used to perform the situation prediction. Finally, by validating on a real network traffic dataset, the proposed method has better performance on multiple loss functions and has more accurate and stable prediction results than TCN, BiDLSTM, TCN-LSTM, and other time-series prediction methods.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Zhihua Liu,Shengquan Liu,Jian Zhang

DOI: https://doi.org/10.32604/cmc.2023.046237

2024-01-01

Abstract:Network intrusion detection systems (NIDS) based on deep learning have continued to make significant advances. However, the following challenges remain: on the one hand, simply applying only Temporal Convolutional Networks (TCNs) can lead to models that ignore the impact of network traffic features at different scales on the detection performance. On the other hand, some intrusion detection methods consider multi-scale information of traffic data, but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features. To address both of these issues, we propose a hybrid Convolutional Neural Network that supports a multi-output strategy (BONUS) for industrial internet intrusion detection. First, we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic. Meanwhile, we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic. In addition, we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch. Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%, respectively, which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.

computer science, information systems,materials science, multidisciplinary

Zhiyuan Li,Xiaoping Xu

DOI: https://doi.org/10.1016/j.comnet.2024.110298

IF: 5.493

2024-03-02

Computer Networks

Abstract:Identifying various types of Internet applications is a key issue for network management. Traffic classification is one of the important technologies for identifying Internet applications traffic. However, some secure technologies such as protocol encryption, information hiding, and traffic obfuscation pose new challenges to traffic identification and classification, especially in feature extraction. In addition, multi-classification has always been a difficult problem in traffic classification research. This paper proposes a spatio-temporal features fusion-based multi-classification model, named as L2-BiTCN-CNN. Our approach combines bidirectional temporal convolutional network (TCN) and convolutional neural network (CNN) to create an enhanced model. The L2-BiTCN model utilizes a bidirectional approach to learn both forward and backward sequence features of traffic, with a focus on the hierarchical structure of network traffic known as "byte-packet-session flow". To fully extract timing characteristics between adjacent bytes and packets, this model incorporates attention mechanisms for both "byte hierarchy" and "packet hierarchy". Filters of various sizes are utilizes in the CNN stage to capture packet features of different ranges. The spatial features of the packets are then obtained through two convolution and average pooling processes. The results of the experiments provide evidence of the effectiveness and superiority of our approach. Our model achieved an impressive overall accuracy of 99.839% and 97.186% in two public available datasets, namely USTC-TFC2016 and ISCX VPN-nonVPN2016, respectively. It outperforms the state-of-the-art models in terms of classification performance, which suggests that the model has the potential to be a valuable tool in various applications that require high accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Xisong Chen,Kaihong Yan,Tao Fu,Jin Zhang,D. Niu,Li Wang

DOI: https://doi.org/10.1109/CAC51589.2020.9327030

2020-11-06

Abstract:With the rapid development of information network, network security is becoming more and more important. Intrusion detection is an important component of the network security system. The traditional signature-based matching detection method is difficult to cope with the increasingly complex network environment. On the contrary, anomaly detection which is based on network traffic pattern analysis has obvious advantages in dealing with encryption attacks, zero-day attacks and other new attacks. This paper studies the network traffic anomaly detection, and proposes a traffic anomaly detection model which combines convolution neural network and eXtreme Gradient Boosting algorithm. First, the collected traffic data is preprocessed into appropriate format that meets the input requirements of the model. Then the improved LeNet-5 convolution neural network is used for feature learning, and finally XGBoost algorithm is used to classify the learning features. Experimental results show that the proposed network traffic anomaly detection method based on CNN and XGBoost has a high accuracy, and good experimental results have been achieved in both two- classification and multi-classification.

Computer Science

Xuecheng Yu,Yan Huang,Yu Zhang,Mingyang Song,Zhenhong Jia

DOI: https://doi.org/10.32604/cmc.2023.044999

2024-01-01

Abstract:With the increasing dimensionality of network traffic, extracting effective traffic features and improving the identification accuracy of different intrusion traffic have become critical in intrusion detection systems (IDS). However, both unsupervised and semisupervised anomalous traffic detection methods suffer from the drawback of ignoring potential correlations between features, resulting in an analysis that is not an optimal set. Therefore, in order to extract more representative traffic features as well as to improve the accuracy of traffic identification, this paper proposes a feature dimensionality reduction method combining principal component analysis and Hotelling’s T2 and a multilayer convolutional bidirectional long short-term memory (MSC_BiLSTM) classifier model for network traffic intrusion detection. This method reduces the parameters and redundancy of the model by feature extraction and extracts the dependent features between the data by a bidirectional long short-term memory (BiLSTM) network, which fully considers the influence between the before and after features. The network traffic is first characteristically downscaled by principal component analysis (PCA), and then the downscaled principal components are used as input to Hotelling’s T2 to compare the differences between groups. For datasets with outliers, Hotelling’s T2 can help identify the groups where the outliers are located and quantitatively measure the extent of the outliers. Finally, a multilayer convolutional neural network and a BiLSTM network are used to extract the spatial and temporal features of network traffic data. The empirical consequences exhibit that the suggested approach in this manuscript attains superior outcomes in precision, recall and F1-score juxtaposed with the prevailing techniques. The results show that the intrusion detection accuracy, precision, and F1-score of the proposed MSC_BiLSTM model for the CIC-IDS 2017 dataset are 98.71%, 95.97%, and 90.22%.

