Google’s Security Conference/Journal ranking 2020

As a follow up to the five previous posts on the topic, here is the version with the newly released 2020 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. Konrad Rieck’s list of Normalized Top-100 Security Papers provides a great alternative ranking of important classic papers in the field.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. ACM Symposium on Computer and Communications Security (88, +6)
  2. IEEE Transactions on Information Forensics and Security (86, +6 and +1 position)
  3. USENIX Conference on Security (80, -1 position)
  4. IEEE Symposium on Security and Privacy (S&P) (74)
  5. Network and Distributed System Security Symposium (NDSS) (71, +6)
  6. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (61, +5)
  7. Computers & Security (59, +9 and +1 position)
  8. IEEE Transactions on Dependable and Secure Computing (54, +7)
  9. International Conference on Cryptology (CRYPTO) (52, -2 positions)
  10. International Conference on Financial Cryptography and Data Security (46)
  11. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (42)
  12. Security and Communication Networks (40, +1 position)
  13. Theory of cryptography (38)
  14. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (37)
  15. Proceedings on Privacy Enhancing Technologies (PETS) (35, new in the list)
  16. IEEE European Symposium on Security and Privacy (EuroSNP) (34, +8, new in top 20)
  17. Designs, Codes and Cryptography (34)
  18. European Conference on Research in Computer Security (ESORICS) (34)
  19. IEEE Security & Privacy (31)
  20. Journal of Information Security and Applications (31, new in list)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Conference of the IEEE Computer and Communications Societies (INFOCOM) (72)
  2. Computer Networks (56)
  3. Annual International Conference on Mobile computing and networking (Mobicom) (48)
  4. International Conference on Mobile systems, applications, and services (MOBISYS) (44)
  5. International Conference on Dependable Systems and Networks (DSN) (32)
  6. ACM Symposium on Applied Computing (SAC) (30, but only small security track)
  7. Symposium On Usable Privacy and Security (SOUPS) (29)
  8. Annual Computer Security Applications Conference (ACSAC) (29)
  9. International Conference on Practice and Theory in Public Key Cryptography (29)
  10. IEEE Computer Security Foundations Symposium (CSF) (29)
  11. ACM conference on Data and Application Security and Privacy (CODASPY) (28)
  12. Journal of Cryptology (28)
  13. International Conference on Cyber-Physical Systems (ICCPS) (26)
  14. International Conference on Availability, Reliability and Security (ARES) (24)
  15. Wireless Network Security (WISEC) (23)
  16. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (22)
  17. Applied Cryptography and Network Security (ACNS) (21)
  18. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (CPSCom) (20)
  19. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (17)
  20. IEEE High Assurance Systems Engineering Symposium, (HASE) (16)
  21. Conference on Cryptology and Network Security (CANS) (14)
  22. Network and Systems Security (NSS) (13)
  23. Conference on Formal Engineering Methods (ICFEM) (13)
  24. Conference on Security and Privacy in Communication Networks (SecureComm) (12)

There are some interesting observations I made from the ranking (updated from last iteration):

  1. The h5 index of the top venues increased by about 5-9 points, without major changes in order (TIFS rose to position 2). For these tier 1 venues, this is definitely expected, as the number of submissions/accepted papers has increased significantly in the last 10 years.
  2. Our ProfilIoT paper at SAC'17 (which was only accepted as a poster!) is already the second most cited paper in the conference’s last 5 years. I expect it could end up on spot #1 next year (only 1 citation away), as no other recent paper comes close.
  3. CHES is not listed by Google metrics at all any more, not sure why
  4. EuroSNP continues to rise quickly (+8), and has now surpassed ESORICS. It was started in ‘16 with great papers such as Papernot et al.
  5. 5 of the top 20 venues have a strong crypto focus, further limiting the options for general security papers to be published at.
  6. 8 out of the top 20 venues are journals, which are generally considered to be less competitive/good than tier 1 conferences by many system security researchers.
  7. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 10 venues, this is between 70 and 140 (+10 compared to last year), for top 10-20 between 40 and 60 (same as last last year).
  8. Clearly, for h5 it helps to accept more papers (see Infocom rank, the journals on the list, CCS’s dominance). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).
  9. I’m not a big fan of CORE ranking. Based on the h5 metric, I would consider conferences/venues with h5 >= 50 as tier 1, conferences with h5 >= 30 as tier 2, and conferences with h5 >= 20 as tier 3. This would put RAID and WiSec still in tier 3, but for example ASIACCS clearly in tier 2 (CORE rank: B). Such a classification disadvantages niche topics, of course.
  10. also provides interesting analysis by topics in tier-1 security papers (unfortunately, only until 2015).

See also: aminer conference ranking, CORE2020 conference ranking, Jianying Zhou’s ranking, Guofei Gu’s ranking

Nils Ole Tippenhauer
Nils Ole Tippenhauer

I am interested in information security aspects of practical systems. In particular, I am currently working on security of industrial control systems and the Industrial Internet of Things.