Google’s Security Conference/Journal ranking 2023

As a follow up to the six previous posts on the topic, here is the version with the newly released 2023 metrics data. It provides a ranking of journals and conferences in different fields, and uses the h5 metric, “the number n of papers that were released in the last 5 years, and had at least n citations”. Konrad Rieck’s list of Normalized Top-100 Security Papers provides a great alternative ranking of important classic papers in the field.

Based on the h5 metric, the following ranking for security conferences and journals is generated here:

  1. IEEE Symposium on Security and Privacy (S&P) (98, was 74 in 2020)
  2. IEEE Transactions on Information Forensics and Security (98, was 86 in 2020)
  3. ACM Symposium on Computer and Communications Security (93, was 88 in 2020)
  4. USENIX Conference on Security (92, was 80 in 2020)
  5. Computers & Security (89, was 59 in 2020)
  6. Network and Distributed System Security Symposium (NDSS) (78, was 71 in 2020)
  7. IEEE Transactions on Dependable and Secure Computing (69, was 54 in 2020)
  8. Annual International Conference on Theory and Applications of Cryptographic Techniques (EUROCRYPT) (63, was 61 in 2020)
  9. International Conference on Cryptology (CRYPTO) (59, was 52 in 2020)
  10. Journal of Information Security and Applications (57, was 31 in 2020)
  11. IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) (52, not in list in 2020)
  12. Security and Communication Networks (51, was 40 in 2020)
  13. International Conference on Financial Cryptography and Data Security (46, also 46 in 2020)
  14. IEEE European Symposium on Security and Privacy (EuroSNP) (45, was 34 in 2020)
  15. International Conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT) (42, also 42 in 2020)
  16. Symposium On Usable Privacy and Security (SOUPS) (37, was 29 in 2020)
  17. IEEE Security & Privacy (37, was 31 in 2020)
  18. Theory of cryptography (38)
  19. ACM Symposium on Information, Computer and Communications Security (ASIACCS) (37)
  20. Proceedings on Privacy Enhancing Technologies (PETS) (35, new in the list)
  21. Annual Computer Security Applications Conference (ACSAC) (36, was 29 in 2020)
  22. Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (35, new in list)

Some other honourable mentions where I published before, am involved, or consider submitting:

  1. Computer Networks (87, was 56 in 2020)
  2. Conference of the IEEE Computer and Communications Societies (INFOCOM) (80, was 72 in 2020)
  3. Annual International Conference on Mobile computing and networking (Mobicom) (51, was 48 in 2020)
  4. International Conference on Mobile systems, applications, and services (MOBISYS) (39, was 44 in 2020)
  5. International Conference on Dependable Systems and Networks (DSN) (37, was 32 in 2020)
  6. ACM Symposium on Applied Computing (SAC) (36, but only small security track, was 30 in 2020)
  7. IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing ( CPSCom) (35, 20 in 2020)
  8. International Conference on Availability, Reliability and Security (ARES) (32, 24 in 2020)
  9. International Conference on Practice and Theory in Public Key Cryptography (31, 29 in 2020)
  10. European Conference on Research in Computer Security (ESORICS) (28, was 34 in 2020)
  11. Journal of Cryptology (31, 28 in 2020)
  12. IEEE Computer Security Foundations Symposium (CSF) (can’t find numbers for 2023, 29 in 2020)
  13. Symposium on Research in Attacks, Intrusions and Defenses (RAID) (28, 22 in 2020)
  14. Applied Cryptography and Network Security (ACNS) (27, 21 in 2020)
  15. ACM conference on Data and Application Security and Privacy (CODASPY) (25, was 28 in 2020)
  16. International Conference on Cyber-Physical Systems (ICCPS) (25, 26 in 2020)
  17. Wireless Network Security (WISEC) (25, 23 in 2020)
  18. Conference on Security and Privacy in Communication Networks (SecureComm) (18, was 12 in 2020)
  19. IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection (IFIP Sec) (17, same as 2020)
  20. IEEE High Assurance Systems Engineering Symposium, (HASE) (cant’ find in 2023, 16 in 2020)
  21. Conference on Cryptology and Network Security (CANS) (16, 14 in 2020)
  22. Network and Systems Security (NSS) (13 same as 2020)
  23. Conference on Formal Engineering Methods (ICFEM) (12, was 13 in 2020)

There are some interesting observations I made from the ranking (updated from last iteration 3 years ago):

  1. The h5 index of the top venues increased by about 5-9 points, most importantly S&P gained incredible 24 scores and rose to position 1.
  2. Journals such as TIFS, C&S, TDSC improved a lot, with C&S gaining 30 scores!
  3. Our ProfilIoT paper at SAC'17 (which was only accepted as a poster!) did indeed end up on #1 in the h5 index in 2020.
  4. EuroSNP continues to rise quickly, and has now by far surpassed ESORICS. It was started in ‘16 with great papers such as Papernot et al.
  5. 5 of the top 20 venues have a strong crypto focus, further limiting the options for general security papers to be published at.
  6. 7 out of the top 20 venues are journals, which are generally considered to be less competitive/good than tier 1 conferences by many system security researchers. Their metrics are getting pretty good though.
  7. Google also publishes a h5-median score, which indicates the median citation count of the publications included in the h5 computation. This somewhat gives a nice indication on how many citations you could expect for your publications in the conference, after five years. For the top 9 venues, this is between 90 and 152 (+10 compared to 2020), for top 10-15 between 60 and 80 (a bit better than 2020).
  8. Clearly, for h5 it helps to accept more papers (see Infocom rank, the journals on the list). It would be great to award selectivity somehow, for example by dividing by number of accepted papers. Unfortunately, that information is not directly available (see here).
  9. I’m not a big fan of CORE ranking. Based on the h5 metric, I would consider conferences/venues with h5 >= 50 as tier 1, conferences with h5 >= 30 as tier 2, and conferences with h5 >= 20 as tier 3. This would put RAID and WiSec still in tier 3, but for example ASIACCS clearly in tier 2. Such a classification disadvantages niche topics, of course.
  10. also provides interesting analysis by topics in tier-1 security papers (unfortunately, only until 2015).

See also: aminer conference ranking, CORE2021 conference ranking, Jianying Zhou’s ranking, Guofei Gu’s ranking

Nils Ole Tippenhauer
Nils Ole Tippenhauer

I am interested in information security aspects of practical systems. In particular, I am currently working on security of industrial control systems and the Industrial Internet of Things.