Google’s Security Conference/Journal ranking 2018

As a follow up to the three previous posts on the topic, here is the version with the newly released 2018 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. Google also now added a “Classic Papers” category for papers ( link)—but there was essentially nothing in that which I recognized. This list of Normalized Top-100 Security Papers seems to be much more appropriate.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. ACM Symposium on Computer and Communications Security (77)
  2. IEEE Symposium on Security and Privacy (74)
  3. IEEE Transactions on Information Forensics and Security (73)
  4. USENIX Conference on Security (70)
  5. International Conference on Cryptology (CRYPTO) (62, +1 position)
  6. Network and Distributed System Security Symposium (NDSS) (60,-1 position)
  7. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (53)
  8. Computers & Security (48)
  9. IEEE Transactions on Dependable and Secure Computing (40)
  10. International Conference on Financial Cryptography and Data Security (37, +1 position)
  11. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (37, -1 position)
  12. Workshop on Cryptographic Hardware and Embedded Systems (CHES) (36, +1 position)
  13. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (36, +1 position)
  14. Theory of cryptography (34, -2 positions)
  15. Symposium On Usable Privacy and Security (31)
  16. IEEE Security & Privacy (31)
  17. International Conference on Practice and Theory in Public Key Cryptography (29)
  18. Journal of Cryptology (29)
  19. Fast Software Encryption (FSE) (29)
  20. Security and Communication Networks (29)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Conference of the IEEE Computer and Communications Societies (INFOCOM) (76, -4)
  2. Computer Networks (58)
  3. Annual International Conference on Mobile computing and networking (Mobicom) (49, +1 position)
  4. International Conference on Mobile systems, applications, and services (MOBISYS) (45, -1 position)
  5. International Conference on Dependable Systems and Networks (DSN) (33)
  6. ACM Symposium on Applied Computing (SAC) (30, but only small security track)
  7. Annual Computer Security Applications Conference (ACSAC) (28)
  8. European Conference on Research in Computer Security (ESORICS) (28)
  9. ACM conference on Data and Application Security and Privacy (CODASPY) (28)
  10. International Conference on Cyber-Physical Systems (ICCPS) (25)
  11. IEEE Computer Security Foundations Symposium (CSF) (24)
  12. Wireless Network Security (WISEC) (22)
  13. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (20)
  14. International Conference on Availability, Reliability and Security (ARES) (19)
  15. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (16)
  16. Network and Systems Security (NSS) (16)
  17. Conference on Cryptology and Network Security (CANS) (15)
  18. Conference on Security and Privacy in Communication Networks (SecureComm) (13)
  19. IEEE High Assurance Systems Engineering Symposium, (HASE) (12)
  20. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (CPSCom) (11)
  21. Conference on Formal Engineering Methods (ICFEM) (11)

There are some interesting observations I made from the ranking (updated from last iteration):

  1. The h5 index of the top venues increased by about 5-9 points, without major changes in order (Crypto and NDSS swapped places). For these tier 1 venues, this is definitely expected, as the number of submissions/accepted papers has increased significantly in the last 5 years.
  2. Financial Cryptography and Data Security only increased the h5 by 1, after steep rise in the year before.
  3. ArXiv is not on Google’s list any more (I assume due to lack of peer review).
  4. The list was extended to 20 venues now.
  5. 8 of the top 20 venues have a strong crypto focus, further limiting the options for general security papers to be published at.
  6. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 10 venues, this is between 60 and 130 (+20 compared to last year), for top 10-20 between 45 and 60 (like last year).
  7. Clearly, for h5 it helps to accept more papers (see Infocom rank, the journals on the list, CCS’s rising score). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).

See also: aminer conference ranking, CORE2014 conference ranking

Nils Ole Tippenhauer
Nils Ole Tippenhauer

I am interested in information security aspects of practical systems. In particular, I am currently working on security of industrial control systems and the Industrial Internet of Things.