computer science, information systems,materials science, multidisciplinary

Zehui Li,Zhijie Xiang,Weijia Gong,Hong Wang

DOI: https://doi.org/10.1007/s10489-021-02559-0

IF: 5.3

2021-07-01

Applied Intelligence

Abstract:Time-series anomaly detection utilizing deep learning methods is widely used in fraud detection, network intrusion detection, and medical anomaly detection. Most deep learning methods exclusively focus on models based on recurrent neural networks (RNNs), such as long short-term memory (LSTM) or gated recurring units (GRUs), rather than on models based on convolutional neural networks (CNNs) or integrated ones. Inspired by the success of CNN-based models in many scenarios, we propose a single model that can be used for detecting both collective and point anomalies using stacked temporal convolution networks (CPA-TCN). Compared with state-of-the-art models, the CPA-TCN model boasts the following advantages. First, the CPA-TCN model reconstructs sequential features with current inputs and historical features and is only trained on normal datasets. Second, the CPA-TCN model outperforms RNN-based models in terms of speed and accuracy across diverse tasks and datasets and demonstrates more effective memory. Third, the CPA-TCN model can effectively detect both collective and point anomalies by detecting point anomalies before collective anomalies, overcoming the shortcomings of models that can either detect point or collective anomalies. Fourth, the two-part anomaly detection module can significantly improve the accuracy of point anomaly detection. Extensive experiments on real-world datasets demonstrate that our CPA-TCN model achieves better prediction results with the ROC-AUC of 98%–99% compared to state-of-the-art methods and thus has a competitive advantage.

computer science, artificial intelligence

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jingqi Zhang,Xin Zhang,Zhaojun Liu,Fa Fu,Yihan Jiao,Fei Xu

DOI: https://doi.org/10.3390/electronics12194170

IF: 2.9

2023-10-09

Electronics

Abstract:A network intrusion detection tool can identify and detect potential malicious activities or attacks by monitoring network traffic and system logs. The data within intrusion detection networks possesses characteristics that include a high degree of feature dimension and an unbalanced distribution across categories. Currently, the actual detection accuracy of some detection models is relatively low. To solve these problems, we propose a network intrusion detection model based on multi-head attention and BiLSTM (Bidirectional Long Short-Term Memory), which can introduce different attention weights for each vector in the feature vector that strengthen the relationship between some vectors and the detection attack type. The model also utilizes the advantage that BiLSTM can capture long-distance dependency relationships to obtain a higher detection accuracy. This model combined the advantages of the two models, adding a dropout layer between the two models to improve the detection accuracy while preventing training overfitting. Through experimental analysis, the network intrusion detection model that utilizes multi-head attention and BilSTM achieved an accuracy of 98.29%, 95.19%, and 99.08% on the KDDCUP99, NSLKDD, and CICIDS2017 datasets, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiaoyong Zhao,Chengjin Huang,Lei Wang

DOI: https://doi.org/10.3390/biomimetics9100615

2024-10-10

Abstract:In recent years, deep learning-based approaches, particularly those leveraging the Transformer architecture, have garnered widespread attention for network traffic anomaly detection. However, when dealing with noisy data sets, directly inputting network traffic sequences into Transformer networks often significantly degrades detection performance due to interference and noise across dimensions. In this paper, we propose a novel multi-channel network traffic anomaly detection model, MTC-Net, which reduces computational complexity and enhances the model's ability to capture long-distance dependencies. This is achieved by decomposing network traffic sequences into multiple unidimensional time sequences and introducing a patch-based strategy that enables each sub-sequence to retain local semantic information. A backbone network combining Transformer and CNN is employed to capture complex patterns, with information from all channels being fused at the final classification header in order to achieve modelling and detection of complex network traffic patterns. The experimental results demonstrate that MTC-Net outperforms existing state-of-the-art methods in several evaluation metrics, including accuracy, precision, recall, and F1 score, on four publicly available data sets: KDD Cup 99, NSL-KDD, UNSW-NB15, and CIC-IDS2017.

Yunyun Zhao,Hongwei Jia,Haiyong Luo,Fang Zhao,Yanjun Qin,Yueyue Wang

DOI: https://doi.org/10.1002/int.22842

IF: 8.993

2022-02-08

International Journal of Intelligent Systems

Abstract:Most traffic accidents are caused by bad driving habits. Online monitoring of the abnormal driving behaviors of drivers can help reduce traffic accidents. Recently, abnormal driving behavior recognition based on the sensors' data embedded in commodity smartphones has attracted much attention. Though much progress has been made about driving behavior recognition, the existing works cannot achieve high recognition accuracy and show poor robustness. To improve the driving behaviors recognition accuracy and robustness, we propose an algorithm based on Soft Thresholding and Temporal Convolutional Network (S‐TCN) for driving behavior recognition. In this algorithm, we first introduce a soft attention mechanism to learn the importance of different sensors. The TCN has the advantages of small memory requirement and high computational efficiency. And the soft thresholding can further filter the redundant features and extract the main features. So, we fuse the TCN and soft thresholding to improve the model's stability and accuracy. Our proposed model is extensively evaluated on four real public data sets. The experimental results show that our proposed model outperforms best state‐of‐the‐art baselines by 2.24%.