Google’s Security Conference/Journal ranking 2019

As a follow up to the four previous posts on the topic, here is the version with the newly released 2019 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. This list of Normalized Top-100 Security Papers provides a great alternative ranking of important classic papers in the field.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. ACM Symposium on Computer and Communications Security (82)
  2. USENIX Conference on Security (81, +2 positions)
  3. IEEE Transactions on Information Forensics and Security (78)
  4. IEEE Symposium on Security and Privacy (72, -2 positions)
  5. Network and Distributed System Security Symposium (NDSS) (65, +1 position)
  6. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (56, +1 position)
  7. International Conference on Cryptology (CRYPTO) (53, -2 positions)
  8. Computers & Security (50)
  9. IEEE Transactions on Dependable and Secure Computing (47)
  10. International Conference on Financial Cryptography and Data Security (43)
  11. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (40)
  12. Theory of cryptography (37, +2 positions)
  13. Conference on Cryptographic Hardware and Embedded Systems (CHES) (36, -1 position)
  14. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (35), -1 position
  15. Security and Communication Networks (35, +5 positions)
  16. Designs, Codes and Cryptography (35, new in the list)
  17. IEEE Security & Privacy (32, -1 position)
  18. European Conference on Research in Computer Security (ESORICS) (32, new in the list)
  19. Annual Computer Security Applications Conference (ACSAC) (30, new in the list)
  20. International Conference on Practice and Theory in Public Key Cryptography (30, -2 position)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Conference of the IEEE Computer and Communications Societies (INFOCOM) (74, -2)
  2. Computer Networks (57)
  3. Annual International Conference on Mobile computing and networking (Mobicom) (50)
  4. International Conference on Mobile systems, applications, and services (MOBISYS) (44)
  5. International Conference on Dependable Systems and Networks (DSN) (33)
  6. Symposium On Usable Privacy and Security (28, used to be in top20)
  7. ACM Symposium on Applied Computing (SAC) (28, but only small security track)
  8. ACM conference on Data and Application Security and Privacy (CODASPY) (27)
  9. IEEE Computer Security Foundations Symposium (CSF) (26, +1 position)
  10. Journal of Cryptology (26, used to be in top20)
  11. IEEE European Symposium on Security and Privacy (EuroSNP) (26, new/ first event in'16)
  12. International Conference on Cyber-Physical Systems (ICCPS) (24, -1 position)
  13. Wireless Network Security (WISEC) (23)
  14. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (21)
  15. Applied Cryptography and Network Security (ACNS) (20)
  16. International Conference on Availability, Reliability and Security (ARES) (20)
  17. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (19)
  18. IEEE High Assurance Systems Engineering Symposium, (HASE) (16, +3 positions)
  19. Conference on Cryptology and Network Security (CANS) (15)
  20. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (CPSCom) (15)
  21. Network and Systems Security (NSS) (14)
  22. Conference on Security and Privacy in Communication Networks (SecureComm) (14)
  23. Conference on Formal Engineering Methods (ICFEM) (13)

There are some interesting observations I made from the ranking (updated from last iteration):

  1. The h5 index of the top venues increased by about 5-9 points, without major changes in order (Usenix rose to position 2, S&P lost 2 positions, now position 4). For these tier 1 venues, this is definitely expected, as the number of submissions/accepted papers has increased significantly in the last 5 years.
  2. Usenix Security in particular increased the h5 score by 11, enough to almost reach CCS which was leader of this ranking for years (and has a larger number of accepted papers).
  3. Our ProfilIoT paper at SAC'17 (which was only accepted as a poster!) is already the top 4 cited paper in the conference’s last 5 years. I expect it could end up on spot #1 soon, as no other recent paper comes close.
  4. SOUPS, Journal of Cryptology, and FSE left the top20 (from prior position 15, 18, 19). Fast Software Encryption (FSE) is actually not listed at all any more.
  5. EuroSNP makes its first entry with h5 of 26, impressive given that the first instance was in ‘16. It kicked off with great papers such as Papernot et al.
  6. 7 of the top 20 venues have a strong crypto focus, further limiting the options for general security papers to be published at.
  7. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 10 venues, this is between 60 and 130 (pretty close to last year), for top 10-20 between 39 and 60 (slightly lower than last year).
  8. Clearly, for h5 it helps to accept more papers (see Infocom rank, the journals on the list, CCS’s dominance). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).
  9. Google apparently removed the classic papers listing (which was somewhat useless in my opinion).
  10. I’m not a big fan of CORE ranking. Based on the h5 metric, I would consider conferences/venues with h5 >= 50 as tier 1, conferences with h5 >= 30 as tier 2, and conferences with h5 >= 15 as tier 3. This would put RAID and WiSec still in tier 3, but for example ASIACCS clearly in tier 2 (CORE rank: B).

See also: aminer conference ranking, CORE2018 conference ranking, Guofei Gu’s ranking

Nils Ole Tippenhauer
Nils Ole Tippenhauer

I am interested in information security aspects of practical systems. In particular, I am currently working on security of industrial control systems and the Industrial Internet of Things.